Solved

Change permissions on only folders with a certain name

Posted on 2013-11-25
3
132 Views
Last Modified: 2015-02-06
Windows 2008 server.

We have a data directory with folders for each of our customers.  Within each customer are several subfolders for correspondence, system documentation, and etc.  We need to change the permissions on the system documentation sub folder for each customer to deny write access to a domain group.

I've been poking around powershell and the icacls command and haven't seen a way to do this across the board in one script.  Anybody have any suggestions or a script that works?

Example folder structure:

d:\clients\customername\system documentation
0
Comment
Question by:firstcall
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 35

Expert Comment

by:Dan Craciun
ID: 39675795
Try this:

$path = "D:\clients"
$sid = "domain group"

$dirInfo = Get-ChildItem -path $path -Recurse:1 -directory
foreach ($i in $dirInfo.fullname) {
      $regex = $i -match "system documentation"
      if ($regex) { icacls $i /deny $sid:w /t }
}


It will iterate on your clients folder and test each subfolder to see if it matches "system documentation". If it does, run your command to change permissions.

Change $path and $sid to your actual path and your actual group

HTH,
Dan
0
 
LVL 2

Author Comment

by:firstcall
ID: 39681539
Thanks Dan,

We are almost there.  When I run this it errors:
"Get-ChildItem : A parameter cannot be found that matches parameter name 'directory'.

Here is exactly what I saved in the .ps1 file and executed (note I created a sample data structure under test company to test the script on)

$path = "D:\data\test company\clients"
$sid = "domain users"

$dirInfo = Get-ChildItem -path $path -Recurse:1 -directory
foreach ($i in $dirInfo.fullname) {
      $regex = $i -match "system documentation"
      if ($regex) { icacls $i /deny $sid:w /t }
}

Open in new window

0
 
LVL 35

Accepted Solution

by:
Dan Craciun earned 500 total points
ID: 39681556
You need powershell 3 for the -directory to be recognized.
Install WMF 3 from here: http://www.microsoft.com/en-us/download/details.aspx?id=34595
0

Featured Post

Optimizing Cloud Backup for Low Bandwidth

With cloud storage prices going down a growing number of SMBs start to use it for backup storage. Unfortunately, business data volume rarely fits the average Internet speed. This article provides an overview of main Internet speed challenges and reveals backup best practices.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Background Information Recently I have fixed file server permission issues for one of my client. The client has 1800 users and one Windows Server 2008 R2 domain joined file server with 12 TB of data, 250+ shared folders and the folder structure i…
I was prompted to write this article after the recent World-Wide Ransomware outbreak. For years now, System Administrators around the world have used the excuse of "Waiting a Bit" before applying Security Patch Updates. This type of reasoning to me …
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through setting the global and backup job media overwrite and protection periods in Backup Exec 2012. Log onto the Backup Exec Central Administration Server. Examine the services. If all or most of them are stop…

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question