Scenario
My script creates a new directory on the network share and then assigns NTFS Modify permissions for the end user.
Problem
The problem is that after the folder is created and NTFS Modify permissions assigned, the user is unable to access the mapped directory. When trying to access the mapped directory, the following message is seen:
Work Around
After the script creates the directory and assigns NTFS Modify permissions to the end user it won't open. However, if I then go into the directory properties and 'toggle' the Modify check box (uncheck then check it back again) and hit Apply. Viola! The end user can now access the mapped directory.
Help
I need help figuring out how to get my script to work the first time with creating the directory and permissions to Modify for an end user and it not requiring me to go toggle the permissions. Why doesn't the directory recognize the location until I toggle the permissions?
function Set-Permission {<#.Synopsis Manage NTFS permissions on a directory and it's child items..DESCRIPTION Long description.EXAMPLE Set-Permission -dirPath '\\my-server\user-share\joe.user' -samAccountName joe.user -accessLevel Modify -Verbose This will apply Modify permissions for samAccountName joe.user to a network share directory called 'joe.user' and it's child items.EXAMPLE Another example of how to use this cmdlet.INPUTS Inputs to this cmdlet (if any).OUTPUTS Output from this cmdlet (if any).NOTES General notes.COMPONENT The component this cmdlet belongs to.ROLE The role this cmdlet belongs to.FUNCTIONALITY The functionality that best describes this cmdlet#> [CmdletBinding()] [OutputType([String])] Param ( # Param1 help description [Parameter(Mandatory=$true,Position=0)] [Alias("Path")] [string] $dirPath, # Param2 help description [Parameter(Mandatory=$true,Position=1)] [string] $samAccountName, # Param3 help description [Parameter(Mandatory=$true, Position=2)] [ValidateSet("Modify")] [string] $accessLevel, # Param4 help description [Parameter(Mandatory=$false)] [string] $domain = 'My_Domain' ) Begin { $domainAccount = $domain + "\" + $samAccountName $inheritanceFlags = "ContainerInherit, ObjectInherit" $propagationFlags = "None" $accessControlType = "Allow" $AccessRule = New-Object System.Security.AccessControl.FileSystemAccessRule( $domainAccount,$accessLevel,$inheritanceFlags,$propagationFlags,$accessControlType) Write-Verbose 'Print New Access Rule object' $AccessRule # Saving parent folder directory into variable $Parent = gi $dirPath | where {$_.psIsContainer -eq $true} $pFN = $Parent.FullName Write-Verbose 'Access Control List of parent folder before applying new rules' $pFN $oldacl = Get-Acl $Parent $oldacl |select accesstostring |fl } # \Begin Process { Write-Verbose "Applying $samAccountName $accessLevel permissions to parent $pFN" Add-Access -Path $Parent -Account $domainaccount -AccessRights $accesslevel Get-ChildItem -path $dirPath -Recurse | ForEach-Object { $fnDir = $_.FullName Write-Verbose "Applying $samAccountName $accessLevel permissions to child $fnDir" }# \ForEach Get-ChildItem -path $dirPath -Recurse | Get-NTFSAccessInheritance | Where-Object { -not $_.InheritanceEnabled } | Enable-NTFSAccessInheritance -PassThru } # \Process End { Write-Verbose 'New permissions have been set' get-childitem -Path $dirPath -Recurse | get-acl | out-gridview }# \End}
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
Unlimited question asking, solutions, articles and more.
ryanmaves
ASKER
My own comment is the actual solution because I already knew about icacls. My previous question (documented in this question) and also this question pertain to using PS to accomplish permissions.
My comment is the solution because I actually described a script that incorporates icacls within PS.
All of life is about relationships, and EE has made a viirtual community a real community. It lifts everyone's boat
My comment is the solution because I actually described a script that incorporates icacls within PS.