Hi All,

I have created a script that creates a user folder in a specific location and assign the user and permission access to it.
It works as intended, the only problem is I want to be able to make it more useful. I currently setup a location and specific user for it. However I want to be able to add multiple users to it that get imported from a CSV file.
For Example. On the CSV File I will have 4 user names, one location, all with Modify access. I would want the script to create all four instead of me doing it one at a time by setting the value, kind of like I did in my script.

I know I have to import the csv and then create a for loop but that is as far as I know.
To import CSV I can call it into a variable then I have to do a for loop Not sure how to accomplish it

The Font in Red is what I believe I need to add, I came up with that but not sure if it’s correct or how to further add it into the script. Any help would be appreciated.

$userfolders = import-csv $userfolders
foreach ($user in $userfolders)
{

$FolderName = $user.FolderName
$Permissions= $user.Permissions
$Inheritanceflags=$user.Inheritanceflags
$Propogationflags=$user.Propogationflags

}

 

$newitem = New-item -Path “c:\” -Name “myfolder” -ItemType “directory”
$newacl = get-acl -Path “C:\myfolder”
#set properties
$identity = “grillo.local\bclues”
$filesystemrights = [System.Security.AccessControl.FileSystemRights]”Modify”
$Inheritanceflags = [System.Security.AccessControl.InheritanceFlags]”ContainerInherit, ObjectInherit”
$Propogationflags = [System.Security.AccessControl.PropagationFlags]”None”
$type = “allow”
#Create new rule
$filesystemAccessRule = New-Object System.Security.AccessControl.FileSystemAccessRule($identity,$filesystemrights,$Inheritanceflags,$Propogationflags, $type)
# Apply New Rule
$newacl.SetAccessRule($filesystemAccessRule)
Set-acl -Path “C:\myfolder” -AclObject $newacl

You’re nearly there, although we can’t see what you’ve added in red as the code has been reformatted for readability.

Essentially, you want to perform the action for each (foreach) user so everything that needs to be repeated needs to go inside that loop. I am assuming, that based on your code example, you have columns in your CSV for permissions, inheritence flags etc.

I’ve not tested this, I’ve just tweaked your code a bit to give you an idea of how to use the information from the CSV file.

For the final version of your script, I would suggest you add some error handling and tests to check, for example, if the folder already exists and if the user exists in the domain.

$userfolders = import-csv $userfolders

foreach ($user in $userfolders) {

    $identity = "grillo.local\$($user.UserName)"
    $folderName = $user.FolderName
    $Permissions = $user.Permissions
    $Inheritanceflags = $user.Inheritanceflags
    $Propogationflags = $user.Propogationflags 

    $newitem = New-Item -Path “c:\” -Name $folderName -ItemType “directory”
    $newacl = Get-Acl -Path $newitem.FullName

    #set properties
    $type = “allow”
    
    #Create new rule
    $filesystemAccessRule = New-Object System.Security.AccessControl.FileSystemAccessRule($identity, $Permissions, $Inheritanceflags, $Propogationflags, $type)
    
    # Apply New Rule
    $newacl.SetAccessRule($filesystemAccessRule)
    Set-acl -Path $newitem.FullName -AclObject $newacl

}

[quote quote=263232]You’re nearly there, although we can’t see what you’ve added in red as the code has been reformatted for readability.

Essentially, you want to perform the action for each (foreach) user so everything that needs to be repeated needs to go inside that loop. I am assuming, that based on your code example, you have columns in your CSV for permissions, inheritence flags etc.

I’ve not tested this, I’ve just tweaked your code a bit to give you an idea of how to use the information from the CSV file.

For the final version of your script, I would suggest you add some error handling and tests to check, for example, if the folder already exists and if the user exists in the domain.

$Path = “C:\save”
$Folders = Import-csv C:\foldernames.csv
$newacl = get-acl -Path $Path
foreach ($Folder in $Folders)
{
$Identity =$Folder.Identity
$InheritanceFlags =$Folder.InheritanceFlags
$PropogationFlags =$Folder.PropogationFlags
$type = $Folder.Type
$FileSystemRights = $Folder.FileSystemRights

New-Item $Folder.Name -type directory

}

#Creating the rule
$filesystemAccessRule = New-Object System.Security.AccessControl.FileSystemAccessRule($Identity,$FileSystemRights,$InheritanceFlags,$PropogationFlags, $Type)
#Applying the new Rule
$newacl.SetAccessRule($filesystemAccessRule)
Set-acl -Path $Path -AclObject $newacl

I get the correct result. Does it look right to you? Any foreseeable problems?
How can I add error handling and checks to it?

Actually It did not work correctly. No error when running the script, but it adds the same users to all user folders.
For Example: I have 4 users in the CSV, so it does create all four folders with correct names. It also sets the proper permission type, the problem is it add the same users for the permission.
So the User Olaf has access to all 4 folders that got created. The other users have no access.

You’re creating and setting the permission outside of the loop so the permissions will be set using the last user in your CSV.

Per my example, you need to do everything inside the foreach loop.

For your error handling, think about what could go wrong and what errors you might need to handle. Then investigate appropriate cmdlets ways to handle those errors gracefully. For example, think about using Test-Path to check if the folder already exists and Get-ADUser to check you have a valid identity for the permissions. Perhaps investigate try/catch blocks to wrap around the commands that create the folder and set the permissions so you can catch any problems.

#I Still have the same issue, it is inside the foreach loop. Any ideas? I have been trying to look at this for hours and unable to figure it out.
$Path = "C:\save"
$Folders = Import-csv C:\foldernames.csv

foreach ($Folder in $Folders)
{
$Identity ="grillo.local\$($Folder.Name)"
$InheritanceFlags =$Folder.InheritanceFlags
$PropogationFlags =$Folder.PropogationFlags
$type = $Folder.Type
$FileSystemRights = $Folder.FileSystemRights
$newacl = get-acl -Path $Path


New-Item $Folder.Name -type directory

#Creating the rule
$filesystemAccessRule = New-Object System.Security.AccessControl.FileSystemAccessRule($Folder.Name,$FileSystemRights,$InheritanceFlags,$PropogationFlags, $Type)
#Applying the new Rule
$newacl.SetAccessRule($filesystemAccessRule)
Set-acl -Path $Path -AclObject $newacl
}

You’re setting the ACL on $path which is set to ‘C:\save’ and never updated. You’re not setting the ACL on your new folder.

If you look at my example, I set the $newItem variable when creating the folder, and then specify the path for Set-ACL as $newItem.FullName