Link to home
Start Free TrialLog in
Avatar of cawasaki
cawasaki

asked on

modify powershell script i use to create folder and apply acl for user or group

hello,

i have this script to create folder and appky security acl for some active directory group.

i need to modify th script to apply this right for group or user listed on List_folder_content like this csv file:

folder,full_control,modify,read_execute,List_folder_content,read,write
\\server\folder1\folder2,DEF_Controle_Total;DEF_Service_Desk,DEF_Modification,,Domain Users,DEF_Lecture,
so for domain users, script must applicate this right:

User generated image
need to be applied to this folder only like picture.

this is my script and thanks for help

$csvFile = "D:\file.csv"

$create = Import-CSV $csvFile

function DoPermissions
{
    param( $permissionGroup, $folder, $level)
    $toAdd = $permissionGroup -split ";"
    Write-Host $folder
    foreach ($item in $toAdd)
    {
        $acl = (Get-Item $folder).GetAccessControl('Access')
        $ar = New-Object System.Security.AccessControl.FileSystemAccessRule($item, $level, 'ContainerInherit,ObjectInherit','None','Allow')
        $acl.SetAccessRule($ar)
        Set-ACL -path $folder -AclObject $acl
    }
}

foreach ($folder in $create)
{
    $fullPath = $folder.folder #$path + $folder.folder
    if (!(Test-Path $fullPath)) {
    New-Item -ItemType Directory -Path $fullPath
    $fAcl = Get-Acl -Path $fullPath
    $fAcl.SetAccessRuleProtection($true, $true)
    Set-Acl -Path $fullPath -AclObject $fAcl
    }

    if ($folder.full_control) {DoPermissions $folder.full_control $fullPath "FullControl"}
    if ($folder.modify) {DoPermissions $folder.modify $fullPath "Modify"}
    if ($folder.read_execute) {DoPermissions $folder.read_execute $fullPath "ExecuteFile"}
    if ($folder.list_folder_content) {DoPermissions $folder.list_folder_content $fullPath "ListDirectory"}
    if ($folder.read) {DoPermissions $folder.read $fullPath "Read"}
    if ($folder.write) {DoPermissions $folder.write $fullPath "Write"}

}

Open in new window

ASKER CERTIFIED SOLUTION
Avatar of Qlemo
Qlemo
Flag of Germany image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of cawasaki
cawasaki

ASKER

hello Qlemo,

first thanks for help

the Inheritence is ok thank you.

but i can not gest the good right to obtain like the picture: https://filedb.experts-exchange.com/incoming/2017/03_w11/1151330/acl.png
The picture shows exactly the same as your first one - what's wrong with that exactly?
i dont now how i can obrain all this right,

i have test, to obtain right like picture, it need this right:
read
ExecuteFile
how i can applicate the 2 right to line 33?

line 33:

    if ($folder.list_folder_content) {DoPermissions $folder.list_folder_content $fullPath "read" -NoInheritance

Open in new window

IIRC "ExecuteFile" is sufficient, as that implies to read the file. Otherwise, I think you can use a single string with combined privileges like "Read, ExecuteFile", but I'm not certain.
i need absolutly the 2 right or a solution to add them may be by use 2 line of code:

if ($folder.list_folder_content) {DoPermissions $folder.list_folder_content $fullPath "read" -NoInheritance
if ($folder.list_folder_content) {DoPermissions $folder.list_folder_content $fullPath "Executefile" -NoInheritance

when use this i think second command erase the first permission.
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
yes its work
thank you Qlemo you are the best :)
thanks