PowerShell Script to change folder permissions?

victor2008
victor2008 used Ask the Experts™
on
Does anyone know how to tweak this script so that after it creates each new user folder, it removes the permissions each folder inherited, and only adds the ones you have specified.

https://gallery.technet.microsoft.com/scriptcenter/How-to-create-home-folder-d968f1d4
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
yo_beeDirector of Information Technology

Commented:
From what I can see from this script is that the Home Folder is created with no inherited rights at all.
It creates a default of "NT AUTHORITY\SYSTEM","BUILTIN\Administrators" + the User full control.  If you want to add additional users and groups you add it to the arguments.

I am not sure what you want to remove.

Author

Commented:
Thank you. The folder where the user folders are created has some permissions that get propagated down to the new folders. I want to remove those groups, then add new groups. The adding new groups works, but don't know how to remove what's there first. I can remove inheritance with $HomeFolderACL.SetAccessRuleProtection($true,$true) but want to remove some groups that get inherited.
yo_beeDirector of Information Technology

Commented:
First off this script is creating the directory for HomeFolder location
Just to be 100% clear you are looking to reassign ACL to the home folder structure, not create folders?
OWASP: Avoiding Hacker Tricks

Learn to build secure applications from the mindset of the hacker and avoid being exploited.

Author

Commented:
The script creates a home folder for each user in the list (which it does). I want the script to create each folder like it does and give the user full control like it does, but first remove the permissions for each user folder that gets inherited from it's parent.
yo_beeDirector of Information Technology

Commented:
This script does create a folder with no inherited security and then sets the security based on the script .  I am not sure what you want to tweak.
By design that is exactly how this script works.

Author

Commented:
In my experience, when it creates the new user folder, the parent security group is inherited to the new user folder.
Director of Information Technology
Commented:
I have dissected this a bit further.
What the script is doing is gathering the parent folder ACL and storing it.
The folder of the user is created without any inheritance and then the ACL is set by using what was gathered from the parent folder and appending the User to the ACL list variable.  Once that is done it then applies this variable array to the user's folder.

Is this a brand new folder structure or an existing one?  If it is a brand new one you can add the user and/or groups that will need access to all the folders and these are the ones that will be gathered during the script run.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial