Solved

set permissions script

Posted on 2012-03-26
10
495 Views
Last Modified: 2012-06-21
I am running Server 2008R2 with windows 7 clients.
I need to run a script from a GPO to do the following:

Check if C:\update\alldone.txt exists if so script the end (using as a kind of runonce)
Change permissions on a folder located in C:\Users\Default\folder1 from everyone read to everyone full control
Delete a file called appk.ini contained in the folder
Create a text file called alldone.txt in C:\update

I have a basic knowledge of powershell and can do most of the above with a .bat  file but really wanted to use powershell as I am trying to move away from bat files
0
Comment
Question by:Dead_Eyes
  • 5
  • 3
  • 2
10 Comments
 
LVL 42

Expert Comment

by:sedgwick
ID: 37766248
change the "username" parameter passed to filesystemaccessrule:


if (Test-Path "C:\update\alldone.txt") {
	return
}
else { 
	$Acl = Get-Acl "C:\Users\Default\folder1"
	$Ar = New-Object  system.security.accesscontrol.filesystemaccessrule("username","FullControl","Allow")
	$Acl.SetAccessRule($Ar)
	Set-Acl "C:\Users\Default\folder1" $Acl
	
	$inifile = "C:\Users\Default\folder1\appk.ini"
	if (Test-Path $inifile) {
		Remove-Item $inifile
	}
	
	New-Item "C:\update\alldone.txt" -type file
}

Open in new window

0
 
LVL 10

Expert Comment

by:JoeKlimis
ID: 37766311
Hi
I have tested this locally , buyt should work from Group policy

$basefolder = "c:\windows\temp"
$flagfile   = "C:\windows\temp\alldone.txt"
$filematchString = ""



If ($flagfile) { Write-host "Quitting... Already Run" ; Break }

$PermsText = """$basefolder"" /grant Everyone`:(OI)(CI)F"
icacls $Permstext

if (test-path "$basefolder\appk.ini" )  {remove-item -path "$basefolder\appk.ini" -force}

"($(get-date)) All done" | out-file -append -encoding ascii $flagfile 

Open in new window

0
 

Author Comment

by:Dead_Eyes
ID: 37766697
Hi Sedgwick tried to run the script and got the following error, not sure what i did wrong I changed "username" parameter to everyone and changed the name of the file for testing

Security Warning
Run only scripts that you trust. While scripts from the Internet can be useful,
 this script can potentially harm your computer. Do you want to run
C:\testper.ps1?
[D] Do not run  [R] Run once  [S] Suspend  [?] Help (default is "D"): r
Set-Acl : Attempted to perform an unauthorized operation.
At C:\testper.ps1:8 char:9
+     Set-Acl <<<<  "C:\Users\Default\folder1" $Acl
    + CategoryInfo          : PermissionDenied: (C:\Users\Default\folder1:Stri
   ng) [Set-Acl], UnauthorizedAccessException
    + FullyQualifiedErrorId : System.UnauthorizedAccessException,Microsoft.Pow
   erShell.Commands.SetAclCommand



    Directory: C:\NSO


Mode                LastWriteTime     Length Name
----                -------------     ------ ----
-a---        26/03/2012     16:50          0 Citrix.txt


PS C:\>
0
Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

 
LVL 10

Expert Comment

by:JoeKlimis
ID: 37766824
Hi
Did you try my version of the script ?

Joe
0
 

Author Comment

by:Dead_Eyes
ID: 37766906
Just trying give me 20 mins its crazy at work 2day :(
0
 

Author Comment

by:Dead_Eyes
ID: 37766985
Hi Joe not sure I can ajust your script. trying to set the following things for a test

test file to delete: C:\users\default\folder1\appk.ini
file to check before to see if the scipt needs to be run: C:\nso\test.txt
folder to change permissions on: C:\users\default\folder1
0
 

Author Comment

by:Dead_Eyes
ID: 37767037
Tried the following alteration but its not doing anything or giving any error when running :(
$basefolder = "c:\users\default\folder1"
$flagfile   = "C:\NSO\test.txt"
$filematchString = ""



If ($flagfile) { Write-host "Quitting... Already Run" ; Break }

$PermsText = """$basefolder"" /grant Everyone`:(OI)(CI)F"
icacls $Permstext

if (test-path "$basefolder\appk.ini" )  {remove-item -path "$basefolder\appk.ini" -force}

"($(get-date)) All done" | out-file -append -encoding ascii $flagfile
0
 
LVL 10

Expert Comment

by:JoeKlimis
ID: 37768699
if the script did not report errors and run it should , have dont the following

checked it has not run using the flag file
changed the perms on basefolder
deleted any appk.ini files from the basefolder
created a flag file with a date stamp in it


please check to see if any of these happened ?

Joe
0
 
LVL 42

Accepted Solution

by:
sedgwick earned 500 total points
ID: 37770271
try the following:
if (Test-Path "C:\update\alldone.txt") {
	return
}
else { 
C:\WINDOWS\system32\icacls.exe "C:\Users\Default\folder1" /grant "Everyone:(OI)(CI)F"
	
	$inifile = "C:\Users\Default\folder1\appk.ini"
	if (Test-Path $inifile) {
		Remove-Item $inifile
	}
	
	New-Item "C:\update\alldone.txt" -type file
}
                                            

Open in new window

0
 

Author Comment

by:Dead_Eyes
ID: 37770630
Hi Sedgwick, thanks that did it :)
0

Featured Post

Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This is a PowerShell web interface I use to manage some task as a network administrator. Clicking an action button on the left frame will display a form in the middle frame to input some data in textboxes, process this data in PowerShell and display…
Set OWA language and time zone in Exchange for individuals, all users or per database.
This Micro Tutorial demonstrates using Microsoft Excel pivot tables, how to reverse engineer competitors' marketing strategies through backlinks.
This video shows how to quickly and easily add an email signature for all users on Exchange 2016. The resulting signature is applied on a server level by Exchange Online. The email signature template has been downloaded from: www.mail-signatures…

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question