WindowsServer/WindowsAD
WindowsServer/WindowsAD
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
f3a71ea740
WindowsAD/Setfolderpermissions.ps1
itlifeskills f3a71ea740
Add files via upload
2024-10-20 14:13:24 -05:00

58 lines
2.5 KiB
PowerShell
Raw Blame History

# Get a list of folder folders
$domainUsers = "HQ\Domain Users"
$folderPath = "D:\Projects\"
$folders = (Get-ChildItem -Path $folderPath).Name
#Loop throug each folder in all the folders found in the D:\Departments folder
foreach ($folder in $folders){
if($folder -ne "Accounting and Finance"){ #Only run the script to apply the permission on the Accounting and Finance folder
$path = $folderPath + $folder #Set path for the current folder
$name = $folder.Split(" ") #Split the folder name by the space to construct the group name
$groupName= "HQ\grp" # Set the intial group name
foreach($word in $name){ #Loop through each word in the folder name
if($word -ne "and"){ #If the word is not "and"
#Add the initial group name with a "-" and the current word in the folder name and convert it to lower case
$groupName = $groupName + "-" + ($word).ToLower()
}
} #After the for loop we will have the group name. For example, HQ\grp-accounting-finance
###Disable inheritance and preserve inherited access rules
$aclList = Get-Acl -Path $path
$isProtected = $true #Protect the item from being inherited
$preserveInheritance = $true #Keep all the entries in the current ACL
$aclList.SetAccessRuleProtection($isProtected, $preserveInheritance)
Set-Acl -Path $path -AclObject $aclList
## Remove Domain Users
$aclList = Get-ACL -Path $path
$aclList.Access | Where-Object { $_.IdentityReference.Value -eq $domainUsers } |
ForEach-Object {$aclList.RemoveAccessRule($_)} | Out-Null
Set-Acl -Path $path -AclObject $aclList
# Prepare the list of the permission properties to assign to the folder
$aclList = Get-ACL -Path $path
$identity = $groupName
$fileSystemRights = "Modify"
$InheritanceFlags = "ContainerInherit, ObjectInherit" #Apply to this folder, subfolders and files
$type = "Allow"
# Create a new access rule containing the permission properties to assign to the folder
$fileSystemAccessRuleArgumentList = $identity, $fileSystemRights, $InheritanceFlags, "None", $type
$fileSystemAccessRule = New-Object -TypeName System.Security.AccessControl.FileSystemAccessRule -ArgumentList $fileSystemAccessRuleArgumentList
# Apply the new rule to the folder
$aclList.AddAccessRule($fileSystemAccessRule)
Set-Acl -Path $path -AclObject $aclList
##$aclList | Select *
}
}
Reference in New Issue View Git Blame Copy Permalink