Solved

Need help creating a Powershell folder script

Posted on 2014-01-24
1
878 Views
Last Modified: 2014-01-30
Thank you in advanced for any help you can give on this issue. I am a complete newb when it comes to powershell and I'm learning it as quickly as I can but I'm in a trial by fire situation.

I need to create a script that does the following:

1) Create a new folder on an existing network share with a series of 11 subfolders to go with it. Straight forward and simple enough but....

2) I Need to assign specific permission to a security group on just about each sub folder. And this is where I get lost

The scenario will play out like this:

1- We would launch a script and a new top level folder on the share would be created called "Folder template" for argument's sake. Upon the folder being created the name will be changed to represent whatever is required.

2- "Folder template" will have 11 subfolders created alongside and inside of it. With static names that will not need to be changed.

2a - inheritance would need to be disabled as not gain the permissions from the share itself

3- There two security groups Write-team and Read-team.

4- the read-team should only be able to open and read every folder.

5- The write team need to be able to

5a - add and edit files in folders 1-5 and 7-10

5b- in folders 6 and 11 they need to be able to write and edit subfolders in files in 6 and 11

5c- they should NOT be able to move, delete, or rename the acutal folder or subfolder itself 6 and 11.

Is this all even possible in one handy dandy convenient script?
0
Comment
Question by:EmpoweredBiz
1 Comment
 
LVL 70

Accepted Solution

by:
Chris Dent earned 500 total points
ID: 39809053
Anything is possible. This is a starting point, you may need to clarify some of your rules.
$Share = "\\server\sharename"
$FolderName = "Folder Template"

# The static sub-folder list
$SubFolders = @(
  "Folder1",
  "Folder2",
  "Folder3",
  "Folder4",
  "Folder5",
  "Folder6",
  "Folder7",
  "Folder8",
  "Folder9",
  "Folder10",
  "FOlder11"
)

# Create the top level folder
$TopLevelFolder = New-Item "$Share\$FolderName" -Type Directory

# Sort out permissions on the top level folder - May not be necessary
$Acl = Get-Acl $TopLevelFolder.FullName

# This Disables inheritance (enables protection, the first $true). 
# The second $true tells it to copy the existing ACL from the parent folder when doing this. That may need to change.
$Acl.SetAccessRuleProtection($true, $true)

# Explicitly add an entry for the Read-team here. It's the neatest place.
$Acl.Access += New-Object Security.AccessControl.FileSystemAccessRule("Read-Team", "ReadAndExecute", "ObjectInherit, ContainerInherit", "None", "Allow")

# Set the modified ACL
Set-Acl $TopLevelFolder.FullName -AclObject $Acl

# Begin work on the sub-folders
for ($i = 0; $i -lt $SubFolders.Count; $i++) {
  $SubFolder = New-Item "$Share\$FolderName\$($SubFolders[$i])" -Type Directory

  # $i is a zero-based counter, all numbers are shifted down by one.

  $Acl = Get-Acl $SubFolder.FullName

  # Edit files in folders 1 to 5 and 7 to 10.
  if (($i -ge 0 -and $i -le 4) -or ($i -ge 6 -and $i -le 9)) {
    # Grant Write-Team permission to Edit files. Note: ObjectInherit means this only applies to Files.
    $Acl.Access += New-Object Security.AccessControl.FileSystemAccessRule("Write-Team", "Modify", "ObjectInherit", "None", "Allow")
  }

  # Create and modify sub-folders in 6 and 11
  if ($i -eq 5 -or $i -eq 10) {
    # Grant Write-Team permission to create sub-folders
    $Acl.Access += New-Object Security.AccessControl.FileSystemAccessRule("Write-Team", "CreateDirectories", "ContainerInherit", "None", "Allow")
    # Grant Write-Team permission to create files, but not in this folder.
    $Acl.Access += New-Object Security.AccessControl.FileSystemAccessRule("Write-Team", "Modify", "ObjectInherit", "None", "Allow")
  }

  # Apply the modified ACL
  Set-Acl $SubFolder.FullName -AclObject $Acl 
}

Open in new window

HTH

Chris
0

Featured Post

Backup Your Microsoft Windows Server®

Backup all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This is a PowerShell web interface I use to manage some task as a network administrator. Clicking an action button on the left frame will display a form in the middle frame to input some data in textboxes, process this data in PowerShell and display…
This article explains how to prepare an HTML email signature template file containing dynamic placeholders for users' Azure AD data. Furthermore, it explains how to use this file to remotely set up a department-wide email signature policy in Office …
The viewer will learn how to create and use a small PHP class to apply a watermark to an image. This video shows the viewer the setup for the PHP watermark as well as important coding language. Continue to Part 2 to learn the core code used in creat…
In this fifth video of the Xpdf series, we discuss and demonstrate the PDFdetach utility, which is able to list and, more importantly, extract attachments that are embedded in PDF files. It does this via a command line interface, making it suitable …

932 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now