Avatar of xouvang
xouvang
 asked on

Give Folder Ownership to User

Hello All,

We have file redirection set for Desktop and Documents to \\fileshare\userprof$\user\Desktop and \\fileshare\userprof$\user\Documents
We have Sync Center to sync offline files. Everything was working until the file share got too big and instead of increasing the volume, one of the sys admin used a file copy tool and moved everything over to another volume.

This caused users to have access denied issues. He added all the correct NTFS permissions but users were still getting access denied.
Users are able to UNC to the path and add/remove files as needed.

After investigating the issue, we found out that when he moved the folders he took ownership of the folders. This was causing the access denied.
I took ownership back for a few folders and it resolved the access denied issue. There is over 500 folders.

I've tried

icacls "\\cusfs01\userprof$\user1"		/setowner "domainname\user1"

Open in new window

But it errors out and says "This security ID may not be assisnged as the owner of this object"
The manual process of taking ownership works.

What I need help with is creating a powershell script to take ownership of the \\fileshare\userprof$\user folder and set the ownership to the owner.
The user folder is the same as the user ID for the users.

I've searched and found a few powershell script such as

This Article

But the script does not work because the users home directory is different from their profile. We have a directory for profile (issue) and home directory.
The profile syncs the desktop and document.

If you guys can point me in the right direction or help out that would be great!
Powershell

Avatar of undefined
Last Comment
xouvang

8/22/2022 - Mon
Britt Thompson

ICACLS may not like the UNC path. If your file server is an actual Windows Server you should try running it using local paths on the server.

Using PowerShell you can set the proper permissions using ACLs and it shouldn't care about the UNC paths -

$NetBIOSDN = "domainname"
$Username = "user1"
$Folder = "\\cusfs01\userprof$\$Username"
$Acl = (Get-Item $Folder).GetAccessControl("Access")
if($Acl)
{
    # Create the access rule with full control for the current user and set inheritance
    $Ar = New-Object System.Security.AccessControl.FileSystemAccessRule($Username,"FullControl","ContainerInherit,ObjectInherit","None","Allow")
    # Apply the access rule to the ACL
    $Acl.SetAccessRule($Ar)
    # Establish the owner object and set the user as the owner
    $Owner = New-Object System.Security.Principal.NTAccount("$NetBIOSDN\$Username")
    $Acl.SetOwner($Owner)
    # Apply the ACL to the destination folder
    $SetAcl = Set-Acl -Path $Folder -AclObject $Acl
}

Open in new window

xouvang

ASKER
Thank you that worked when I ran it for one user but now I need help with reading the text file for all users.
Here's what I have:

$NetBIOSDN = "domain"
$Username = Get-Content "C:\User.txt"
ForEach ($user in $username)
{
$Folder = "\\cusfs01\userprof$\$Username"
$Acl = (Get-Item $Folder).GetAccessControl("Access")
if($Acl)
{
    # Create the access rule with full control for the current user and set inheritance
    $Ar = New-Object System.Security.AccessControl.FileSystemAccessRule($Username,"FullControl","ContainerInherit,ObjectInherit","None","Allow")
    # Apply the access rule to the ACL
    $Acl.SetAccessRule($Ar)
    # Establish the owner object and set the user as the owner
    $Owner = New-Object System.Security.Principal.NTAccount("$NetBIOSDN\$Username")
    $Acl.SetOwner($Owner)
    # Apply the ACL to the destination folder
    $SetAcl = Set-Acl -Path $Folder -AclObject $Acl
}}

Open in new window


It came back and listed all the users in one line instead of reading each line as a different user.

Any idea how I can make it read each line as a different user?

Thanks again!
xouvang

ASKER
Any idea how I can make it read each line as a different user?
This is the best money I have ever spent. I cannot not tell you how many times these folks have saved my bacon. I learn so much from the contributors.
rwheeler23
ASKER CERTIFIED SOLUTION
xouvang

THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
GET A PERSONALIZED SOLUTION
Ask your own question & get feedback from real experts
Find out why thousands trust the EE community with their toughest problems.
xouvang

ASKER
Found own solution