Solved

PowerShell Script for Assigning User Permission to Folders

Posted on 2014-10-31
12
258 Views
Last Modified: 2014-11-25
We currently have a NTFS directory with 100 subfolders that are each assigned to a specific user. The users should have modify rights to their own folder and nobody else's. We currently have to go to each folder and assign each user rights for their respective folders. We are looking for a PS script that can automate this process.

Is anybody can suggest a script to do this, that would be great.
0
Comment
Question by:GR JN
  • 7
  • 5
12 Comments
 
LVL 6

Expert Comment

by:Vipin Vasudevan
ID: 40416722
HI ,

Please try look in to below script, this will allow set a particular user and domain admins (you can remove if not required) to all folders in a path. this will not find its own owner and assingn permission as you need. But I can help you get it done if you tell me how to relate each folder with a particular folder (for ex: user's samid and folder name is matching etc)

=======================================================================
$user = Read-Host "Enter username"
$apth = Get-ChildItem -Path C:\Users\VipinV\Desktop\Test
foreach ($folder in $path)
{
$folderpath = $folder.fullname
'y' | CACLS """$c"" /G ""Domain Admins"":F" # provide domain admin access after replacing existing permission
CACLS """$path"" /E /G ""$user"":F"
}
======================================================================
0
 

Author Comment

by:GR JN
ID: 40420384
The username would be the same as the folder name. For example user JDoh should have modify rights to the just the JDOH folder in that directory. Let me know if that is clear.
0
 
LVL 6

Expert Comment

by:Vipin Vasudevan
ID: 40420461
You may try this.. test with few test folders before proceed. This worked for me

=======================================================================
#$user = Read-Host "Enter username"
$path = Get-ChildItem -Path C:\Users\VipinV\Desktop\Test
foreach ($folder in $path)
{
$user=$folder.Name
$folderpath = $folder.fullname
'y' | CACLS """$c"" /G ""Domain Admins"":F" # provide domain admin access after replacing existing permission
CACLS """$path"" /E /G ""$user"":F"
}
======================================================================
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 

Author Comment

by:GR JN
ID: 40420519
Thanks. We do not need domain admins permission in the script because we can just permission that from the parent folder. I'm just curious as to what the path would be and how it would it know to associate the username with the folder path.
0
 
LVL 6

Expert Comment

by:Vipin Vasudevan
ID: 40420654
Path should be your parent folder,

there is a correction in path to folderpath

$path = Get-ChildItem -Path C:\Users\vipinV\Desktop\Test
foreach ($folder in $path)
{
$user=$folder.Name
$folderpath = $folder.fullname
#'y' | CACLS """$folderpath"" /E  /G ""Domain Admins"":F" # provide domain admin access after replacing existing permission
CACLS  """$folderpath"" /E /G ""$user"":F"
}
0
 
LVL 6

Expert Comment

by:Vipin Vasudevan
ID: 40420656
Above scrpt will retain existing permission but add user full control based on the foldernamwe
0
 

Author Comment

by:GR JN
ID: 40421654
Thanks. We don't necessarily want to specify each user name. Essentially when the "folder name" is = "username", then username has modify rights.  (Do this for each sub-folder in the directory)
0
 
LVL 6

Expert Comment

by:Vipin Vasudevan
ID: 40422149
yeah that's right... I have commented DA access replacement with existing permission in ths script.

Script will take folder name as user id and creat new ACL for this user.

It will do for all subfolder in the directory ( in this ex: it is subfolder under C:\Users\vipinV\Desktop\Test) but it will not applies to nested subfolders (if i have "Narvaezj" under "Test" it will create new ACL for you and if you have one more folder under "Narvaezj" permission inherit from  "Narvaezj" ) . Hope You understand and I didn' t confuse you.
0
 

Author Comment

by:GR JN
ID: 40422433
Thanks, this works great. One small tweak, can you configure so that users have modify rights as opposed to full rights?
0
 
LVL 6

Expert Comment

by:Vipin Vasudevan
ID: 40422569
You can use... C for change instead of F for Full contrl. But I didn't try this !!!


$path = Get-ChildItem -Path C:\Users\vipinV\Desktop\Test
foreach ($folder in $path)
{
$user=$folder.Name
$folderpath = $folder.fullname
CACLS  """$folderpath"" /E /G ""$user"":C"
}
0
 

Author Comment

by:GR JN
ID: 40422611
This works great. One last thing... how can we create a variable where we specify the path? I am assuming we would just incorporate a read host? In other words we want to be prompted for the parent path.
0
 
LVL 6

Accepted Solution

by:
Vipin Vasudevan earned 500 total points
ID: 40423040
Yes read host will do  

$read = Read-host "Please enter the complete path, for ex: C:\temp\   " 
$path = Get-ChildItem -Path $read
foreach ($folder in $path)
{
$user=$folder.Name
$folderpath = $folder.fullname
CACLS  """$folderpath"" /E /G ""$user"":C"
}
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A safe way to clean winsxs folder from your windows server 2008 R2 editions
This script can help you clean up your user profile database by comparing profiles to Active Directory users in a particular OU, and removing the profiles that don't match.
This tutorial will walk an individual through the steps necessary to configure their installation of BackupExec 2012 to use network shared disk space. Verify that the path to the shared storage is valid and that data can be written to that location:…
This tutorial will give a short introduction and overview of Backup Exec 2012 and how to navigate and perform basic functions. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as conne…

785 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question