Solved

PowerShell Script for Assigning User Permission to Folders

Posted on 2014-10-31
12
267 Views
Last Modified: 2014-11-25
We currently have a NTFS directory with 100 subfolders that are each assigned to a specific user. The users should have modify rights to their own folder and nobody else's. We currently have to go to each folder and assign each user rights for their respective folders. We are looking for a PS script that can automate this process.

Is anybody can suggest a script to do this, that would be great.
0
Comment
Question by:GR JN
  • 7
  • 5
12 Comments
 
LVL 6

Expert Comment

by:Vipin Vasudevan
ID: 40416722
HI ,

Please try look in to below script, this will allow set a particular user and domain admins (you can remove if not required) to all folders in a path. this will not find its own owner and assingn permission as you need. But I can help you get it done if you tell me how to relate each folder with a particular folder (for ex: user's samid and folder name is matching etc)

=======================================================================
$user = Read-Host "Enter username"
$apth = Get-ChildItem -Path C:\Users\VipinV\Desktop\Test
foreach ($folder in $path)
{
$folderpath = $folder.fullname
'y' | CACLS """$c"" /G ""Domain Admins"":F" # provide domain admin access after replacing existing permission
CACLS """$path"" /E /G ""$user"":F"
}
======================================================================
0
 

Author Comment

by:GR JN
ID: 40420384
The username would be the same as the folder name. For example user JDoh should have modify rights to the just the JDOH folder in that directory. Let me know if that is clear.
0
 
LVL 6

Expert Comment

by:Vipin Vasudevan
ID: 40420461
You may try this.. test with few test folders before proceed. This worked for me

=======================================================================
#$user = Read-Host "Enter username"
$path = Get-ChildItem -Path C:\Users\VipinV\Desktop\Test
foreach ($folder in $path)
{
$user=$folder.Name
$folderpath = $folder.fullname
'y' | CACLS """$c"" /G ""Domain Admins"":F" # provide domain admin access after replacing existing permission
CACLS """$path"" /E /G ""$user"":F"
}
======================================================================
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:GR JN
ID: 40420519
Thanks. We do not need domain admins permission in the script because we can just permission that from the parent folder. I'm just curious as to what the path would be and how it would it know to associate the username with the folder path.
0
 
LVL 6

Expert Comment

by:Vipin Vasudevan
ID: 40420654
Path should be your parent folder,

there is a correction in path to folderpath

$path = Get-ChildItem -Path C:\Users\vipinV\Desktop\Test
foreach ($folder in $path)
{
$user=$folder.Name
$folderpath = $folder.fullname
#'y' | CACLS """$folderpath"" /E  /G ""Domain Admins"":F" # provide domain admin access after replacing existing permission
CACLS  """$folderpath"" /E /G ""$user"":F"
}
0
 
LVL 6

Expert Comment

by:Vipin Vasudevan
ID: 40420656
Above scrpt will retain existing permission but add user full control based on the foldernamwe
0
 

Author Comment

by:GR JN
ID: 40421654
Thanks. We don't necessarily want to specify each user name. Essentially when the "folder name" is = "username", then username has modify rights.  (Do this for each sub-folder in the directory)
0
 
LVL 6

Expert Comment

by:Vipin Vasudevan
ID: 40422149
yeah that's right... I have commented DA access replacement with existing permission in ths script.

Script will take folder name as user id and creat new ACL for this user.

It will do for all subfolder in the directory ( in this ex: it is subfolder under C:\Users\vipinV\Desktop\Test) but it will not applies to nested subfolders (if i have "Narvaezj" under "Test" it will create new ACL for you and if you have one more folder under "Narvaezj" permission inherit from  "Narvaezj" ) . Hope You understand and I didn' t confuse you.
0
 

Author Comment

by:GR JN
ID: 40422433
Thanks, this works great. One small tweak, can you configure so that users have modify rights as opposed to full rights?
0
 
LVL 6

Expert Comment

by:Vipin Vasudevan
ID: 40422569
You can use... C for change instead of F for Full contrl. But I didn't try this !!!


$path = Get-ChildItem -Path C:\Users\vipinV\Desktop\Test
foreach ($folder in $path)
{
$user=$folder.Name
$folderpath = $folder.fullname
CACLS  """$folderpath"" /E /G ""$user"":C"
}
0
 

Author Comment

by:GR JN
ID: 40422611
This works great. One last thing... how can we create a variable where we specify the path? I am assuming we would just incorporate a read host? In other words we want to be prompted for the parent path.
0
 
LVL 6

Accepted Solution

by:
Vipin Vasudevan earned 500 total points
ID: 40423040
Yes read host will do  

$read = Read-host "Please enter the complete path, for ex: C:\temp\   " 
$path = Get-ChildItem -Path $read
foreach ($folder in $path)
{
$user=$folder.Name
$folderpath = $folder.fullname
CACLS  """$folderpath"" /E /G ""$user"":C"
}
0

Featured Post

Enterprise Mobility and BYOD For Dummies

Like “For Dummies” books, you can read this in whatever order you choose and learn about mobility and BYOD; and how to put a competitive mobile infrastructure in place. Developed for SMBs and large enterprises alike, you will find helpful use cases, planning, and implementation.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Previously, on our Nano Server Deployment series, we've created a new nano server image and deployed it on a physical server in part 2. Now we will go through configuration.
A company’s centralized system that manages user data, security, and distributed resources is often a focus of criminal attention. Active Directory (AD) is no exception. In truth, it’s even more likely to be targeted due to the number of companies …
This tutorial will walk an individual through locating and launching the BEUtility application to properly change the service account username and\or password in situation where it may be necessary or where the password has been inadvertently change…
This tutorial will walk an individual through the steps necessary to install and configure the Windows Server Backup Utility. Directly connect an external storage device such as a USB drive, or CD\DVD burner: If the device is a USB drive, ensure i…

679 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question