Hello.
Thanks in advance for assistance with this.
With the below script I am trying to ammend folder permissions for folders, child folders and files from within that folder also. I can only seem to ge 5 child folders depp though. I would like to recurivley run this to ensure all child folder permissions are ammended.
Code:
$folders = "\\server\home\test"
$serviceAccount = "isad\svc_test"
$childfolders = Get-ChildItem -Path $folders -Force
$grandchildfolders = Get-ChildItem -Path $childfolders -Force
$greatgrandchildfolders = Get-ChildItem -Path $grandchildfolders -Force
$2greatgrandchildfolders = Get-ChildItem -Path $greatgrandchildfolders -Force
Add-NTFSAccess -Account $serviceAccount -path $folders -AccessRights FullControl -AppliesTo ThisFolderSubfoldersAndFiles
$childfolders | Add-NTFSAccess -Account $serviceAccount -AccessRights FullControl -AppliesTo ThisFolderSubfoldersAndFiles
$grandchildfolders | Add-NTFSAccess -Account $serviceAccount -AccessRights FullControl -AppliesTo ThisFolderSubfoldersAndFiles
$greatgrandchildfolders | Add-NTFSAccess -Account $serviceAccount -AccessRights FullControl -AppliesTo ThisFolderSubfoldersAndFiles
$2greatgrandchildfolders | Add-NTFSAccess -Account $serviceAccount -AccessRights FullControl -AppliesTo ThisFolderSubfoldersAndFiles
What you would probably need is to use -Recurse switch parameter of Get-ChildItem cmdlet then use ForEach-Object cmdlet to iterate through each folder item coming through.
If you have not used these options, I suggest you to read documentation using Get-Help ForEach-Object -Full cmdlet.
thanks for the help, i have added the -recurse itch but this still seems to fail for child folders, whilst sucessfully ammending the first folder and files within there, any ideas?
I find the -Recurse parameter of Get-ChildItem to be a little slow. I also like recursive functions. This function will go through and set each folder and file recursively. You simply pass it the root folder to start with and the account. I’ve also prepared it to take AccessRights and AppliesTo as a parameter with the default being what you were trying to achieve. If you want to see the items as they are being set then add -Verbose. I turned verbose off on the NTFSAccess command as it was very, very noisy.
Function Set-RecursiveACL {
[cmdletbinding()]
Param
(
[Parameter(Position=0,ValueFromPipeline,Mandatory)]
$Folder,
[Parameter(Position=1,Mandatory)]
[string]$Account,
[Parameter(Position=2)]
[string[]]$AccessRights = 'FullControl',
[Parameter(Position=3)]
[string]$AppliesTo = 'ThisFolderSubfoldersAndFiles'
)
process
{
if($Folder -is [string]){$Folder = Get-Item $Folder}
Write-Verbose "Granting $($AccessRights) rights on $($Folder.FullName) to $($Account)"
$Folder | Add-NTFSAccess -Account $Account -AccessRights $AccessRights -AppliesTo $AppliesTo -AccessType Allow -Verbose:$false
Get-ChildItem -Path $Folder.FullName -File -Force | ForEach-Object {
Write-Verbose "Granting $($AccessRights) rights on $($_.FullName) to $($Account)"
$_ | Add-NTFSAccess -Account $Account -AccessRights $AccessRights -AppliesTo $AppliesTo -AccessType Allow -Verbose:$false
}
Get-ChildItem -Path $Folder.FullName -Directory -Force | Set-RecursiveACL -Account $Account
}
}
$rootfolder = "\\server\home\test"
$serviceAccount = "isad\svc_test"
$rootfolder | Set-RecursiveACL -Account $serviceAccount -Verbose
would this have the ability to apply those permissions without modifying the folder owners? as these are homefolders each folder owner needs to be the individual users
It’s your command… you tell me. I only used the command you were already using. Plus, you could simply test it and see…
Fair point, I test and no it doesnt change the folder owners, massive bonus there!!
one further question, is there a way of pulling several (possibly hundreds) of folders from a csv or text file then applying this to them?