Author Posts

January 1, 2012 at 12:00 am

by DarkPhalanx at 2013-04-19 11:48:03

Hello Guys,

I've been searching a great part of the internet today to find a script that does this:

[quote]A script that reads from a csv file that it will use to create folders with subfolders and give each (sub)folder certain permissions to a group.

Example of the csv file
When csv contains:
folder,group,permission
folder A,sales@domain,read
folder A\subfolder2,drivers@domain,read/write

The script will create a folder called "folder A" and provide read access to sales@domain. Similarly, drivers@domain will have read/write access to the subfolder: subfolder2 in folder A[/quote]

I'm nearly desperate because I'm not familiar with PowerShell, I can get it to work if i have a working one though. You would really help me with this, if it's not to difficult for you to create.

by sstranger at 2013-04-19 13:15:32

Look at the help for the following Cmdlets

New-Item and Set-ACL

Example: Get-Help New-Item -full and Get-Help Set-ACL -Full

Good luck!

Stefan

by DarkPhalanx at 2013-04-19 17:21:35

Thanks, I've searched alot more and I found a script that I modified to my needs.
This is it I'm calling this from another script where I add some parameters with a csv file:

The only thing I can't get to work is the line : $Allpropagation = [system.security.accesscontrol.PropagationFlags]$Propagate
I added a default for this at the top [string]$Propagate = ("NoPropagateInherit")

Any Idea what I did wrong?

[code2=powershell]##################################################################################
#
#
# Script name: SetFolderPermission.ps1
# Author:goude@powershell.nu
# Homepage: http://www.powershell.nu
#
#
##################################################################################

param ([string]$Path, [string]$Access, [string]$Permission = ("Modify"), [string]$Propagate = ("NoPropagateInherit"), [switch]$help)

function GetHelp() {

$HelpText = @"

DESCRIPTION:
NAME: SetFolderPermission.ps1
Sets FolderPermissions for User on a Folder.
Creates folder if not exist.

PARAMETERS:
-Path Folder to Create or Modify (Required)
-User User who should have access (Required)
-Permission Specify Permission for User, Default set to Modify (Optional)
-help Prints the HelpFile (Optional)

SYNTAX:
./SetFolderPermission.ps1 -Path C:\Folder\NewFolder -Access Domain\UserName -Permission FullControl

Creates the folder C:\Folder\NewFolder if it doesn't exist.
Sets Full Control for Domain\UserName

./SetFolderPermission.ps1 -Path C:\Folder\NewFolder -Access Domain\UserName

Creates the folder C:\Folder\NewFolder if it doesn't exist.
Sets Modify (Default Value) for Domain\UserName

./SetFolderPermission.ps1 -help

Displays the help topic for the script

Below Are Available Values for -Permission

"@
$HelpText

[system.enum]])

}

function CreateFolder ([string]$Path) {

# Check if the folder Exists

if (Test-Path $Path) {
Write-Host "Folder: $Path Already Exists" -ForeGroundColor Yellow
} else {
Write-Host "Creating $Path" -Foregroundcolor Green
New-Item -Path $Path -type directory | Out-Null
}
}

function SetAcl ([string]$Path, [string]$Access, [string]$Permission, [string]$Propagate) {

# Get ACL on FOlder

$GetACL = Get-Acl $Path

# Set up AccessRule

$Allinherit = [system.security.accesscontrol.InheritanceFlags]"ObjectInherit"
$Allpropagation = [system.security.accesscontrol.PropagationFlags]$Propagate
$AccessRule = New-Object system.security.AccessControl.FileSystemAccessRule($Access, $Permission, $AllInherit, $Allpropagation, "Allow")

# Check if Access Already Exists

if ($GetACL.Access | Where { $_.IdentityReference -eq $Access}) {

Write-Host "Modifying Permissions For: $Access" -ForeGroundColor Yellow

$AccessModification = New-Object system.security.AccessControl.AccessControlModification
$AccessModification.value__ = 2
$Modification = $False
$GetACL.ModifyAccessRule($AccessModification, $AccessRule, [ref]$Modification) | Out-Null
} else {

Write-Host "Adding Permission: $Permission For: $Access"

$GetACL.AddAccessRule($AccessRule)
}

Set-Acl -aclobject $GetACL -Path $Path

Write-Host "Permission: $Permission Set For: $Access" -ForeGroundColor Green
}

if ($help) { GetHelp }

if ($Path -AND $Access -AND $Permission) {
CreateFolder $Path
SetAcl $Path $Access $Permission
}
Read-Host "Press ENTER"[/code2]

by MasterOfTheHat at 2013-04-22 06:49:48

Your problem is that you defined the same variable name in 2 different scopes, and the variable in the child scope took precedence.

When you defined $Propagate in the script's param line you created a $Propagate variable in the script scope. Your intention was to use that value in a function, which is usually fine because function scope is a child scope of script scope, and it would have access to all of the parent scope's variables and methods.

BUT you also created a $Propagate variable in the SetAcl function scope when you defined it as a parameter of the SetAcl function. So at that point, the value of the SetAcl function scope's $Propagate took precedence over the script's $Propagate, and you end up using a null value for your "$Allpropagation = [system.security.accesscontrol.PropagationFlags]$Propagate" line.

2 ways to fix it:
[list][*]change line 106 to pass the script scope's $Propagate to the SetAcl function[/*][*]Remove the $Propagate parameter from the SetAcl function definition on line 68][/*][/list]SetAcl $Path $Access $Permission $Propagatefunction SetAcl ([string]$Path, [string]$Access, [string]$Permission) {

by MasterOfTheHat at 2013-04-22 06:53:30

Oh! And don't use that GetHelp function! Don will probably chide you for that... Use comment based help and let PowerShell do the work for you. Start with reading through about_Comment_Based_Help, ("help about_Comment_Based_Help" at the console).