by DarkPhalanx at 2013-04-19 11:48:03
Hello Guys,by sstranger at 2013-04-19 13:15:32
I’ve been searching a great part of the internet today to find a script that does this:
[quote]A script that reads from a csv file that it will use to create folders with subfolders and give each (sub)folder certain permissions to a group.
Example of the csv file
When csv contains:
folder,group,permission
folder A,sales@domain,read
folder A\subfolder2,drivers@domain,read/write
The script will create a folder called "folder A" and provide read access to sales@domain. Similarly, drivers@domain will have read/write access to the subfolder: subfolder2 in folder A[/quote]
I’m nearly desperate because I’m not familiar with PowerShell, I can get it to work if i have a working one though. You would really help me with this, if it’s not to difficult for you to create.
Look at the help for the following Cmdletsby DarkPhalanx at 2013-04-19 17:21:35
New-Item and Set-ACL
Example: Get-Help New-Item -full and Get-Help Set-ACL -Full
Good luck!
Stefan
Thanks, I’ve searched alot more and I found a script that I modified to my needs.by MasterOfTheHat at 2013-04-22 06:49:48
This is it I’m calling this from another script where I add some parameters with a csv file:
The only thing I can’t get to work is the line :$Allpropagation = [system.security.accesscontrol.PropagationFlags]$Propagate
I added a default for this at the top[string]$Propagate = ("NoPropagateInherit")
Any Idea what I did wrong?
[code2=powershell]##################################################################################
#
#
# Script name: SetFolderPermission.ps1
# Author:goude@powershell.nu
# Homepage: http://www.powershell.nu
#
#
##################################################################################
param ([string]$Path, [string]$Access, [string]$Permission = ("Modify"), [string]$Propagate = ("NoPropagateInherit"), [switch]$help)
function GetHelp() {
$HelpText = @"
DESCRIPTION:
NAME: SetFolderPermission.ps1
Sets FolderPermissions for User on a Folder.
Creates folder if not exist.
PARAMETERS:
-Path Folder to Create or Modify (Required)
-User User who should have access (Required)
-Permission Specify Permission for User, Default set to Modify (Optional)
-help Prints the HelpFile (Optional)
SYNTAX:
./SetFolderPermission.ps1 -Path C:\Folder\NewFolder -Access Domain\UserName -Permission FullControl
Creates the folder C:\Folder\NewFolder if it doesn't exist.
Sets Full Control for Domain\UserName
./SetFolderPermission.ps1 -Path C:\Folder\NewFolder -Access Domain\UserName
Creates the folder C:\Folder\NewFolder if it doesn't exist.
Sets Modify (Default Value) for Domain\UserName
./SetFolderPermission.ps1 -help
Displays the help topic for the script
Below Are Available Values for -Permission
"@
$HelpText
[system.enum]])
}
function CreateFolder ([string]$Path) {
# Check if the folder Exists
if (Test-Path $Path) {
Write-Host "Folder: $Path Already Exists" -ForeGroundColor Yellow
} else {
Write-Host "Creating $Path" -Foregroundcolor Green
New-Item -Path $Path -type directory | Out-Null
}
}
function SetAcl ([string]$Path, [string]$Access, [string]$Permission, [string]$Propagate) {
# Get ACL on FOlder
$GetACL = Get-Acl $Path
# Set up AccessRule
$Allinherit = [system.security.accesscontrol.InheritanceFlags]"ObjectInherit"
$Allpropagation = [system.security.accesscontrol.PropagationFlags]$Propagate
$AccessRule = New-Object system.security.AccessControl.FileSystemAccessRule($Access, $Permission, $AllInherit, $Allpropagation, "Allow")
# Check if Access Already Exists
if ($GetACL.Access | Where { $_.IdentityReference -eq $Access}) {
Write-Host "Modifying Permissions For: $Access" -ForeGroundColor Yellow
$AccessModification = New-Object system.security.AccessControl.AccessControlModification
$AccessModification.value__ = 2
$Modification = $False
$GetACL.ModifyAccessRule($AccessModification, $AccessRule, [ref]$Modification) | Out-Null
} else {
Write-Host "Adding Permission: $Permission For: $Access"
$GetACL.AddAccessRule($AccessRule)
}
Set-Acl -aclobject $GetACL -Path $Path
Write-Host "Permission: $Permission Set For: $Access" -ForeGroundColor Green
}
if ($help) { GetHelp }
if ($Path -AND $Access -AND $Permission) {
CreateFolder $Path
SetAcl $Path $Access $Permission
}
Read-Host "Press ENTER"[/code2]
Your problem is that you defined the same variable name in 2 different scopes, and the variable in the child scope took precedence.by MasterOfTheHat at 2013-04-22 06:53:30
When you defined $Propagate in the script’s param line you created a $Propagate variable in the script scope. Your intention was to use that value in a function, which is usually fine because function scope is a child scope of script scope, and it would have access to all of the parent scope’s variables and methods.
BUT you also created a $Propagate variable in the SetAcl function scope when you defined it as a parameter of the SetAcl function. So at that point, the value of the SetAcl function scope’s $Propagate took precedence over the script’s $Propagate, and you end up using a null value for your "$Allpropagation = [system.security.accesscontrol.PropagationFlags]$Propagate" line.
2 ways to fix it:
[list][]change line 106 to pass the script scope’s $Propagate to the SetAcl function[/][]Remove the $Propagate parameter from the SetAcl function definition on line 68][/][/list]SetAcl $Path $Access $Permission $Propagatefunction SetAcl ([string]$Path, [string]$Access, [string]$Permission) {
Oh! And don’t use that GetHelp function! Don will probably chide you for that… Use comment based help and let PowerShell do the work for you. Start with reading through about_Comment_Based_Help, ("help about_Comment_Based_Help" at the console).