Solved

PowerShell Script for Assigning User Permission to Folders

Posted on 2014-10-31
12
271 Views
Last Modified: 2014-11-25
We currently have a NTFS directory with 100 subfolders that are each assigned to a specific user. The users should have modify rights to their own folder and nobody else's. We currently have to go to each folder and assign each user rights for their respective folders. We are looking for a PS script that can automate this process.

Is anybody can suggest a script to do this, that would be great.
0
Comment
Question by:GR JN
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 7
  • 5
12 Comments
 
LVL 6

Expert Comment

by:Vipin Vasudevan
ID: 40416722
HI ,

Please try look in to below script, this will allow set a particular user and domain admins (you can remove if not required) to all folders in a path. this will not find its own owner and assingn permission as you need. But I can help you get it done if you tell me how to relate each folder with a particular folder (for ex: user's samid and folder name is matching etc)

=======================================================================
$user = Read-Host "Enter username"
$apth = Get-ChildItem -Path C:\Users\VipinV\Desktop\Test
foreach ($folder in $path)
{
$folderpath = $folder.fullname
'y' | CACLS """$c"" /G ""Domain Admins"":F" # provide domain admin access after replacing existing permission
CACLS """$path"" /E /G ""$user"":F"
}
======================================================================
0
 

Author Comment

by:GR JN
ID: 40420384
The username would be the same as the folder name. For example user JDoh should have modify rights to the just the JDOH folder in that directory. Let me know if that is clear.
0
 
LVL 6

Expert Comment

by:Vipin Vasudevan
ID: 40420461
You may try this.. test with few test folders before proceed. This worked for me

=======================================================================
#$user = Read-Host "Enter username"
$path = Get-ChildItem -Path C:\Users\VipinV\Desktop\Test
foreach ($folder in $path)
{
$user=$folder.Name
$folderpath = $folder.fullname
'y' | CACLS """$c"" /G ""Domain Admins"":F" # provide domain admin access after replacing existing permission
CACLS """$path"" /E /G ""$user"":F"
}
======================================================================
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:GR JN
ID: 40420519
Thanks. We do not need domain admins permission in the script because we can just permission that from the parent folder. I'm just curious as to what the path would be and how it would it know to associate the username with the folder path.
0
 
LVL 6

Expert Comment

by:Vipin Vasudevan
ID: 40420654
Path should be your parent folder,

there is a correction in path to folderpath

$path = Get-ChildItem -Path C:\Users\vipinV\Desktop\Test
foreach ($folder in $path)
{
$user=$folder.Name
$folderpath = $folder.fullname
#'y' | CACLS """$folderpath"" /E  /G ""Domain Admins"":F" # provide domain admin access after replacing existing permission
CACLS  """$folderpath"" /E /G ""$user"":F"
}
0
 
LVL 6

Expert Comment

by:Vipin Vasudevan
ID: 40420656
Above scrpt will retain existing permission but add user full control based on the foldernamwe
0
 

Author Comment

by:GR JN
ID: 40421654
Thanks. We don't necessarily want to specify each user name. Essentially when the "folder name" is = "username", then username has modify rights.  (Do this for each sub-folder in the directory)
0
 
LVL 6

Expert Comment

by:Vipin Vasudevan
ID: 40422149
yeah that's right... I have commented DA access replacement with existing permission in ths script.

Script will take folder name as user id and creat new ACL for this user.

It will do for all subfolder in the directory ( in this ex: it is subfolder under C:\Users\vipinV\Desktop\Test) but it will not applies to nested subfolders (if i have "Narvaezj" under "Test" it will create new ACL for you and if you have one more folder under "Narvaezj" permission inherit from  "Narvaezj" ) . Hope You understand and I didn' t confuse you.
0
 

Author Comment

by:GR JN
ID: 40422433
Thanks, this works great. One small tweak, can you configure so that users have modify rights as opposed to full rights?
0
 
LVL 6

Expert Comment

by:Vipin Vasudevan
ID: 40422569
You can use... C for change instead of F for Full contrl. But I didn't try this !!!


$path = Get-ChildItem -Path C:\Users\vipinV\Desktop\Test
foreach ($folder in $path)
{
$user=$folder.Name
$folderpath = $folder.fullname
CACLS  """$folderpath"" /E /G ""$user"":C"
}
0
 

Author Comment

by:GR JN
ID: 40422611
This works great. One last thing... how can we create a variable where we specify the path? I am assuming we would just incorporate a read host? In other words we want to be prompted for the parent path.
0
 
LVL 6

Accepted Solution

by:
Vipin Vasudevan earned 500 total points
ID: 40423040
Yes read host will do  

$read = Read-host "Please enter the complete path, for ex: C:\temp\   " 
$path = Get-ChildItem -Path $read
foreach ($folder in $path)
{
$user=$folder.Name
$folderpath = $folder.fullname
CACLS  """$folderpath"" /E /G ""$user"":C"
}
0

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Background Information Recently I have fixed file server permission issues for one of my client. The client has 1800 users and one Windows Server 2008 R2 domain joined file server with 12 TB of data, 250+ shared folders and the folder structure i…
Auditing domain password hashes is a commonly overlooked but critical requirement to ensuring secure passwords practices are followed. Methods exist to extract hashes directly for a live domain however this article describes a process to extract u…
This tutorial will walk an individual through the steps necessary to enable the VMware\Hyper-V licensed feature of Backup Exec 2012. In addition, how to add a VMware server and configure a backup job. The first step is to acquire the necessary licen…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question