Solved

Need help creating a Powershell folder script

Posted on 2014-01-24
1
862 Views
Last Modified: 2014-01-30
Thank you in advanced for any help you can give on this issue. I am a complete newb when it comes to powershell and I'm learning it as quickly as I can but I'm in a trial by fire situation.

I need to create a script that does the following:

1) Create a new folder on an existing network share with a series of 11 subfolders to go with it. Straight forward and simple enough but....

2) I Need to assign specific permission to a security group on just about each sub folder. And this is where I get lost

The scenario will play out like this:

1- We would launch a script and a new top level folder on the share would be created called "Folder template" for argument's sake. Upon the folder being created the name will be changed to represent whatever is required.

2- "Folder template" will have 11 subfolders created alongside and inside of it. With static names that will not need to be changed.

2a - inheritance would need to be disabled as not gain the permissions from the share itself

3- There two security groups Write-team and Read-team.

4- the read-team should only be able to open and read every folder.

5- The write team need to be able to

5a - add and edit files in folders 1-5 and 7-10

5b- in folders 6 and 11 they need to be able to write and edit subfolders in files in 6 and 11

5c- they should NOT be able to move, delete, or rename the acutal folder or subfolder itself 6 and 11.

Is this all even possible in one handy dandy convenient script?
0
Comment
Question by:EmpoweredBiz
1 Comment
 
LVL 70

Accepted Solution

by:
Chris Dent earned 500 total points
Comment Utility
Anything is possible. This is a starting point, you may need to clarify some of your rules.
$Share = "\\server\sharename"
$FolderName = "Folder Template"

# The static sub-folder list
$SubFolders = @(
  "Folder1",
  "Folder2",
  "Folder3",
  "Folder4",
  "Folder5",
  "Folder6",
  "Folder7",
  "Folder8",
  "Folder9",
  "Folder10",
  "FOlder11"
)

# Create the top level folder
$TopLevelFolder = New-Item "$Share\$FolderName" -Type Directory

# Sort out permissions on the top level folder - May not be necessary
$Acl = Get-Acl $TopLevelFolder.FullName

# This Disables inheritance (enables protection, the first $true). 
# The second $true tells it to copy the existing ACL from the parent folder when doing this. That may need to change.
$Acl.SetAccessRuleProtection($true, $true)

# Explicitly add an entry for the Read-team here. It's the neatest place.
$Acl.Access += New-Object Security.AccessControl.FileSystemAccessRule("Read-Team", "ReadAndExecute", "ObjectInherit, ContainerInherit", "None", "Allow")

# Set the modified ACL
Set-Acl $TopLevelFolder.FullName -AclObject $Acl

# Begin work on the sub-folders
for ($i = 0; $i -lt $SubFolders.Count; $i++) {
  $SubFolder = New-Item "$Share\$FolderName\$($SubFolders[$i])" -Type Directory

  # $i is a zero-based counter, all numbers are shifted down by one.

  $Acl = Get-Acl $SubFolder.FullName

  # Edit files in folders 1 to 5 and 7 to 10.
  if (($i -ge 0 -and $i -le 4) -or ($i -ge 6 -and $i -le 9)) {
    # Grant Write-Team permission to Edit files. Note: ObjectInherit means this only applies to Files.
    $Acl.Access += New-Object Security.AccessControl.FileSystemAccessRule("Write-Team", "Modify", "ObjectInherit", "None", "Allow")
  }

  # Create and modify sub-folders in 6 and 11
  if ($i -eq 5 -or $i -eq 10) {
    # Grant Write-Team permission to create sub-folders
    $Acl.Access += New-Object Security.AccessControl.FileSystemAccessRule("Write-Team", "CreateDirectories", "ContainerInherit", "None", "Allow")
    # Grant Write-Team permission to create files, but not in this folder.
    $Acl.Access += New-Object Security.AccessControl.FileSystemAccessRule("Write-Team", "Modify", "ObjectInherit", "None", "Allow")
  }

  # Apply the modified ACL
  Set-Acl $SubFolder.FullName -AclObject $Acl 
}

Open in new window

HTH

Chris
0

Featured Post

Do email signature updates give you a headache?

Do you feel like all of your time is spent managing email signatures? Too busy to visit every user’s desk to make updates? Want high-quality HTML signatures on all devices, including on mobiles and Macs? Then, let Exclaimer solve all your email signature problems today!

Join & Write a Comment

This article will show, step by step, how to integrate R code into a R Sweave document
This is a PowerShell web interface I use to manage some task as a network administrator. Clicking an action button on the left frame will display a form in the middle frame to input some data in textboxes, process this data in PowerShell and display…
Learn how to match and substitute tagged data using PHP regular expressions. Demonstrated on Windows 7, but also applies to other operating systems. Demonstrated technique applies to PHP (all versions) and Firefox, but very similar techniques will w…
The viewer will learn how to create a basic form using some HTML5 and PHP for later processing. Set up your basic HTML file. Open your form tag and set the method and action attributes.: (CODE) Set up your first few inputs one for the name and …

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now