Solved

PowerShell Script for Assigning User Permission to Folders

Posted on 2014-10-31
12
247 Views
Last Modified: 2014-11-25
We currently have a NTFS directory with 100 subfolders that are each assigned to a specific user. The users should have modify rights to their own folder and nobody else's. We currently have to go to each folder and assign each user rights for their respective folders. We are looking for a PS script that can automate this process.

Is anybody can suggest a script to do this, that would be great.
0
Comment
Question by:GR JN
  • 7
  • 5
12 Comments
 
LVL 6

Expert Comment

by:Vipin Vasudevan
Comment Utility
HI ,

Please try look in to below script, this will allow set a particular user and domain admins (you can remove if not required) to all folders in a path. this will not find its own owner and assingn permission as you need. But I can help you get it done if you tell me how to relate each folder with a particular folder (for ex: user's samid and folder name is matching etc)

=======================================================================
$user = Read-Host "Enter username"
$apth = Get-ChildItem -Path C:\Users\VipinV\Desktop\Test
foreach ($folder in $path)
{
$folderpath = $folder.fullname
'y' | CACLS """$c"" /G ""Domain Admins"":F" # provide domain admin access after replacing existing permission
CACLS """$path"" /E /G ""$user"":F"
}
======================================================================
0
 

Author Comment

by:GR JN
Comment Utility
The username would be the same as the folder name. For example user JDoh should have modify rights to the just the JDOH folder in that directory. Let me know if that is clear.
0
 
LVL 6

Expert Comment

by:Vipin Vasudevan
Comment Utility
You may try this.. test with few test folders before proceed. This worked for me

=======================================================================
#$user = Read-Host "Enter username"
$path = Get-ChildItem -Path C:\Users\VipinV\Desktop\Test
foreach ($folder in $path)
{
$user=$folder.Name
$folderpath = $folder.fullname
'y' | CACLS """$c"" /G ""Domain Admins"":F" # provide domain admin access after replacing existing permission
CACLS """$path"" /E /G ""$user"":F"
}
======================================================================
0
 

Author Comment

by:GR JN
Comment Utility
Thanks. We do not need domain admins permission in the script because we can just permission that from the parent folder. I'm just curious as to what the path would be and how it would it know to associate the username with the folder path.
0
 
LVL 6

Expert Comment

by:Vipin Vasudevan
Comment Utility
Path should be your parent folder,

there is a correction in path to folderpath

$path = Get-ChildItem -Path C:\Users\vipinV\Desktop\Test
foreach ($folder in $path)
{
$user=$folder.Name
$folderpath = $folder.fullname
#'y' | CACLS """$folderpath"" /E  /G ""Domain Admins"":F" # provide domain admin access after replacing existing permission
CACLS  """$folderpath"" /E /G ""$user"":F"
}
0
 
LVL 6

Expert Comment

by:Vipin Vasudevan
Comment Utility
Above scrpt will retain existing permission but add user full control based on the foldernamwe
0
Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

 

Author Comment

by:GR JN
Comment Utility
Thanks. We don't necessarily want to specify each user name. Essentially when the "folder name" is = "username", then username has modify rights.  (Do this for each sub-folder in the directory)
0
 
LVL 6

Expert Comment

by:Vipin Vasudevan
Comment Utility
yeah that's right... I have commented DA access replacement with existing permission in ths script.

Script will take folder name as user id and creat new ACL for this user.

It will do for all subfolder in the directory ( in this ex: it is subfolder under C:\Users\vipinV\Desktop\Test) but it will not applies to nested subfolders (if i have "Narvaezj" under "Test" it will create new ACL for you and if you have one more folder under "Narvaezj" permission inherit from  "Narvaezj" ) . Hope You understand and I didn' t confuse you.
0
 

Author Comment

by:GR JN
Comment Utility
Thanks, this works great. One small tweak, can you configure so that users have modify rights as opposed to full rights?
0
 
LVL 6

Expert Comment

by:Vipin Vasudevan
Comment Utility
You can use... C for change instead of F for Full contrl. But I didn't try this !!!


$path = Get-ChildItem -Path C:\Users\vipinV\Desktop\Test
foreach ($folder in $path)
{
$user=$folder.Name
$folderpath = $folder.fullname
CACLS  """$folderpath"" /E /G ""$user"":C"
}
0
 

Author Comment

by:GR JN
Comment Utility
This works great. One last thing... how can we create a variable where we specify the path? I am assuming we would just incorporate a read host? In other words we want to be prompted for the parent path.
0
 
LVL 6

Accepted Solution

by:
Vipin Vasudevan earned 500 total points
Comment Utility
Yes read host will do  

$read = Read-host "Please enter the complete path, for ex: C:\temp\   "
$path = Get-ChildItem -Path $read
foreach ($folder in $path)
{
$user=$folder.Name
$folderpath = $folder.fullname
CACLS  """$folderpath"" /E /G ""$user"":C"
}
0

Featured Post

Control application downtime with dependency maps

Visualize the interdependencies between application components better with Applications Manager's automated application discovery and dependency mapping feature. Resolve performance issues faster by quickly isolating problematic components.

Join & Write a Comment

I thought I'd write this up for anyone who has a request to create an anonymous whistle-blower-type submission form created using SharePoint 2010 (this would probably work the same for 2013). It's not 100% fool-proof but it's as close as you can get…
The recent Microsoft changes on update philosophy for Windows pre-10 and their impact on existing WSUS implementations.
This tutorial will walk an individual through locating and launching the BEUtility application and how to execute it on the appropriate database. Log onto the server running the Backup Exec database. In a larger environment, this would generally be …
This tutorial will show how to configure a new Backup Exec 2012 server and move an existing database to that server with the use of the BEUtility. Install Backup Exec 2012 on the new server and apply all of the latest hotfixes and service packs. The…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

8 Experts available now in Live!

Get 1:1 Help Now