Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

set permissions script

Posted on 2012-03-26
10
498 Views
Last Modified: 2012-06-21
I am running Server 2008R2 with windows 7 clients.
I need to run a script from a GPO to do the following:

Check if C:\update\alldone.txt exists if so script the end (using as a kind of runonce)
Change permissions on a folder located in C:\Users\Default\folder1 from everyone read to everyone full control
Delete a file called appk.ini contained in the folder
Create a text file called alldone.txt in C:\update

I have a basic knowledge of powershell and can do most of the above with a .bat  file but really wanted to use powershell as I am trying to move away from bat files
0
Comment
Question by:Dead_Eyes
  • 5
  • 3
  • 2
10 Comments
 
LVL 42

Expert Comment

by:sedgwick
ID: 37766248
change the "username" parameter passed to filesystemaccessrule:


if (Test-Path "C:\update\alldone.txt") {
	return
}
else { 
	$Acl = Get-Acl "C:\Users\Default\folder1"
	$Ar = New-Object  system.security.accesscontrol.filesystemaccessrule("username","FullControl","Allow")
	$Acl.SetAccessRule($Ar)
	Set-Acl "C:\Users\Default\folder1" $Acl
	
	$inifile = "C:\Users\Default\folder1\appk.ini"
	if (Test-Path $inifile) {
		Remove-Item $inifile
	}
	
	New-Item "C:\update\alldone.txt" -type file
}

Open in new window

0
 
LVL 10

Expert Comment

by:JoeKlimis
ID: 37766311
Hi
I have tested this locally , buyt should work from Group policy

$basefolder = "c:\windows\temp"
$flagfile   = "C:\windows\temp\alldone.txt"
$filematchString = ""



If ($flagfile) { Write-host "Quitting... Already Run" ; Break }

$PermsText = """$basefolder"" /grant Everyone`:(OI)(CI)F"
icacls $Permstext

if (test-path "$basefolder\appk.ini" )  {remove-item -path "$basefolder\appk.ini" -force}

"($(get-date)) All done" | out-file -append -encoding ascii $flagfile 

Open in new window

0
 

Author Comment

by:Dead_Eyes
ID: 37766697
Hi Sedgwick tried to run the script and got the following error, not sure what i did wrong I changed "username" parameter to everyone and changed the name of the file for testing

Security Warning
Run only scripts that you trust. While scripts from the Internet can be useful,
 this script can potentially harm your computer. Do you want to run
C:\testper.ps1?
[D] Do not run  [R] Run once  [S] Suspend  [?] Help (default is "D"): r
Set-Acl : Attempted to perform an unauthorized operation.
At C:\testper.ps1:8 char:9
+     Set-Acl <<<<  "C:\Users\Default\folder1" $Acl
    + CategoryInfo          : PermissionDenied: (C:\Users\Default\folder1:Stri
   ng) [Set-Acl], UnauthorizedAccessException
    + FullyQualifiedErrorId : System.UnauthorizedAccessException,Microsoft.Pow
   erShell.Commands.SetAclCommand



    Directory: C:\NSO


Mode                LastWriteTime     Length Name
----                -------------     ------ ----
-a---        26/03/2012     16:50          0 Citrix.txt


PS C:\>
0
Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

 
LVL 10

Expert Comment

by:JoeKlimis
ID: 37766824
Hi
Did you try my version of the script ?

Joe
0
 

Author Comment

by:Dead_Eyes
ID: 37766906
Just trying give me 20 mins its crazy at work 2day :(
0
 

Author Comment

by:Dead_Eyes
ID: 37766985
Hi Joe not sure I can ajust your script. trying to set the following things for a test

test file to delete: C:\users\default\folder1\appk.ini
file to check before to see if the scipt needs to be run: C:\nso\test.txt
folder to change permissions on: C:\users\default\folder1
0
 

Author Comment

by:Dead_Eyes
ID: 37767037
Tried the following alteration but its not doing anything or giving any error when running :(
$basefolder = "c:\users\default\folder1"
$flagfile   = "C:\NSO\test.txt"
$filematchString = ""



If ($flagfile) { Write-host "Quitting... Already Run" ; Break }

$PermsText = """$basefolder"" /grant Everyone`:(OI)(CI)F"
icacls $Permstext

if (test-path "$basefolder\appk.ini" )  {remove-item -path "$basefolder\appk.ini" -force}

"($(get-date)) All done" | out-file -append -encoding ascii $flagfile
0
 
LVL 10

Expert Comment

by:JoeKlimis
ID: 37768699
if the script did not report errors and run it should , have dont the following

checked it has not run using the flag file
changed the perms on basefolder
deleted any appk.ini files from the basefolder
created a flag file with a date stamp in it


please check to see if any of these happened ?

Joe
0
 
LVL 42

Accepted Solution

by:
sedgwick earned 500 total points
ID: 37770271
try the following:
if (Test-Path "C:\update\alldone.txt") {
	return
}
else { 
C:\WINDOWS\system32\icacls.exe "C:\Users\Default\folder1" /grant "Everyone:(OI)(CI)F"
	
	$inifile = "C:\Users\Default\folder1\appk.ini"
	if (Test-Path $inifile) {
		Remove-Item $inifile
	}
	
	New-Item "C:\update\alldone.txt" -type file
}
                                            

Open in new window

0
 

Author Comment

by:Dead_Eyes
ID: 37770630
Hi Sedgwick, thanks that did it :)
0

Featured Post

Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article explains how to prepare an HTML email signature template file containing dynamic placeholders for users' Azure AD data. Furthermore, it explains how to use this file to remotely set up a department-wide email signature policy in Office …
A procedure for exporting installed hotfix details of remote computers using powershell
This video shows how to quickly and easily add an email signature for all users on Exchange 2016. The resulting signature is applied on a server level by Exchange Online. The email signature template has been downloaded from: www.mail-signatures…

808 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question