Powershell script use to set the security permissions on a set of User folders on a network file share
$domainname = "domain"
dir \\ServerName\Users\ | ?{$_.psiscontainer} | %{
$dir = $_
$dir | Get-Acl | %{
$acl = $_
if(!$acl.areaccessrulesprotected){
$acl.setaccessruleprotection($true,$true)
Set-Acl -Path $acl.path -AclObject $acl
}
$entry =@()
$user = "$domainname\$($dir.name)"
$entry += New-Object System.Security.AccessControl.FileSystemAccessRule(
"BUILTIN\Administrators",
"FullControl",
"ContainerInherit,ObjectInherit",
"None",
"Allow"
)
$entry += New-Object System.Security.AccessControl.FileSystemAccessRule(
"$domainname\Domain Admins",
"FullControl",
"ContainerInherit,ObjectInherit",
"None",
"Allow"
)
$entry += New-Object System.Security.AccessControl.FileSystemAccessRule(
"$domainname\Backup Exec",
"FullControl",
"ContainerInherit,ObjectInherit",
"None",
"Allow"
)
$entry += New-Object System.Security.AccessControl.FileSystemAccessRule(
"NT AUTHORITY\SYSTEM",
"FullControl",
"ContainerInherit,ObjectInherit",
"None",
"Allow"
)
$entry += New-Object System.Security.AccessControl.FileSystemAccessRule(
"$domainname\$($dir.name)",
"FullControl",
"ContainerInherit,ObjectInherit",
"None",
"Allow"
)
$acl.access | %{$acl.RemoveAccessRuleSpecific($_)}
$entry | %{$acl.AddAccessRule($_)}
}
set-acl -Path $acl.path -AclObject $acl
}
No comments:
Post a Comment