Author Posts

November 29, 2017 at 3:33 pm

So this script runs great with no issues when I run it from the users account. However when I turned this into a logon script it doesn't map the drive or set the permissions... but it does create the folder. I was hoping to get another set of eyes on my script to get opinions on whether or not this was a scripting or administration issue.

It is not failing at (!(test-path "$FolderPath")), as it does recreate the folder.

$FolderPath = "\\server\users\$env:username"
if (!(test-path "$FolderPath")) {
    $InheritanceFlag = [System.Security.AccessControl.InheritanceFlags]::ContainerInherit
    $PropagationFlag = [System.Security.AccessControl.PropagationFlags]::InheritOnly
    New-Item -ItemType directory -Path $FolderPath
    $acl = Get-Acl $FolderPath
    $acl.SetAccessRuleProtection($True, $False)
    $acl.Access | % { $acl.RemoveAccessRule($_) }
    $acl.SetOwner([System.Security.Principal.NTAccount] $env:USERNAME)
    $rule = New-Object System.Security.AccessControl.FileSystemAccessRule("$env:username", 'modify', 'Allow')
    $acl.AddAccessRule($rule)
    (Get-Item $FolderPath).SetAccessControl($acl)
    $rule = New-Object System.Security.AccessControl.FileSystemAccessRule("LTPC-DOM\Domain Admins", "FullControl", "ContainerInherit, ObjectInherit", "None", "Allow") 
    $acl.AddAccessRule($rule)
    (Get-Item $FolderPath).SetAccessControl($acl)
    (New-Object -ComObject "Wscript.Network").MapNetworkDrive("V:", "$FolderPath")
}

November 29, 2017 at 3:43 pm

Never Mind! It was an administration problem. In case your interested...

In that same GPO I forgot I setup a setting to add that folder, so when it ran the script it in fact did fail at:

if (!(test-path "$FolderPath")) {

November 29, 2017 at 3:50 pm

Is the logon script running as a computer or user policy? Basically, it's a question of the context the script is being executed as during logon. You may want to just add some code that creates a log on the computer that indicates the context the script is executing as (see the first couple lines of this script: https://blogs.msdn.microsoft.com/virtual_pc_guy/2010/09/23/a-self-elevating-powershell-script/) to validate it's executed in the correct context. If that is correct, what are the permission on the root Users share? Do users have FULL control to create a folder and set permissions?

[edit] Just saw you figured it out. Happy Holidays!