Copying folder permissions to group

Hey,

In the past, folder permissions at my company have been done on a individual basis. Going forward I want to use security groups, and am trying to make a script to copy the current permissions for our shares into groups I have created.

Right now I have a script that gets all the current user permissions on the folders, get the group name, and makes sure the account is active. I believe I could add the users to the groups fairly easily, but before I go any further I want to make sure I'm not overlooking anything that might cause problems or would make this easier.

Here is my current script:

Add-PSSnapin quest.activeroles.admanagement
get-childitem \\"domain" | where-object { $_.PSIScontainer } | get-acl | select-object path -expandproperty access | select identityreference,path | export-csv c:\powershell\permissions.csv


$users = Import-csv C:\powershell\permissions.csv

foreach ($line in $users) {
    
    $group = $line.Path.Substring(62)

      if (Get-QADUser $line.IdentityReference -Enabled) { Add user to group here}

      #check for groups who have permissions on folder and add to group
      
}

Open in new window


Regards,

Kevin
ksagle7Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

w_richardCommented:
Since at the windows there is no such events that are been created by the name of copy. For instance at windows there are no such events that create a logs by the name of copy. For that if the logs are only not created then there is a very less chance to get and view the reports of copy.
0
ksagle7Author Commented:
Hi Richard,

Thanks for the response.

I ended up finding a solution to my problem. In case anyone else needs it, here is the script I ended up using.

    Add-PSSnapin quest.activeroles.admanagement
    
    $location = "\\domain\share"
    $collect=@("Folder","User","Permissions")

    $folders = Get-ChildItem $location | where {$_.psIsContainer -eq $true}

    FOREACH($folder in $folders){

    $acl = get-acl $folder.fullname

        $perms=$acl.access}

        FOREACH($perm in $perms){
       
            $permissions="" |Select-Object -Property $collect
            
            $permissions.Folder=$folder.FullName.substring(24) #I used substring to remove the domain name, leaving the folder name online
            [string]$userstr=$perm.IdentityReference
            $permissions.User=$perm.IdentityReference
            [string]$per=$perm.FileSystemRights
            $permissions.Permissions=$per
            
            if ($userstr -match "_") #All our usernames have an unscore in them, so I looked for that
            {
                $group = $folder.Name + " Share"
                if (Get-QADUser -Identity $userstr -enabled{ #verify account in enabled
                    add-QADMemberOf -Identity $userstr -Group $group
                }

            }
                              

        }

}

Open in new window

0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
ksagle7Author Commented:
Found myself
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Powershell

From novice to tech pro — start learning today.