sql-server-cluster-vagrant/provision-failover-cluster-storage-share.ps1 at main · rgl/sql-server-cluster-vagrant · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
param(
    [string]$clusterName
)

$shareName = "fc-storage-${clusterName}"
$sharePath = "C:\$shareName"
# TODO limit this to the windows failover cluster computer account (e.g.
#      SQLC$). that is, do not let every computer create a folder in
#      this directory.
$accounts = @(
    "Domain Computers"
)

# create the failover cluster storage smb share directory.
New-Item -Path $sharePath -ItemType Directory | Out-Null
$acl = Get-Acl $sharePath
$acl.SetAccessRuleProtection($true, $false)
$acl.Access | ForEach-Object { $acl.RemoveAccessRule($_) }
@(
    "SYSTEM",
    "Administrators"
) | ForEach-Object {
    $acl.AddAccessRule((
        New-Object System.Security.AccessControl.FileSystemAccessRule(
            $_,
            "FullControl",
            "ContainerInherit,ObjectInherit",
            "None",
            "Allow"
        )))
}
$acl.AddAccessRule((
    New-Object System.Security.AccessControl.FileSystemAccessRule(
        "CREATOR OWNER",
        "FullControl",
        "ContainerInherit,ObjectInherit",
        "InheritOnly",
        "Allow"
    )))
$accounts | ForEach-Object {
    $acl.AddAccessRule((
        New-Object System.Security.AccessControl.FileSystemAccessRule(
            $_,
            "CreateDirectories",
            "None",
            "None",
            "Allow"
        )))
}
Set-Acl -Path $sharePath -AclObject $acl

# create the failover cluster storage smb share.
New-SmbShare -Name $shareName -Path $sharePath -FullAccess $accounts