From f3a71ea740e06c68d360bb6b320b3caa54938334 Mon Sep 17 00:00:00 2001 From: itlifeskills <106455363+itlifeskills@users.noreply.github.com> Date: Sun, 20 Oct 2024 14:13:24 -0500 Subject: [PATCH] Add files via upload --- Createnewdepartment.ps1 | 7 +++++ Createnewproject.ps1 | 7 +++++ Setfolderpermissions.ps1 | 58 ++++++++++++++++++++++++++++++++++++++++ 3 files changed, 72 insertions(+) create mode 100644 Createnewdepartment.ps1 create mode 100644 Createnewproject.ps1 create mode 100644 Setfolderpermissions.ps1 diff --git a/Createnewdepartment.ps1 b/Createnewdepartment.ps1 new file mode 100644 index 0000000..89f2696 --- /dev/null +++ b/Createnewdepartment.ps1 @@ -0,0 +1,7 @@ +$departments = (Import-Csv -Path "C:\Scripts\Data\Departments.csv").Department + +foreach ($department in $departments){ + + New-Item -Path "D:\Departments" -Name $department -ItemType "directory" +} + diff --git a/Createnewproject.ps1 b/Createnewproject.ps1 new file mode 100644 index 0000000..882cbe4 --- /dev/null +++ b/Createnewproject.ps1 @@ -0,0 +1,7 @@ +$projects = (Import-Csv -Path "C:\Scripts\Data\Projects.csv").Project + +foreach ($project in $projects){ + + New-Item -Path "D:\Projects" -Name $project -ItemType "directory" +} + diff --git a/Setfolderpermissions.ps1 b/Setfolderpermissions.ps1 new file mode 100644 index 0000000..7555aff --- /dev/null +++ b/Setfolderpermissions.ps1 @@ -0,0 +1,58 @@ + +# Get a list of folder folders +$domainUsers = "HQ\Domain Users" +$folderPath = "D:\Projects\" +$folders = (Get-ChildItem -Path $folderPath).Name + + +#Loop throug each folder in all the folders found in the D:\Departments folder +foreach ($folder in $folders){ + + + if($folder -ne "Accounting and Finance"){ #Only run the script to apply the permission on the Accounting and Finance folder + + + $path = $folderPath + $folder #Set path for the current folder + $name = $folder.Split(" ") #Split the folder name by the space to construct the group name + $groupName= "HQ\grp" # Set the intial group name + foreach($word in $name){ #Loop through each word in the folder name + if($word -ne "and"){ #If the word is not "and" + #Add the initial group name with a "-" and the current word in the folder name and convert it to lower case + $groupName = $groupName + "-" + ($word).ToLower() + + } + } #After the for loop we will have the group name. For example, HQ\grp-accounting-finance + + + ###Disable inheritance and preserve inherited access rules + $aclList = Get-Acl -Path $path + $isProtected = $true #Protect the item from being inherited + $preserveInheritance = $true #Keep all the entries in the current ACL + $aclList.SetAccessRuleProtection($isProtected, $preserveInheritance) + Set-Acl -Path $path -AclObject $aclList + + ## Remove Domain Users + $aclList = Get-ACL -Path $path + + $aclList.Access | Where-Object { $_.IdentityReference.Value -eq $domainUsers } | + ForEach-Object {$aclList.RemoveAccessRule($_)} | Out-Null + Set-Acl -Path $path -AclObject $aclList + + # Prepare the list of the permission properties to assign to the folder + $aclList = Get-ACL -Path $path + $identity = $groupName + $fileSystemRights = "Modify" + $InheritanceFlags = "ContainerInherit, ObjectInherit" #Apply to this folder, subfolders and files + $type = "Allow" + + # Create a new access rule containing the permission properties to assign to the folder + $fileSystemAccessRuleArgumentList = $identity, $fileSystemRights, $InheritanceFlags, "None", $type + $fileSystemAccessRule = New-Object -TypeName System.Security.AccessControl.FileSystemAccessRule -ArgumentList $fileSystemAccessRuleArgumentList + + # Apply the new rule to the folder + $aclList.AddAccessRule($fileSystemAccessRule) + Set-Acl -Path $path -AclObject $aclList + + ##$aclList | Select * + } +} \ No newline at end of file