Link to home
Create AccountLog in
Avatar of xouvang
xouvang

asked on

Give Folder Ownership to User

Hello All,

We have file redirection set for Desktop and Documents to \\fileshare\userprof$\user\Desktop and \\fileshare\userprof$\user\Documents
We have Sync Center to sync offline files. Everything was working until the file share got too big and instead of increasing the volume, one of the sys admin used a file copy tool and moved everything over to another volume.

This caused users to have access denied issues. He added all the correct NTFS permissions but users were still getting access denied.
Users are able to UNC to the path and add/remove files as needed.

After investigating the issue, we found out that when he moved the folders he took ownership of the folders. This was causing the access denied.
I took ownership back for a few folders and it resolved the access denied issue. There is over 500 folders.

I've tried

icacls "\\cusfs01\userprof$\user1"		/setowner "domainname\user1"

Open in new window

But it errors out and says "This security ID may not be assisnged as the owner of this object"
The manual process of taking ownership works.

What I need help with is creating a powershell script to take ownership of the \\fileshare\userprof$\user folder and set the ownership to the owner.
The user folder is the same as the user ID for the users.

I've searched and found a few powershell script such as

This Article

But the script does not work because the users home directory is different from their profile. We have a directory for profile (issue) and home directory.
The profile syncs the desktop and document.

If you guys can point me in the right direction or help out that would be great!
Avatar of Britt Thompson
Britt Thompson
Flag of United States of America image

ICACLS may not like the UNC path. If your file server is an actual Windows Server you should try running it using local paths on the server.

Using PowerShell you can set the proper permissions using ACLs and it shouldn't care about the UNC paths -

$NetBIOSDN = "domainname"
$Username = "user1"
$Folder = "\\cusfs01\userprof$\$Username"
$Acl = (Get-Item $Folder).GetAccessControl("Access")
if($Acl)
{
    # Create the access rule with full control for the current user and set inheritance
    $Ar = New-Object System.Security.AccessControl.FileSystemAccessRule($Username,"FullControl","ContainerInherit,ObjectInherit","None","Allow")
    # Apply the access rule to the ACL
    $Acl.SetAccessRule($Ar)
    # Establish the owner object and set the user as the owner
    $Owner = New-Object System.Security.Principal.NTAccount("$NetBIOSDN\$Username")
    $Acl.SetOwner($Owner)
    # Apply the ACL to the destination folder
    $SetAcl = Set-Acl -Path $Folder -AclObject $Acl
}

Open in new window

Avatar of xouvang
xouvang

ASKER

Thank you that worked when I ran it for one user but now I need help with reading the text file for all users.
Here's what I have:

$NetBIOSDN = "domain"
$Username = Get-Content "C:\User.txt"
ForEach ($user in $username)
{
$Folder = "\\cusfs01\userprof$\$Username"
$Acl = (Get-Item $Folder).GetAccessControl("Access")
if($Acl)
{
    # Create the access rule with full control for the current user and set inheritance
    $Ar = New-Object System.Security.AccessControl.FileSystemAccessRule($Username,"FullControl","ContainerInherit,ObjectInherit","None","Allow")
    # Apply the access rule to the ACL
    $Acl.SetAccessRule($Ar)
    # Establish the owner object and set the user as the owner
    $Owner = New-Object System.Security.Principal.NTAccount("$NetBIOSDN\$Username")
    $Acl.SetOwner($Owner)
    # Apply the ACL to the destination folder
    $SetAcl = Set-Acl -Path $Folder -AclObject $Acl
}}

Open in new window


It came back and listed all the users in one line instead of reading each line as a different user.

Any idea how I can make it read each line as a different user?

Thanks again!
Avatar of xouvang

ASKER

Any idea how I can make it read each line as a different user?
ASKER CERTIFIED SOLUTION
Avatar of xouvang
xouvang

Link to home
membership
Create an account to see this answer
Signing up is free. No credit card required.
Create Account
Avatar of xouvang

ASKER

Found own solution