Solved

Change permissions on only folders with a certain name

Posted on 2013-11-25
3
116 Views
Last Modified: 2015-02-06
Windows 2008 server.

We have a data directory with folders for each of our customers.  Within each customer are several subfolders for correspondence, system documentation, and etc.  We need to change the permissions on the system documentation sub folder for each customer to deny write access to a domain group.

I've been poking around powershell and the icacls command and haven't seen a way to do this across the board in one script.  Anybody have any suggestions or a script that works?

Example folder structure:

d:\clients\customername\system documentation
0
Comment
Question by:firstcall
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 35

Expert Comment

by:Dan Craciun
ID: 39675795
Try this:

$path = "D:\clients"
$sid = "domain group"

$dirInfo = Get-ChildItem -path $path -Recurse:1 -directory
foreach ($i in $dirInfo.fullname) {
      $regex = $i -match "system documentation"
      if ($regex) { icacls $i /deny $sid:w /t }
}


It will iterate on your clients folder and test each subfolder to see if it matches "system documentation". If it does, run your command to change permissions.

Change $path and $sid to your actual path and your actual group

HTH,
Dan
0
 
LVL 2

Author Comment

by:firstcall
ID: 39681539
Thanks Dan,

We are almost there.  When I run this it errors:
"Get-ChildItem : A parameter cannot be found that matches parameter name 'directory'.

Here is exactly what I saved in the .ps1 file and executed (note I created a sample data structure under test company to test the script on)

$path = "D:\data\test company\clients"
$sid = "domain users"

$dirInfo = Get-ChildItem -path $path -Recurse:1 -directory
foreach ($i in $dirInfo.fullname) {
      $regex = $i -match "system documentation"
      if ($regex) { icacls $i /deny $sid:w /t }
}

Open in new window

0
 
LVL 35

Accepted Solution

by:
Dan Craciun earned 500 total points
ID: 39681556
You need powershell 3 for the -directory to be recognized.
Install WMF 3 from here: http://www.microsoft.com/en-us/download/details.aspx?id=34595
0

Featured Post

The Eight Noble Truths of Backup and Recovery

How can IT departments tackle the challenges of a Big Data world? This white paper provides a roadmap to success and helps companies ensure that all their data is safe and secure, no matter if it resides on-premise with physical or virtual machines or in the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Remote Apps is a feature in server 2008 which allows users to run applications off Remote Desktop Servers without having to log into them to run the applications.  The user can either have a desktop shortcut installed or go through the web portal to…
OfficeMate Freezes on login or does not load after login credentials are input.
This tutorial will show how to configure a new Backup Exec 2012 server and move an existing database to that server with the use of the BEUtility. Install Backup Exec 2012 on the new server and apply all of the latest hotfixes and service packs. The…
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

749 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question