We have file redirection set for Desktop and Documents to \\fileshare\userprof$\user\Desktop and \\fileshare\userprof$\user\Documents
We have Sync Center to sync offline files. Everything was working until the file share got too big and instead of increasing the volume, one of the sys admin used a file copy tool and moved everything over to another volume.
This caused users to have access denied issues. He added all the correct NTFS permissions but users were still getting access denied.
Users are able to UNC to the path and add/remove files as needed.
After investigating the issue, we found out that when he moved the folders he took ownership of the folders. This was causing the access denied.
I took ownership back for a few folders and it resolved the access denied issue. There is over 500 folders.
But it errors out and says "This security ID may not be assisnged as the owner of this object"
The manual process of taking ownership works.
What I need help with is creating a powershell script to take ownership of the \\fileshare\userprof$\user folder and set the ownership to the owner.
The user folder is the same as the user ID for the users.
I've searched and found a few powershell script such as
But the script does not work because the users home directory is different from their profile. We have a directory for profile (issue) and home directory.
The profile syncs the desktop and document.
If you guys can point me in the right direction or help out that would be great!
Powershell
Last Comment
xouvang
8/22/2022 - Mon
Britt Thompson
ICACLS may not like the UNC path. If your file server is an actual Windows Server you should try running it using local paths on the server.
Using PowerShell you can set the proper permissions using ACLs and it shouldn't care about the UNC paths -
$NetBIOSDN = "domainname"$Username = "user1"$Folder = "\\cusfs01\userprof$\$Username"$Acl = (Get-Item $Folder).GetAccessControl("Access")if($Acl){ # Create the access rule with full control for the current user and set inheritance $Ar = New-Object System.Security.AccessControl.FileSystemAccessRule($Username,"FullControl","ContainerInherit,ObjectInherit","None","Allow") # Apply the access rule to the ACL $Acl.SetAccessRule($Ar) # Establish the owner object and set the user as the owner $Owner = New-Object System.Security.Principal.NTAccount("$NetBIOSDN\$Username") $Acl.SetOwner($Owner) # Apply the ACL to the destination folder $SetAcl = Set-Acl -Path $Folder -AclObject $Acl}
Thank you that worked when I ran it for one user but now I need help with reading the text file for all users.
Here's what I have:
$NetBIOSDN = "domain"$Username = Get-Content "C:\User.txt"ForEach ($user in $username){$Folder = "\\cusfs01\userprof$\$Username"$Acl = (Get-Item $Folder).GetAccessControl("Access")if($Acl){ # Create the access rule with full control for the current user and set inheritance $Ar = New-Object System.Security.AccessControl.FileSystemAccessRule($Username,"FullControl","ContainerInherit,ObjectInherit","None","Allow") # Apply the access rule to the ACL $Acl.SetAccessRule($Ar) # Establish the owner object and set the user as the owner $Owner = New-Object System.Security.Principal.NTAccount("$NetBIOSDN\$Username") $Acl.SetOwner($Owner) # Apply the ACL to the destination folder $SetAcl = Set-Acl -Path $Folder -AclObject $Acl}}
Using PowerShell you can set the proper permissions using ACLs and it shouldn't care about the UNC paths -
Open in new window