Solved

PowerShell Script for Assigning User Permission to Folders

Posted on 2014-10-31
12
274 Views
Last Modified: 2014-11-25
We currently have a NTFS directory with 100 subfolders that are each assigned to a specific user. The users should have modify rights to their own folder and nobody else's. We currently have to go to each folder and assign each user rights for their respective folders. We are looking for a PS script that can automate this process.

Is anybody can suggest a script to do this, that would be great.
0
Comment
Question by:GR JN
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 7
  • 5
12 Comments
 
LVL 6

Expert Comment

by:Vipin Vasudevan
ID: 40416722
HI ,

Please try look in to below script, this will allow set a particular user and domain admins (you can remove if not required) to all folders in a path. this will not find its own owner and assingn permission as you need. But I can help you get it done if you tell me how to relate each folder with a particular folder (for ex: user's samid and folder name is matching etc)

=======================================================================
$user = Read-Host "Enter username"
$apth = Get-ChildItem -Path C:\Users\VipinV\Desktop\Test
foreach ($folder in $path)
{
$folderpath = $folder.fullname
'y' | CACLS """$c"" /G ""Domain Admins"":F" # provide domain admin access after replacing existing permission
CACLS """$path"" /E /G ""$user"":F"
}
======================================================================
0
 

Author Comment

by:GR JN
ID: 40420384
The username would be the same as the folder name. For example user JDoh should have modify rights to the just the JDOH folder in that directory. Let me know if that is clear.
0
 
LVL 6

Expert Comment

by:Vipin Vasudevan
ID: 40420461
You may try this.. test with few test folders before proceed. This worked for me

=======================================================================
#$user = Read-Host "Enter username"
$path = Get-ChildItem -Path C:\Users\VipinV\Desktop\Test
foreach ($folder in $path)
{
$user=$folder.Name
$folderpath = $folder.fullname
'y' | CACLS """$c"" /G ""Domain Admins"":F" # provide domain admin access after replacing existing permission
CACLS """$path"" /E /G ""$user"":F"
}
======================================================================
0
MIM Survival Guide for Service Desk Managers

Major incidents can send mastered service desk processes into disorder. Systems and tools produce the data needed to resolve these incidents, but your challenge is getting that information to the right people fast. Check out the Survival Guide and begin bringing order to chaos.

 

Author Comment

by:GR JN
ID: 40420519
Thanks. We do not need domain admins permission in the script because we can just permission that from the parent folder. I'm just curious as to what the path would be and how it would it know to associate the username with the folder path.
0
 
LVL 6

Expert Comment

by:Vipin Vasudevan
ID: 40420654
Path should be your parent folder,

there is a correction in path to folderpath

$path = Get-ChildItem -Path C:\Users\vipinV\Desktop\Test
foreach ($folder in $path)
{
$user=$folder.Name
$folderpath = $folder.fullname
#'y' | CACLS """$folderpath"" /E  /G ""Domain Admins"":F" # provide domain admin access after replacing existing permission
CACLS  """$folderpath"" /E /G ""$user"":F"
}
0
 
LVL 6

Expert Comment

by:Vipin Vasudevan
ID: 40420656
Above scrpt will retain existing permission but add user full control based on the foldernamwe
0
 

Author Comment

by:GR JN
ID: 40421654
Thanks. We don't necessarily want to specify each user name. Essentially when the "folder name" is = "username", then username has modify rights.  (Do this for each sub-folder in the directory)
0
 
LVL 6

Expert Comment

by:Vipin Vasudevan
ID: 40422149
yeah that's right... I have commented DA access replacement with existing permission in ths script.

Script will take folder name as user id and creat new ACL for this user.

It will do for all subfolder in the directory ( in this ex: it is subfolder under C:\Users\vipinV\Desktop\Test) but it will not applies to nested subfolders (if i have "Narvaezj" under "Test" it will create new ACL for you and if you have one more folder under "Narvaezj" permission inherit from  "Narvaezj" ) . Hope You understand and I didn' t confuse you.
0
 

Author Comment

by:GR JN
ID: 40422433
Thanks, this works great. One small tweak, can you configure so that users have modify rights as opposed to full rights?
0
 
LVL 6

Expert Comment

by:Vipin Vasudevan
ID: 40422569
You can use... C for change instead of F for Full contrl. But I didn't try this !!!


$path = Get-ChildItem -Path C:\Users\vipinV\Desktop\Test
foreach ($folder in $path)
{
$user=$folder.Name
$folderpath = $folder.fullname
CACLS  """$folderpath"" /E /G ""$user"":C"
}
0
 

Author Comment

by:GR JN
ID: 40422611
This works great. One last thing... how can we create a variable where we specify the path? I am assuming we would just incorporate a read host? In other words we want to be prompted for the parent path.
0
 
LVL 6

Accepted Solution

by:
Vipin Vasudevan earned 500 total points
ID: 40423040
Yes read host will do  

$read = Read-host "Please enter the complete path, for ex: C:\temp\   " 
$path = Get-ChildItem -Path $read
foreach ($folder in $path)
{
$user=$folder.Name
$folderpath = $folder.fullname
CACLS  """$folderpath"" /E /G ""$user"":C"
}
0

Featured Post

Edgartown IT Case Study

Learn about Edgartown's quest to ensure the safety and security of the entire town's employee and citizen data. Read the case study!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Did you know that more than 4 billion data records have been recorded as lost or stolen since 2013? It was a staggering number brought to our attention during last week’s ManageEngine webinar, where attendees received a comprehensive look at the ma…
Had a business requirement to store the mobile number in an environmental variable. This is just a quick article on how this was done.
This tutorial will walk an individual through the steps necessary to enable the VMware\Hyper-V licensed feature of Backup Exec 2012. In addition, how to add a VMware server and configure a backup job. The first step is to acquire the necessary licen…
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an antispam), the admini…

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question