Solved

Need help creating a Powershell folder script

Posted on 2014-01-24
1
1,002 Views
Last Modified: 2014-01-30
Thank you in advanced for any help you can give on this issue. I am a complete newb when it comes to powershell and I'm learning it as quickly as I can but I'm in a trial by fire situation.

I need to create a script that does the following:

1) Create a new folder on an existing network share with a series of 11 subfolders to go with it. Straight forward and simple enough but....

2) I Need to assign specific permission to a security group on just about each sub folder. And this is where I get lost

The scenario will play out like this:

1- We would launch a script and a new top level folder on the share would be created called "Folder template" for argument's sake. Upon the folder being created the name will be changed to represent whatever is required.

2- "Folder template" will have 11 subfolders created alongside and inside of it. With static names that will not need to be changed.

2a - inheritance would need to be disabled as not gain the permissions from the share itself

3- There two security groups Write-team and Read-team.

4- the read-team should only be able to open and read every folder.

5- The write team need to be able to

5a - add and edit files in folders 1-5 and 7-10

5b- in folders 6 and 11 they need to be able to write and edit subfolders in files in 6 and 11

5c- they should NOT be able to move, delete, or rename the acutal folder or subfolder itself 6 and 11.

Is this all even possible in one handy dandy convenient script?
0
Comment
Question by:EmpoweredBiz
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
1 Comment
 
LVL 71

Accepted Solution

by:
Chris Dent earned 500 total points
ID: 39809053
Anything is possible. This is a starting point, you may need to clarify some of your rules.
$Share = "\\server\sharename"
$FolderName = "Folder Template"

# The static sub-folder list
$SubFolders = @(
  "Folder1",
  "Folder2",
  "Folder3",
  "Folder4",
  "Folder5",
  "Folder6",
  "Folder7",
  "Folder8",
  "Folder9",
  "Folder10",
  "FOlder11"
)

# Create the top level folder
$TopLevelFolder = New-Item "$Share\$FolderName" -Type Directory

# Sort out permissions on the top level folder - May not be necessary
$Acl = Get-Acl $TopLevelFolder.FullName

# This Disables inheritance (enables protection, the first $true). 
# The second $true tells it to copy the existing ACL from the parent folder when doing this. That may need to change.
$Acl.SetAccessRuleProtection($true, $true)

# Explicitly add an entry for the Read-team here. It's the neatest place.
$Acl.Access += New-Object Security.AccessControl.FileSystemAccessRule("Read-Team", "ReadAndExecute", "ObjectInherit, ContainerInherit", "None", "Allow")

# Set the modified ACL
Set-Acl $TopLevelFolder.FullName -AclObject $Acl

# Begin work on the sub-folders
for ($i = 0; $i -lt $SubFolders.Count; $i++) {
  $SubFolder = New-Item "$Share\$FolderName\$($SubFolders[$i])" -Type Directory

  # $i is a zero-based counter, all numbers are shifted down by one.

  $Acl = Get-Acl $SubFolder.FullName

  # Edit files in folders 1 to 5 and 7 to 10.
  if (($i -ge 0 -and $i -le 4) -or ($i -ge 6 -and $i -le 9)) {
    # Grant Write-Team permission to Edit files. Note: ObjectInherit means this only applies to Files.
    $Acl.Access += New-Object Security.AccessControl.FileSystemAccessRule("Write-Team", "Modify", "ObjectInherit", "None", "Allow")
  }

  # Create and modify sub-folders in 6 and 11
  if ($i -eq 5 -or $i -eq 10) {
    # Grant Write-Team permission to create sub-folders
    $Acl.Access += New-Object Security.AccessControl.FileSystemAccessRule("Write-Team", "CreateDirectories", "ContainerInherit", "None", "Allow")
    # Grant Write-Team permission to create files, but not in this folder.
    $Acl.Access += New-Object Security.AccessControl.FileSystemAccessRule("Write-Team", "Modify", "ObjectInherit", "None", "Allow")
  }

  # Apply the modified ACL
  Set-Acl $SubFolder.FullName -AclObject $Acl 
}

Open in new window

HTH

Chris
0

Featured Post

Office 365 Training for IT Pros

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this post we will be converting StringData saved within a text file into a hash table. This can be further used in a PowerShell script for replacing settings that are dynamic in nature from environment to environment.
There are times when we need to generate a report on the inbox rules, where users have set up forwarding externally in their mailbox. In this article, I will be sharing a script I wrote to generate the report in CSV format.
Learn the basics of modules and packages in Python. Every Python file is a module, ending in the suffix: .py: Modules are a collection of functions and variables.: Packages are a collection of modules.: Module functions and variables are accessed us…
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an antispam), the admini…

636 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question