• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1024
  • Last Modified:

Powershell script to create folder from csv and applicate ntfs permission

hello,

i need to create a new folder and permission from a csv file.

the csv file contain the name of folder and a group or user to applicate permisison on it.

all folder will be created on a shared folder that i can access with this link:  \\shared\test

the csv file is in this form:
folder,full_control,modify,read_execute,List_folder_content,read,write
folder1,group1;group2;user1,group4;group5,group6,group7;group8,group9,group10
folder2,group1;group2;user1,group4;group5,group6,group7;group8,group9,group10
.......

Open in new window

where folder1 and folder2 is a folder to create on \\shared\test

for exemple for folder1 create it and applicate full control right for active directory group named group1 and group 2 and user user1....
for folder 1 applicate ntfs permisison with modify right for group4 and group 5...

i hope i am clear and thanks for help
0
cawasaki
Asked:
cawasaki
  • 4
  • 3
1 Solution
 
Dustin SaundersDirector of OperationsCommented:
This code should do the trick.

Edit $path to the root path of your share, and $csvFile to the path of your create CSV.

$path = "\\localhost\Share\"
$csvFile = "C:\Users\Administrator\Desktop\create.csv"

$create = Import-CSV $csvFile

function DoPermissions
{
    param( $permissionGroup, $folder, $level)
    $toAdd = $permissionGroup -split ";"
    Write-Host $folder
    foreach ($item in $toAdd)
    {
        $acl = (Get-Item $folder).GetAccessControl('Access')
        $ar = New-Object System.Security.AccessControl.FileSystemAccessRule($item, $level, 'ContainerInherit,ObjectInherit','None','Allow')
        $acl.SetAccessRule($ar)
        Set-ACL -path $folder -AclObject $acl
    }
}

foreach ($folder in $create)
{
    $fullPath = $path + $folder.folder
    if (!(Test-Path $fullPath)) {New-Item -ItemType Directory -Path $fullPath}

    if ($folder.full_control) {DoPermissions $folder.full_control $fullPath "FullControl"}
    if ($folder.modify) {DoPermissions $folder.modify $fullPath "Modify"}
    if ($folder.read_execute) {DoPermissions $folder.read_execute $fullPath "ExecuteFile"}
    if ($folder.list_folder_content) {DoPermissions $folder.list_folder_content $fullPath "ListDirectory"}
    if ($folder.read) {DoPermissions $folder.read $fullPath "ReadData"}
    if ($folder.write) {DoPermissions $folder.write $fullPath "Write"}

}

Open in new window


This code can be easily edited by adding more columns to your CSV.  Just add a line like this:

 if ($folder.COLUMNNAME) {DoPermissions $folder.COLUMNNAME $fullPath "PERMISSIONLEVEL"}

Open in new window

And change COLUMNNAME to the new CSV column and PERMISSIONLEVEL to one of these.
0
 
Dustin SaundersDirector of OperationsCommented:
(i made an edit, please be sure to refresh the page)
0
 
cawasakiAuthor Commented:
hello

i will test now

hello,

are with this script when i will copie sub folder and files, it will inherit permisison from parent folder?

thank you
0
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

 
cawasakiAuthor Commented:
the script work and this is my question:

1-are with this script when i will copie sub folder and files, it will inherit permisison from parent folder?

2-it is possible to change one think: i prefer the script get the path from csv file, because i have many folder and subfolder to create:

folder,full_control,modify,read_execute,List_folder_content,read,write
\\localhost\Share\folder1,group1;group2...........................
\\localhost\Share\folder1\test,group1;group2...........................
\\localhost\Share\folder2,group1;group2...........................
\\localhost\Share\folder2\test,group1;group2...........................

only last folder will be created and permisison applicated on it.

i will create a csv file by folder level.

thanks for help
0
 
Dustin SaundersDirector of OperationsCommented:
1. By default it will pass permissions on to subfolders created.
2. I changed the script to use the full path from the csv only.

#$path = "\\localhost\Share\"
$csvFile = "C:\Users\Administrator\Desktop\create.csv"

$create = Import-CSV $csvFile

function DoPermissions
{
    param( $permissionGroup, $folder, $level)
    $toAdd = $permissionGroup -split ";"
    Write-Host $folder
    foreach ($item in $toAdd)
    {
        $acl = (Get-Item $folder).GetAccessControl('Access')
        $ar = New-Object System.Security.AccessControl.FileSystemAccessRule($item, $level, 'ContainerInherit,ObjectInherit','None','Allow')
        $acl.SetAccessRule($ar)
        Set-ACL -path $folder -AclObject $acl
    }
}

foreach ($folder in $create)
{
    $fullPath = $folder.folder #$path + $folder.folder
    if (!(Test-Path $fullPath)) {New-Item -ItemType Directory -Path $fullPath}

    if ($folder.full_control) {DoPermissions $folder.full_control $fullPath "FullControl"}
    if ($folder.modify) {DoPermissions $folder.modify $fullPath "Modify"}
    if ($folder.read_execute) {DoPermissions $folder.read_execute $fullPath "ExecuteFile"}
    if ($folder.list_folder_content) {DoPermissions $folder.list_folder_content $fullPath "ListDirectory"}
    if ($folder.read) {DoPermissions $folder.read $fullPath "ReadData"}
    if ($folder.write) {DoPermissions $folder.write $fullPath "Write"}

}

Open in new window

0
 
cawasakiAuthor Commented:
Sorry i am out of office bow i will accept the solution and if i have a problem i will open a new question
Thanks
0
 
cawasakiAuthor Commented:
hello,

i have open new question here:

https://www.experts-exchange.com/questions/28965308/modify-powershell-script-to-not-inherit-ntfs-permission-from-parent.html

i need now that the new folder created from the script do not inherit from parent folder permisison

thanks for help
0

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

  • 4
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now