create multiple folders with security group permission powershell- similar script mentioned below . Want to know that where to mention destination path to create folders

Requirement is script has to create multiple folders in shared path and has to set the security group permission for created folders using powershell. Want to know that where to mention destination path to create folders in the below script and where to mention .csv to import the folder names .

please assist

--------------------------------------------------

$csvFile = "D:\file.csv"

$create = Import-CSV $csvFile

function DoPermissions
{
    param( $permissionGroup, $folder, $level)
    $toAdd = $permissionGroup -split ";"
    Write-Host $folder
    foreach ($item in $toAdd)
    {
        $acl = (Get-Item $folder).GetAccessControl('Access')
        $ar = New-Object System.Security.AccessControl.FileSystemAccessRule($item, $level, 'ContainerInherit,ObjectInherit','None','Allow')
        $acl.SetAccessRule($ar)
        Set-ACL -path $folder -AclObject $acl
    }
}

foreach ($folder in $create)
{
    $fullPath = $folder.folder #$path + $folder.folder
    if (!(Test-Path $fullPath)) {
    New-Item -ItemType Directory -Path $fullPath
    $fAcl = Get-Acl -Path $fullPath
    $fAcl.SetAccessRuleProtection($true, $true)
    Set-Acl -Path $fullPath -AclObject $fAcl
    }

    if ($folder.full_control) {DoPermissions $folder.full_control $fullPath "FullControl"}
    if ($folder.modify) {DoPermissions $folder.modify $fullPath "Modify"}
    if ($folder.read_execute) {DoPermissions $folder.read_execute $fullPath "ExecuteFile"}
    if ($folder.list_folder_content) {DoPermissions $folder.list_folder_content $fullPath "ListDirectory"}
    if ($folder.read) {DoPermissions $folder.read $fullPath "Read"}
    if ($folder.write) {DoPermissions $folder.write $fullPath "Write"}

}
LVL 3
SAM ITAD windows Admin Asked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Jason CrawfordTransport NinjaCommented:
This is how I would do it but I'm OCD:

begin {
  $date = Get-Date -Format 'yyyyMMddhhmm'
  Start-Transcript -Path "$env:USERPROFILE\Desktop\DoPermisssionsTranscript_$date" -Force
  function Do-Permissions {
    param( $permissionGroup, $folder, $level)
    $toAdd = $permissionGroup -split ";"
    Write-Host $folder
    foreach ($item in $toAdd) {
        $acl = (Get-Item $folder).GetAccessControl('Access')
        $ar = New-Object System.Security.AccessControl.FileSystemAccessRule($item, $level, 'ContainerInherit,ObjectInherit','None','Allow')
        $acl.SetAccessRule($ar)
        Set-ACL -path $folder -AclObject $acl
    }
  }
  
  function Create-MySharedFolders {
    foreach ($folder in (Import-Csv d:\file.csv)) {
      $fullPath = $folder.folder #$path + $folder.folder
      if (!(Test-Path $fullPath)) {
        New-Item -ItemType Directory -Path $fullPath
        $fAcl = Get-Acl -Path $fullPath
        $fAcl.SetAccessRuleProtection($true, $true)
        Set-Acl -Path $fullPath -AclObject $fAcl
      }

      if ($folder.full_control) {DoPermissions $folder.full_control $fullPath "FullControl"}
      if ($folder.modify) {DoPermissions $folder.modify $fullPath "Modify"}
      if ($folder.read_execute) {DoPermissions $folder.read_execute $fullPath "ExecuteFile"}
      if ($folder.list_folder_content) {DoPermissions $folder.list_folder_content $fullPath "ListDirectory"}
      if ($folder.read) {DoPermissions $folder.read $fullPath "Read"}
      if ($folder.write) {DoPermissions $folder.write $fullPath "Write"}      
    }
  }
}

process {
  Do-Permissions
  Create-MySharedFolders
}

end {
  Stop-Transcript
}

Open in new window

0
Chris DentPowerShell DeveloperCommented:
Watch the function names Jason, DoPermissions / Do-Permissions.

OCD... you've no idea :-D

CSV with headers: Path,Group,AccessRights,DisableInheritance

PowerShell 5 only (using and some of the enum behaviour).
using namespace System.Security.AccessControl
using namespace System.Security.Principal

function New-SharedFolder {
    [CmdletBinding()]
    param(
        [Parameter(Mandatory = $true, ValueFromPipelineByPropertyName = $true)]
        [String]$Path,

