Create Folders and Set Permissions Script

This topic contains 0 replies, has 1 voice, and was last updated by Profile photo of Forums Archives Forums Archives 5 years, 3 months ago.

  • Author
    Posts
  • #5826

    by DarkPhalanx at 2013-04-19 11:48:03

    Hello Guys,

    I've been searching a great part of the internet today to find a script that does this:

    [quote]A script that reads from a csv file that it will use to create folders with subfolders and give each (sub)folder certain permissions to a group.

    Example of the csv file
    When csv contains:
    folder,group,permission
    folder A,sales@domain,read
    folder A\subfolder2,drivers@domain,read/write

    The script will create a folder called "folder A" and provide read access to sales@domain. Similarly, drivers@domain will have read/write access to the subfolder: subfolder2 in folder A[/quote]

    I'm nearly desperate because I'm not familiar with PowerShell, I can get it to work if i have a working one though. You would really help me with this, if it's not to difficult for you to create.

    by sstranger at 2013-04-19 13:15:32

    Look at the help for the following Cmdlets

    New-Item and Set-ACL

    Example: Get-Help New-Item -full and Get-Help Set-ACL -Full

    Good luck!

    Stefan

    by DarkPhalanx at 2013-04-19 17:21:35

    Thanks, I've searched alot more and I found a script that I modified to my needs.
    This is it I'm calling this from another script where I add some parameters with a csv file:

    The only thing I can't get to work is the line : $Allpropagation = [system.security.accesscontrol.PropagationFlags]$Propagate
    I added a default for this at the top [string]$Propagate = ("NoPropagateInherit")

    Any Idea what I did wrong?

    [code2=powershell]##################################################################################
    #
    #
    # Script name: SetFolderPermission.ps1
    # Author:goude@powershell.nu
    # Homepage: http://www.powershell.nu
    #
    #
    ##################################################################################

    param ([string]$Path, [string]$Access, [string]$Permission = ("Modify"), [string]$Propagate = ("NoPropagateInherit"), [switch]$help)

    function GetHelp() {

    $HelpText = @"

    DESCRIPTION:
    NAME: SetFolderPermission.ps1
    Sets FolderPermissions for User on a Folder.
    Creates folder if not exist.

    PARAMETERS:
    -Path Folder to Create or Modify (Required)
    -User User who should have access (Required)
    -Permission Specify Permission for User, Default set to Modify (Optional)
    -help Prints the HelpFile (Optional)

    SYNTAX:
    ./SetFolderPermission.ps1 -Path C:\Folder\NewFolder -Access Domain\UserName -Permission FullControl

    Creates the folder C:\Folder\NewFolder if it doesn't exist.
    Sets Full Control for Domain\UserName

    ./SetFolderPermission.ps1 -Path C:\Folder\NewFolder -Access Domain\UserName

    Creates the folder C:\Folder\NewFolder if it doesn't exist.
    Sets Modify (Default Value) for Domain\UserName

    ./SetFolderPermission.ps1 -help

    Displays the help topic for the script

    Below Are Available Values for -Permission

    "@
    $HelpText

    [system.enum]])

    }

    function CreateFolder ([string]$Path) {

    # Check if the folder Exists

    if (Test-Path $Path) {
    Write-Host "Folder: $Path Already Exists" -ForeGroundColor Yellow
    } else {
    Write-Host "Creating $Path" -Foregroundcolor Green
    New-Item -Path $Path -type directory | Out-Null
    }
    }

    function SetAcl ([string]$Path, [string]$Access, [string]$Permission, [string]$Propagate) {

    # Get ACL on FOlder

    $GetACL = Get-Acl $Path

    # Set up AccessRule

    $Allinherit = [system.security.accesscontrol.InheritanceFlags]"ObjectInherit"
    $Allpropagation = [system.security.accesscontrol.PropagationFlags]$Propagate
    $AccessRule = New-Object system.security.AccessControl.FileSystemAccessRule($Access, $Permission, $AllInherit, $Allpropagation, "Allow")

    # Check if Access Already Exists

    if ($GetACL.Access | Where { $_.IdentityReference -eq $Access}) {

    Write-Host "Modifying Permissions For: $Access" -ForeGroundColor Yellow

    $AccessModification = New-Object system.security.AccessControl.AccessControlModification
    $AccessModification.value__ = 2
    $Modification = $False
    $GetACL.ModifyAccessRule($AccessModification, $AccessRule, [ref]$Modification) | Out-Null
    } else {

    Write-Host "Adding Permission: $Permission For: $Access"

    $GetACL.AddAccessRule($AccessRule)
    }

    Set-Acl -aclobject $GetACL -Path $Path

    Write-Host "Permission: $Permission Set For: $Access" -ForeGroundColor Green
    }

    if ($help) { GetHelp }

    if ($Path -AND $Access -AND $Permission) {
    CreateFolder $Path
    SetAcl $Path $Access $Permission
    }
    Read-Host "Press ENTER"[/code2]

    by MasterOfTheHat at 2013-04-22 06:49:48

    Your problem is that you defined the same variable name in 2 different scopes, and the variable in the child scope took precedence.

    When you defined $Propagate in the script's param line you created a $Propagate variable in the script scope. Your intention was to use that value in a function, which is usually fine because function scope is a child scope of script scope, and it would have access to all of the parent scope's variables and methods.

    BUT you also created a $Propagate variable in the SetAcl function scope when you defined it as a parameter of the SetAcl function. So at that point, the value of the SetAcl function scope's $Propagate took precedence over the script's $Propagate, and you end up using a null value for your "$Allpropagation = [system.security.accesscontrol.PropagationFlags]$Propagate" line.

    2 ways to fix it:
    [list][*]change line 106 to pass the script scope's $Propagate to the SetAcl function[/*][*]Remove the $Propagate parameter from the SetAcl function definition on line 68][/*][/list]SetAcl $Path $Access $Permission $Propagatefunction SetAcl ([string]$Path, [string]$Access, [string]$Permission) {

    by MasterOfTheHat at 2013-04-22 06:53:30

    Oh! And don't use that GetHelp function! Don will probably chide you for that... Use comment based help and let PowerShell do the work for you. Start with reading through about_Comment_Based_Help, ("help about_Comment_Based_Help" at the console).

You must be logged in to reply to this topic.