We help IT Professionals succeed at work.

modify powershell script i use to create folder and apply acl for user or group

319 Views
Last Modified: 2018-02-02
hello,

i have this script to create folder and appky security acl for some active directory group.

i need to modify th script to apply this right for group or user listed on List_folder_content like this csv file:

folder,full_control,modify,read_execute,List_folder_content,read,write
\\server\folder1\folder2,DEF_Controle_Total;DEF_Service_Desk,DEF_Modification,,Domain Users,DEF_Lecture,
so for domain users, script must applicate this right:

acl
need to be applied to this folder only like picture.

this is my script and thanks for help

$csvFile = "D:\file.csv"

$create = Import-CSV $csvFile

function DoPermissions
{
    param( $permissionGroup, $folder, $level)
    $toAdd = $permissionGroup -split ";"
    Write-Host $folder
    foreach ($item in $toAdd)
    {
        $acl = (Get-Item $folder).GetAccessControl('Access')
        $ar = New-Object System.Security.AccessControl.FileSystemAccessRule($item, $level, 'ContainerInherit,ObjectInherit','None','Allow')
        $acl.SetAccessRule($ar)
        Set-ACL -path $folder -AclObject $acl
    }
}

foreach ($folder in $create)
{
    $fullPath = $folder.folder #$path + $folder.folder
    if (!(Test-Path $fullPath)) {
    New-Item -ItemType Directory -Path $fullPath
    $fAcl = Get-Acl -Path $fullPath
    $fAcl.SetAccessRuleProtection($true, $true)
    Set-Acl -Path $fullPath -AclObject $fAcl
    }

    if ($folder.full_control) {DoPermissions $folder.full_control $fullPath "FullControl"}
    if ($folder.modify) {DoPermissions $folder.modify $fullPath "Modify"}
    if ($folder.read_execute) {DoPermissions $folder.read_execute $fullPath "ExecuteFile"}
    if ($folder.list_folder_content) {DoPermissions $folder.list_folder_content $fullPath "ListDirectory"}
    if ($folder.read) {DoPermissions $folder.read $fullPath "Read"}
    if ($folder.write) {DoPermissions $folder.write $fullPath "Write"}

}

Open in new window

Comment
Watch Question

"Batchelor", Developer and EE Topic Advisor
CERTIFIED EXPERT
Top Expert 2015
Commented:
This problem has been solved!
(Unlock this solution with a 7-day Free Trial)
UNLOCK SOLUTION

Author

Commented:
hello Qlemo,

first thanks for help

the Inheritence is ok thank you.

but i can not gest the good right to obtain like the picture: https://filedb.experts-exchange.com/incoming/2017/03_w11/1151330/acl.png
Qlemo"Batchelor", Developer and EE Topic Advisor
CERTIFIED EXPERT
Top Expert 2015

Commented:
The picture shows exactly the same as your first one - what's wrong with that exactly?

Author

Commented:
i dont now how i can obrain all this right,

i have test, to obtain right like picture, it need this right:
read
ExecuteFile
how i can applicate the 2 right to line 33?

line 33:

    if ($folder.list_folder_content) {DoPermissions $folder.list_folder_content $fullPath "read" -NoInheritance

Open in new window

Qlemo"Batchelor", Developer and EE Topic Advisor
CERTIFIED EXPERT
Top Expert 2015

Commented:
IIRC "ExecuteFile" is sufficient, as that implies to read the file. Otherwise, I think you can use a single string with combined privileges like "Read, ExecuteFile", but I'm not certain.

Author

Commented:
i need absolutly the 2 right or a solution to add them may be by use 2 line of code:

if ($folder.list_folder_content) {DoPermissions $folder.list_folder_content $fullPath "read" -NoInheritance
if ($folder.list_folder_content) {DoPermissions $folder.list_folder_content $fullPath "Executefile" -NoInheritance

when use this i think second command erase the first permission.
Qlemo"Batchelor", Developer and EE Topic Advisor
CERTIFIED EXPERT
Top Expert 2015
Commented:
This problem has been solved!
(Unlock this solution with a 7-day Free Trial)
UNLOCK SOLUTION

Author

Commented:
yes its work
thank you Qlemo you are the best :)

Author

Commented:
thanks

Gain unlimited access to on-demand training courses with an Experts Exchange subscription.

Get Access
Why Experts Exchange?

Experts Exchange always has the answer, or at the least points me in the correct direction! It is like having another employee that is extremely experienced.

Jim Murphy
Programmer at Smart IT Solutions

When asked, what has been your best career decision?

Deciding to stick with EE.

Mohamed Asif
Technical Department Head

Being involved with EE helped me to grow personally and professionally.

Carl Webster
CTP, Sr Infrastructure Consultant
Empower Your Career
Did You Know?

We've partnered with two important charities to provide clean water and computer science education to those who need it most. READ MORE

Ask ANY Question

Connect with Certified Experts to gain insight and support on specific technology challenges including:

  • Troubleshooting
  • Research
  • Professional Opinions