Need help creating a Powershell folder script

Posted on 2014-01-24
Last Modified: 2014-01-30
Thank you in advanced for any help you can give on this issue. I am a complete newb when it comes to powershell and I'm learning it as quickly as I can but I'm in a trial by fire situation.

I need to create a script that does the following:

1) Create a new folder on an existing network share with a series of 11 subfolders to go with it. Straight forward and simple enough but....

2) I Need to assign specific permission to a security group on just about each sub folder. And this is where I get lost

The scenario will play out like this:

1- We would launch a script and a new top level folder on the share would be created called "Folder template" for argument's sake. Upon the folder being created the name will be changed to represent whatever is required.

2- "Folder template" will have 11 subfolders created alongside and inside of it. With static names that will not need to be changed.

2a - inheritance would need to be disabled as not gain the permissions from the share itself

3- There two security groups Write-team and Read-team.

4- the read-team should only be able to open and read every folder.

5- The write team need to be able to

5a - add and edit files in folders 1-5 and 7-10

5b- in folders 6 and 11 they need to be able to write and edit subfolders in files in 6 and 11

5c- they should NOT be able to move, delete, or rename the acutal folder or subfolder itself 6 and 11.

Is this all even possible in one handy dandy convenient script?
Question by:EmpoweredBiz
1 Comment
LVL 70

Accepted Solution

Chris Dent earned 500 total points
ID: 39809053
Anything is possible. This is a starting point, you may need to clarify some of your rules.
$Share = "\\server\sharename"
$FolderName = "Folder Template"

# The static sub-folder list
$SubFolders = @(

# Create the top level folder
$TopLevelFolder = New-Item "$Share\$FolderName" -Type Directory

# Sort out permissions on the top level folder - May not be necessary
$Acl = Get-Acl $TopLevelFolder.FullName

# This Disables inheritance (enables protection, the first $true). 
# The second $true tells it to copy the existing ACL from the parent folder when doing this. That may need to change.
$Acl.SetAccessRuleProtection($true, $true)

# Explicitly add an entry for the Read-team here. It's the neatest place.
$Acl.Access += New-Object Security.AccessControl.FileSystemAccessRule("Read-Team", "ReadAndExecute", "ObjectInherit, ContainerInherit", "None", "Allow")

# Set the modified ACL
Set-Acl $TopLevelFolder.FullName -AclObject $Acl

# Begin work on the sub-folders
for ($i = 0; $i -lt $SubFolders.Count; $i++) {
  $SubFolder = New-Item "$Share\$FolderName\$($SubFolders[$i])" -Type Directory

  # $i is a zero-based counter, all numbers are shifted down by one.

  $Acl = Get-Acl $SubFolder.FullName

  # Edit files in folders 1 to 5 and 7 to 10.
  if (($i -ge 0 -and $i -le 4) -or ($i -ge 6 -and $i -le 9)) {
    # Grant Write-Team permission to Edit files. Note: ObjectInherit means this only applies to Files.
    $Acl.Access += New-Object Security.AccessControl.FileSystemAccessRule("Write-Team", "Modify", "ObjectInherit", "None", "Allow")

  # Create and modify sub-folders in 6 and 11
  if ($i -eq 5 -or $i -eq 10) {
    # Grant Write-Team permission to create sub-folders
    $Acl.Access += New-Object Security.AccessControl.FileSystemAccessRule("Write-Team", "CreateDirectories", "ContainerInherit", "None", "Allow")
    # Grant Write-Team permission to create files, but not in this folder.
    $Acl.Access += New-Object Security.AccessControl.FileSystemAccessRule("Write-Team", "Modify", "ObjectInherit", "None", "Allow")

  # Apply the modified ACL
  Set-Acl $SubFolder.FullName -AclObject $Acl 

Open in new window



Featured Post

3 Use Cases for Connected Systems

Our Dev teams are like yours. They’re continually cranking out code for new features/bugs fixes, testing, deploying, testing some more, responding to production monitoring events and more. It’s complex. So, we thought you’d like to see what’s working for us.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article will help you understand what HashTables are and how to use them in PowerShell.
A procedure for exporting installed hotfix details of remote computers using powershell
Learn the basics of if, else, and elif statements in Python 2.7. Use "if" statements to test a specified condition.: The structure of an if statement is as follows: (CODE) Use "else" statements to allow the execution of an alternative, if the …
The viewer will learn how to create and use a small PHP class to apply a watermark to an image. This video shows the viewer the setup for the PHP watermark as well as important coding language. Continue to Part 2 to learn the core code used in creat…

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question