Automatically creating folders per user and assigning correct permissions

Welcome Forums General PowerShell Q&A Automatically creating folders per user and assigning correct permissions

This topic contains 1 reply, has 2 voices, and was last updated by

 
Keymaster
1 month ago.

  • Author
    Posts
  • #130857

    Participant
    Points: 13
    Rank: Member

    Hi, I have this script I'm currently working on that creates a folder for each user with their own name on a share.

    So the situation is: E:/Scans/user/
    This should be like their own "homefolder" and should be created upon login. If it's already created, nothing should happen.

    Now I have a script that creates this folder with permissions, however I can not get the permissions to go right.

    
    ### RIVA-IT B.V.
    ### TBN Scan Map Creation Script
    
    $homedir="\\WIN-HNF1R0TNHGH\E\Scans\$($ENV:USERNAME)"
    
    if (-not (Test-Path "$homedir"))
    {
    $acl = Get-Acl (New-Item -Path $homedir -ItemType Directory)
    
    $acl.SetAccessRuleProtection($false, $true)
    
    $ace = "$($env:USERDOMAIN)\$($ENV:USERNAME)","FullControl", "ContainerInherit,ObjectInherit","None","Allow"
    $objACE = New-Object System.Security.AccessControl.FileSystemAccessRule($ace)
    $acl.AddAccessRule($objACE)
    Set-ACL -Path "$homedir" -AclObject $acl
    }
    net use x: \\WIN-HNF1R0TNHGH\E\Scans\$($env:username)

    is my current code.

    I put the permissions as follow on the folders:

    E:/ permissions:
    Sharing: http://prntscr.com/lwuv7a
    Security: http://prntscr.com/lwuvjt

    /folder/ permissions:
    Sharing: not shared
    Security: http://prntscr.com/lwuwj0

    then, user logs in, runs the script, and this is the permissions on their folder:

    /name/ permissions;
    Sharing: not shared
    Security: http://prntscr.com/lwuxf6

    I don't understand Powershell at all, and really can't get it to work. Could anyone please assist with this?

    When I have all the permissions correct, the users are still able to look through each folder.

    Kind Regards,

    Sven

  • #131093

    Keymaster
    Points: 1,785
    Helping HandTeam Member
    Rank: Community Hero

    There's a feature of Windows called Access-Based Enumeration, or ABE, you need to look into. Not having permission to a file does not ordinarily stop you from seeing that the file exists, which is what ABE turns on.

You must be logged in to reply to this topic.