creative555
asked on
Can someone please explain what exactly this script does line by line. Thank you.
Hello,
I found this script that will check the checkbox “Include inheritable permission from this object’s parent” for the folders.
Could you please let me know if this is a good script that we can use for production. Also, it takes very very long time to run on just one share - more than 12 hours. Is it possible to make it faster or, for example, maybe if we already know folders that need to have that checkbox checked, how do we just specify those folders so that script doesn't have to go through everything and find that option. I do have the list of folders that need to be fixed.
thank you very much!
Script is below:
I found this script that will check the checkbox “Include inheritable permission from this object’s parent” for the folders.
Could you please let me know if this is a good script that we can use for production. Also, it takes very very long time to run on just one share - more than 12 hours. Is it possible to make it faster or, for example, maybe if we already know folders that need to have that checkbox checked, how do we just specify those folders so that script doesn't have to go through everything and find that option. I do have the list of folders that need to be fixed.
thank you very much!
Script is below:
$Path = "\\servername\share01\Public\Finance"
# Get-Acl \\servername\TestShare3 | Set-Acl -path $Path
# Setup new access rule to add to folder ACL
# documentation: http://msdn.microsoft.com/en-us/library/System.Security.AccessControl(v=vs.110).aspx
$account = "amer-ad\svc-admt"
$rights = [System.Security.AccessControl.FileSystemRights]::FullControl
$inheritance = [System.Security.AccessControl.InheritanceFlags]"ContainerInherit,ObjectInherit"
$propagation = [System.Security.AccessControl.PropagationFlags]::None
$allowdeny = [System.Security.AccessControl.AccessControlType]::Allow
$dirACE = New-Object System.Security.AccessControl.FileSystemAccessRule( $account,$rights,$inheritance,$propagation,$allowdeny )
# Get the directories current permissions and add the access rule
$dirACL = Get-Acl $Path
# Add the new AccessRule to the Directory ACL, suppressing errors and trying again until success
$Try = 0
do {
$Try++
"Try: $Try"
$ACLCheck = $True
Start-Sleep -Milliseconds 500
Try { $dirACL.AddAccessRule($dirACE) }
Catch [System.Exception] { $ACLCheck = $False }
} while( $ACLCheck -eq $False )
# Set (commit changes) the ACL on the folder
Set-Acl $Path -AclObject $dirACL
"Path: $Path"
#Search recursivly through location defined;
Get-ChildItem -Recurse -Force $Path | foreach {
$TempPath = $_.FullName
"Path: $TempPath"
#Get ACL for TempPath
$acl = Get-Acl $TempPath
$acl
$acl.SetAccessRuleProtection($false, $true)
#Get SID of explicit ACL
$acl.Access | where {
$_.IsInherited -eq $false } | foreach {
#Foreach SID purge the SID from the ACL
$acl.PurgeAccessRules($_.IdentityReference)
#Reapply ACL to file or folder without SID
}
Set-Acl -AclObject $acl -path $TempPath
}ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thank you very much!
ASKER
I still have this script running more than 24 hours. Could you please help me to modify it so that I can specify the shares including files there that need that checkbox "Include inheritable permission from this object’s parent" checked.
The $path below specifies the parent from where permissions are pushed to all child directories beneath, which is not really needed. Lets say I just need two directories to fix that I know under finance - subdirectory 1 and subdirectory 2. how would I add those specific subdirectories for the script instead of using re-curse to search all the files....This script is not working for us since it takes forever and we already know directories that need to be fixed.
$Path = "\\servername\share01\Publ
Thank you very much!