Help with creation of script to set user's home drive as read only with delete

Welcome Forums General PowerShell Q&A Help with creation of script to set user's home drive as read only with delete

Viewing 1 reply thread
  • Author
    Posts
    • #187054
      Participant
      Topics: 1
      Replies: 4
      Points: 27
      Rank: Member

      Fellow PowerShell users

      I was asked to put together a script to set a acl (access control list) on a Home drive. Created a .csv file as a source with the user to change which it retrieves from the username.csv file.

      What I need do is to set it to "read only with delete rights". Below is what I've put together so far.....

      #Script to set User's H drive to Read & delete only.
      Import-Module 'ActiveDirectory'
      import-csv H:\username.csv | foreach-object{
          $homeDrive = (Get-ADUser -Identity $_.name -Properties homedirectory).homedirectory #Query AD for the HomeDrive attribute
          $ACL = Get-Acl $homeDrive
          $ACL.setAccessRule((New-Object System.Security.AccessControl.FileSystemAccessRule($_.name, "Read", "ContainerInherit,ObjectInherit", "none", "allow")))
          $ACL.setAccessRule((New-Object System.Security.AccessControl.FileSystemAccessRule($_.name, "Delete", "ContainerInherit,ObjectInherit", "none", "allow")))
          Write-Output $homeDrive
          Write-Output $ACL
          pause
          Set-Acl $homeDrive $ACL
      }
      

      Seems like it will do one or the other but not both. Any help would be appreciated.

      RS

    • #187144
      Senior Moderator
      Topics: 8
      Replies: 1123
      Points: 3,831
      Helping Hand
      Rank: Community Hero

      you can use Read and Delete as an array @('Read','Delete')

      New-Object System.Security.AccessControl.FileSystemAccessRule($_.name, @('Read','Delete'), "ContainerInherit,ObjectInherit", "none", "allow")
      
      • #187210
        Participant
        Topics: 1
        Replies: 4
        Points: 27
        Rank: Member

        Thank you. I will test this.

        Also, how do I output all results to a txt file? Is this even possible? Still learning PS. 🙂

      • #187255
        Participant
        Topics: 6
        Replies: 108
        Points: 299
        Helping Hand
        Rank: Contributor

        If you're seeing the results you want at the console during the execution, you can just pipe the output to Out-File.

        #Script to set User's H drive to Read & delete only.
        Import-Module 'ActiveDirectory'
        import-csv H:\username.csv | foreach-object{
            $homeDrive = (Get-ADUser -Identity $_.name -Properties homedirectory).homedirectory #Query AD for the HomeDrive attribute
            $ACL = Get-Acl $homeDrive
            $ACL.setAccessRule((New-Object System.Security.AccessControl.FileSystemAccessRule($_.name, "Read", "ContainerInherit,ObjectInherit", "none", "allow")))
            $ACL.setAccessRule((New-Object System.Security.AccessControl.FileSystemAccessRule($_.name, "Delete", "ContainerInherit,ObjectInherit", "none", "allow")))
            Write-Output $homeDrive
            Write-Output $ACL
            pause
            Set-Acl $homeDrive $ACL
        } | Out-File -Path C:\outputFolder\Output.txt
        
      • #187273
        Participant
        Topics: 1
        Replies: 4
        Points: 27
        Rank: Member

        kvprasoon

        Thanks for your tip. Can i ask why the following line is with a @( ?

        @('Read','Delete')

      • #187282
        Participant
        Topics: 6
        Replies: 108
        Points: 299
        Helping Hand
        Rank: Contributor

        Makes it an array of strings.

      • #187285
        Participant
        Topics: 1
        Replies: 4
        Points: 27
        Rank: Member

        With the output command you mentioned, I get the following error.

        Out-File : A parameter cannot be found that matches parameter name 'Path'.
        At H:\Onedrive project\Hdrive_ReadDeleteonly.ps1:11 char:14
        + } | Out-File -Path H:\results.txt
        + ~~~~~
        + CategoryInfo : InvalidArgument: (:) [Out-File], ParameterBindingException
        + FullyQualifiedErrorId : NamedParameterNotFound,Microsoft.PowerShell.Commands.OutFileCommand

        Should I be using a different path command?

         

      • #187294
        Participant
        Topics: 6
        Replies: 108
        Points: 299
        Helping Hand
        Rank: Contributor
      • #187864
        Participant
        Topics: 1
        Replies: 4
        Points: 27
        Rank: Member

        I thank everyone who contributed their suggestions but now I need one more thing to set in the script.

        Apparently the script worked perfectly, but now I need to ensure that "traverse folder" access is granted so that their H drive doesn't disappear and show access denied. 🙂

        What is the line to give traversal folder access with read only and delete only?

        Any help is greatly appreciated.

Viewing 1 reply thread
  • You must be logged in to reply to this topic.