File server permissions

Tagged: 

This topic contains 5 replies, has 2 voices, and was last updated by Profile photo of Harish M Harish M 1 year, 7 months ago.

  • Author
    Posts
  • #26182
    Profile photo of Harish M
    Harish M
    Participant

    I'm very new to PowerShell, I need a help to fix my business solution.
    I have file server in my network it has a shared folder(D:\Users – \\fileserver\Users) this folder has users folders with user account names. I need to assign only modify permissions to users on their respective folders.

  • #26186
    Profile photo of Harish M
    Harish M
    Participant
    $usersfolders = "C:\Users\hmunagapati\Desktop\Users"
    $foldername = Get-ChildItem -Name -Path $usersfolders
    Add-NTFSAccess -Account indigo\$foldername -AccessRights Modify -Path $usersfolders\$foldername

    Error –
    Add-NTFSAccess : Cannot bind parameter 'Account'. Cannot convert value "mydomain\usr1 usr2 usr3" to type
    "Security2.IdentityReference2". Error: "Some or all identity references could not be translated."
    At C:\Users\harish\Desktop\Permissions.ps1:3 char:25
    + Add-NTFSAccess -Account indigo\$foldername -AccessRights Modify -Path $usersfold ...
    + ~~~~~~~~~~~~~~~~~~
    + CategoryInfo : InvalidArgument: (:) [Add-NTFSAccess], ParameterBindingException
    + FullyQualifiedErrorId : CannotConver

    Here I'm unable to pass the values from "Get-ChildItem -Name -Path $usersfolders", help me how to pass one by one value from this.

  • #26194
    Profile photo of Rob Simmers
    Rob Simmers
    Participant

    Get-ChildItem is going to return a collection of folders as a PSObject, which contains multiple properties for each folder. You need to loop through each returned folder and use the Name and FullName properties to build the command for Add-NTFSAccess:

    $usersfolders = "C:\Users\hmunagapati\Desktop\Users"
    $folders = Get-ChildItem -Name -Path $usersfolders
    foreach ($folder in $folders) {
        Add-NTFSAccess -Account indigo\$folder.Name -AccessRights Modify -Path $folder.FullName
    }
    

    Keep in mind that the command is attempting to resolve the user in Active Directory, so if the user doesn't exist, you will still receive an error. This can be handled using a Try\Catch if required.

  • #26208
    Profile photo of Harish M
    Harish M
    Participant

    Thank you for your help Rob,

    I'm getting the below error.

    Add-NTFSAccess : Cannot bind parameter 'Account'. Cannot convert value "indigo\usr1.Name" to type
    "Security2.IdentityReference2". Error: "Some or all identity references could not be translated."
    At C:\Users\hmunagapati\Desktop\Permissions.ps1:11 char:29
    + Add-NTFSAccess -Account indigo\$folder.Name -AccessRights Modify -Path $user ...
    + ~~~~~~~~~~~~~~~~~~~
    + CategoryInfo : InvalidArgument: (:) [Add-NTFSAccess], ParameterBindingException
    + FullyQualifiedErrorId : CannotConvertArgumentNoMessage,NTFSSecurity.AddAccess

    Here I'm not able to use Name and FullName properties. so,made some changes to code it worked.

    $usersfolders = "C:\Users\hmunagapati\Desktop\Users"
    $folders = Get-ChildItem -Path $usersfolders
    foreach ($folder in $folders) {
        Add-NTFSAccess -Account indigo\$folder -AccessRights Modify -Path $usersfolders\$folder
    }

    I'm using powershell 3.0 will it make any difference.

  • #26209
    Profile photo of Rob Simmers
    Rob Simmers
    Participant

    I didn't catch the -Name parameter in the Get-ChildItem command, which only returns the name of the file. This is more what I was thinking:

    $folders = Get-ChildItem -Path "C:\Test" -Directory
    foreach ($folder in $folders) {
        "Setting permissions on {0} for user {1}" -f  ("indigo\{0}" -f $folder.Name), $folder.FullName    
        #Add-NTFSAccess -Account ("indigo\{0}" -f $folder.Name) -AccessRights Modify -Path $folder.FullName
    }
    

    Output:

    Setting permissions on indigo\User1 for user C:\Test\User1
    Setting permissions on indigo\User2 for user C:\Test\User2
    

    If your issue is resolved, please mark the post as resolved. Thanks.

  • #26230
    Profile photo of Harish M
    Harish M
    Participant

    This is cool Rob, I'm looking to improve this code to write out put to a "html" and to execute only it its a directory"if ($folder.Attributes -eq "Directory")".

    Changed the status to resolved, I'll come back If I need any help.

You must be logged in to reply to this topic.