Author Posts

January 10, 2014 at 10:41 am

I need to be able to adjust the permissions on a directory. Because the directory tree is quite extensive, I plan on only inspecting and changing the first three layers of a directory. So, a directory will be copied via Robocop (with /E /SEC /MIR switches) and groups will be added to the ACL for the first three layers.

Now, the first step is to create an array that lists the directories in question. I imagine using something along the lines of Get-Childitem -Path -Recourse -Force|where-object {$_.psIsContainer} but I need to account for the possibility that the top level directory will have no child folders or that they will only be one layer deep. I also need to go at least three layers should it goes that deep. I will not look past three layers as I imaging the program will take quite some time to run.

Once I have a list of the directories, I want the array to have two more columns- one with the IdentityReference and the other with FileSystemRights. Both of these properties come from Get-ACL |select -expand access. Once I get it populated, I will look for a certain string (those IdentityReference =Domain B) and change it to a IdentityReference for a different group in Domain B. I will not be replacing but adding. Anyway, I will then send this over to set-ACL to add these new groups.

I am not looking for the program but a good way of stepping through the directories-any ideas would be appreciated.

January 10, 2014 at 11:00 am

Get-ChildItem accepts wildcards as part of the path, so you can easily generate your list of directories like this:

function Get-SubDirectories
{
    [CmdletBinding()]
    param (
        [Parameter(Mandatory)]
        [string]
        $RootFolder,

        [uint32]
        $Depth = 1
    )

    $path = $RootFolder
    for ($i = 1; $i -le $Depth; $i++)
    {
        $path = Join-Path -Path $path -ChildPath '*'
        Get-ChildItem -Path $path -Directory
    }
}

Get-SubDirectories -RootFolder  -Depth 3 |
ForEach-Object {
    $directory = $_
    $acl = $directory | Get-Acl

    # ... etc
}

January 16, 2014 at 12:02 pm

Dave,
While it steps through the directories properly -going to a list of three sublayers, the Get-ACL portion only returned what was a very small portion of the acl. I have taken your ideas and the below may yield all the results although I need to identify the directory each entry pertains to.

function Get-SubDirectories
{
[CmdletBinding()]
param (
[Parameter(Mandatory)]
[string]
$RootFolder,

[uint32]
$Depth = 3
)

$path = $RootFolder
$total=@()
for ($i = 1; $i -le $Depth; $i++)
{
$path = Join-Path -Path $path -ChildPath '*'
$dir=Get-ChildItem -Path $path -Directory
$total+=$dir
}
Write-Output $total
}

$acl=Get-SubDirectories -RootFolder "\\NAS\Share\Agency Group Folder" -Depth 3 | Get-ACL |select -expand access

Write-Output $acl

Each output item looks like,
FileSystemRights : FullControl
AccessControlType : Allow
IdentityReference : NT AUTHORITY\SYSTEM
IsInherited : True
InheritanceFlags : ContainerInherit, ObjectInherit
PropagationFlags : None

This is what I am looking for for each directory (three layers deep). I will toy around with trying to get the directory listed with each entry. If you know readily, please advise. Thanks.