        [Parameter(Mandatory = $true, ValueFromPipelineByPropertyName = $true)]
        [String]$Group,

        [Parameter(Mandatory = $true, ValueFromPipelineByPropertyName = $true)]
        [FileSystemRights]$AccessRights,

        [Boolean]$DisableInheritance = $false
    )

    begin {
        $ErrorActionPreference = 'Stop'
    }

    process {
        if (-not (Test-Path $Path)) {
            try {
                $null = New-Item $Path -ItemType Directory -Force
                Add-AccessRule $Path -Principal $Group -AccessRights $AccessRights -DisableInheritance $DisableInheritance
            } catch {
                Write-Error -ErrorRecord $_
            }
        }
    }
}

function Add-AccessRule {
    [CmdletBinding()]
    param(
        [Parameter(Mandatory = $true)]
        [String]$Path,

        [Parameter(Mandatory = $true)]
        [NTAccount]$Principal,

        [Parameter(Mandatory = $true)]
        [FileSystemRights]$AccessRights,

        [Boolean]$DisableInheritance = $false
    )

    try {
        $ErrorActionPreference = 'Stop'

        if ($AccessRights -in 'ReadAndExecute', 'Modify') {
            $AccessRights = $AccessRights -bor 'Synchronize'
        }

        $acl = Get-Acl $Path

        if ($DisableInheritance -and -not $acl.AreAccessRulesProtected) {
            $acl.SetAccessRuleProtection($true, $true)
        }

        $accessRule = New-Object FileSystemAccessRule($Principal, $AccessRights, 'ObjectInherit,ContainerInherit', 'None', 'Allow')
        $acl.AddAccessRule($accessRule)

        Set-Acl $Path -AclObject $acl
    } catch {
        throw
    }
}

Import-Csv file.csv | New-SharedFolder

Open in new window

0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Jason CrawfordTransport NinjaCommented:
Wait the only place I deviated from the verb-noun format was in the transcript path...right?  I yield to you everytime I've seen your blog, but I'm sticking with what I got this time.
0
Acronis True Image 2019 just released!

Create a reliable backup. Make sure you always have dependable copies of your data so you can restore your entire system or individual files.

Try Now
Chris DentPowerShell DeveloperCommented:
You updated the command name DoPermissions -> Do-Permissions. Which would have been fine, but you've left calls to the function using the old name in the if statement block. 'tis easy enough to fix, but a gotcha.
0
Jason CrawfordTransport NinjaCommented:
Crap
0
arnoldCommented:
$create gets the contents of the csv file

folder is included in the csv file.

The place where you obtained this script has to include a sample of the .csv file.

Folder,full_control,modify,read_execute,list_folder,read,write
C:\somefolder,0,0,1,1,1,0
C:\another,1,0,0,0,0,0


At least I think I read the things...
0
SAM ITAD windows Admin  Author Commented:
@jason:

instead of $ent: USERPROFILE  can I mentioned the path in this format I.e '\\servername\projectfolders\newprojects'
____________________________________________________

Start-Transcript -Path "$env:USERPROFILE\Desktop\DoPermisssionsTranscript_$date" -Force
0
Jason CrawfordTransport NinjaCommented:
Yes absolutely a UNC path works just fine.  I just like using environment variables to avoid non-existent paths.
0
SAM ITAD windows Admin  Author Commented:
I need to add a security group i.e. "shr-projects_new"  for each folder created using this script. can i know where i need to add the security group with modify permissions
0
SAM ITAD windows Admin  Author Commented:
I need to add a security group i.e. "shr-projects_new"  for each folder created using this script. can i know where i need to add the security group with modify permissions
0
PberSolutions ArchitectCommented:
No comment has been added to this question in more than 21 days, so it is now classified as abandoned.

I have recommended this question be closed as follows:

Split:
-- Chris Dent (https:#a42066865)
-- Jason Crawford (https:#a42066736)


If you feel this question should be closed differently, post an objection and the moderators will review all objections and close it as they feel fit. If no one objects, this question will be closed automatically the way described above.

Pber
Experts-Exchange Cleanup Volunteer
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Scripting Languages

From novice to tech pro — start learning today.