-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathPersonalFolderPermissions.ps1
More file actions
80 lines (71 loc) · 2.93 KB
/
PersonalFolderPermissions.ps1
File metadata and controls
80 lines (71 loc) · 2.93 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
# PersonalFolderPermissions.ps1
# ---------------------------------------------
# This script grants a specified user full control permissions to their personal folder
# on a file server. If the folder does not exist, it will be created.
#
# Usage:
# - Run the script in PowerShell.
# - Enter the AD logon name (username) when prompted (e.g., "admin" or "jon").
# - The script will create the folder if needed and set NTFS permissions for the user.
# - The script displays the updated ACLs for verification.
#
# Note: You must have permission to modify folders and ACLs on the target file server.
# ---------------------------------------------
# Define the file server's base directory
$baseDir = "\\myfileserver\Personal"
# Prompt for the username
Write-Host "This script will grant the user full control permissions to their user folder" -ForegroundColor Green
Write-Host "Base Directory to Create User Folder in: $baseDir" -ForegroundColor Cyan
$username = Read-Host "Enter the AD logon name such as `"admin`" or `"jon`""
# Construct the user's folder path
$userFolder = Join-Path -Path $baseDir -ChildPath $username
Write-Host "User Folder: $userFolder"
pause
# Check if the folder exists
if (!(Test-Path -Path $userFolder)) {
Write-Host "Folder does not exist. Creating folder..." -ForegroundColor Yellow
New-Item -ItemType Directory -Path $userFolder | Out-Null
Write-Host "Folder created: $userFolder" -ForegroundColor Green
}
else {
Write-Host "Folder already exists: $userFolder" -ForegroundColor Cyan
}
# Assign full control permissions to the user
try {
Write-Host "Domain and Username: $env:USERDOMAIN\$username" -ForegroundColor Cyan
$acl = Get-Acl -Path $userFolder
$accessRule = New-Object System.Security.AccessControl.FileSystemAccessRule(
"$env:USERDOMAIN\$username",
"FullControl",
"ContainerInherit,ObjectInherit",
"None",
"Allow"
)
$acl.SetAccessRule($accessRule)
Set-Acl -Path $userFolder -AclObject $acl
Write-Host "Full control permissions granted to $username on $userFolder" -ForegroundColor Green
}
catch {
Write-Host "Error assigning permissions: $_" -ForegroundColor Red
exit
}
# Wait for a few seconds to allow the system to update ACLs
Write-Host "Waiting 5 seconds..." -ForegroundColor Cyan
Start-Sleep -Seconds 5
# Retrieve and display the ACLs to verify
try {
$updatedAcl = Get-Acl -Path $userFolder
Write-Host "Updated ACLs for $userFolder :" -ForegroundColor Cyan
$updatedAcl.Access | ForEach-Object {
Write-Host "Identity: $($_.IdentityReference)"
Write-Host "Access Control Type: $($_.AccessControlType)"
Write-Host "Permissions: $($_.FileSystemRights)"
Write-Host "Inheritance: $($_.InheritanceFlags)"
Write-Host "Propagation: $($_.PropagationFlags)"
Write-Host "--------------------------------------------"
}
}
catch {
Write-Host "Error retrieving ACLs: $_" -ForegroundColor Red
}
pause