Setting folder permissions with CSV?

This topic contains 5 replies, has 4 voices, and was last updated by Profile photo of Rob Simmers Rob Simmers 3 weeks, 5 days ago.

Viewing 6 posts - 1 through 6 (of 6 total)
  • Author
    Posts
  • #52455
    Profile photo of Daniel Turnbull
    Daniel Turnbull
    Participant

    Hi,

    I am trying to set modify permissions for a user and their manager with powershell.

    I have a list of folders all named with the users name. I can't pull anything from AD as the server with the folders doesn't have any AD features setup.

    Using a modified script on an AD server I managed to pull a list of users and their managers into a CSV file.

    However I'm struggling to find something to set permissions on the folders pulled from the CSV.

    The folders haven't been used much due to some broken permissions so I am happy if easier to just create a new set of folders based on the username in the CSV then add that user and the manager with modify access.

    I am guessing this option should be the simplest in terms of script to pull the info and create?

    #52466
    Profile photo of Rob Simmers
    Rob Simmers
    Participant

    Your Google Fu is weak. There are multiple ways to do what you are asking. With a search of "PowerShell Set Folder Permissions" I even found a reference setting permission using a CSV:

    https://social.technet.microsoft.com/Forums/scriptcenter/en-US/e012a452-af2e-4725-bca5-e0f22d3d5c4a/set-permissions-on-folder-structure-with-csv-and-powershell?forum=ITCG

    There are a lot of factors when playing with permissions such as are you replacing or modify existing permissions? Are you replacing subfolder\file permission with inheritance? The short answer is you should use Set-ACL to set permissions. There are hundreds of examples of setting permissions with Set-ACL, so do some research and test A LOT before production. Here is some basic sudo code:

    $mockCSV = @()
    $mockCSV += [pscustomobject]@{User="Rob";Manager="JSmith"}
    
    $folders = Get-ChildItem C:\Users -Directory
    
    foreach ($folder in $folders) {
        $manager = $mockCSV | Where{$_.User -eq $folder.Name} | Select -ExpandProperty Manager
        if ($manager) {
            "Set permission on folder {0} for {0} and {1}" -f $folder.Name, $manager
    
            #Set-ACL Code here
    
        }
    }
    

    In the code, we get the folders and loop through. If we find a match for the name in the csv, we pull the manager. $folder.Name is the User variable and $manager is the Manager. Pass the variables to Set-ACL to dynamically set the permissions.

    #52493
    Profile photo of Don Jones
    Don Jones
    Keymaster

    If we could refrain from calling people "weak," even in jest, I'd appreciate it. The jest doesn't always come across well in writing, especially across cultures, and PowerShell.org is committed to an open, friendly conversation. Thanks so much for providing a relevant answer and example!

    #52513
    Profile photo of Daniel Turnbull
    Daniel Turnbull
    Participant

    Thanks.

    That result you found I came across about 10 times, with most other questions resulting in a link back to it.

    However I couldn't get my head around it running a loop and cannot see anywhere in the code he posts where he references pulling information from a CSV. It just looked like it resulted in having to run the command;

    SetFolderPermission.ps1 -Path C:\Folder\NewFolder -Access Domain\UserName

    and changing the details every time so I gave up with it.

    Apologies I'm very new to PowerShell and with a very basic PHP background I'm just trying to find and tweak scripts to do what I need.

    #52526
    Profile photo of Paul Frankovich
    Paul Frankovich
    Participant

    Get info from a CSV like so:

    $CSV = Import-CSV -Path ".\Path\To\File.csv"

    And in the case given above you would have something like this:

    Name         Manager
    ----         -------
    Rob          Dave
    Steve        Will
    #52710
    Profile photo of Rob Simmers
    Rob Simmers
    Participant

    Did you get what you needed? Setting the ACL is going to be most difficult part of the this process. Setting permissions is usually pretty painful with a script, so start with just getting the commands you need to set the permissions properly. There are a lot of caveats such as Set-ACL typically wants you to be the owner before you can set permissions. Take a look at this solution which is using icacls to set the permissions:

    https://gallery.technet.microsoft.com/scriptcenter/7abce97b-51d2-41c4-a19f-4e73fdc44ecb

Viewing 6 posts - 1 through 6 (of 6 total)

You must be logged in to reply to this topic.