by Milo at 2013-02-27 06:55:42
I ran onto a UNC Drivepath in where a user took ownership of the full path & destroyed our domain admin & storage mgt ownership.by DonJ at 2013-02-27 07:29:57
I had to perform a task (see other post) & ran onto acces denied on that scope.
I searched on the net for a helpfull code in Powershell to ease my work.
I ran into the script on http://www.definit.co.uk/2012/02/powers … rmissions/
Being somewhere very nice, but not doing the whole bunch of folders… I think Powershell variable did not have enough memory… I do not know.
…
I Slightly modified the script…
Is there anyone who can revieuw my code please?
ThxFunction main
{
param ([Parameter(Mandatory=$true, Position=0)][String]$RootPath,
[Parameter(Mandatory=$true, Position=1)][string]$Log)
function Take-Ownership {
param(
[String]$Folder
)
takeown.exe /A /F $Folder /R /D n
$CurrentACL = Get-Acl $Folder
write-host …Adding Storage Management to $Folder -Fore Yellow
$SystemACLPermission = "YourDomain\Storage Management","FullControl","ContainerInherit,ObjectInherit","None","Allow"
$SystemAccessRule = new-object System.Security.AccessControl.FileSystemAccessRule $SystemACLPermission
$CurrentACL.AddAccessRule($SystemAccessRule)
write-host …Adding Domain Admins to $Folder -Fore Yellow
$AdminACLPermission = "YourDomain\Domain Admins","FullControl","ContainerInherit,ObjectInherit","None","Allow"
$SystemAccessRule = new-object System.Security.AccessControl.FileSystemAccessRule $AdminACLPermission
$CurrentACL.AddAccessRule($SystemAccessRule)
Set-Acl -Path $Folder -AclObject $CurrentACL
}
function Test-Folder($FolderToTest)
{
$error.Clear()
$ErrorArray = @()
Get-ChildItem $FolderToTest -Recurse -ErrorAction SilentlyContinue | Select FullName
if ($error)
{
$ErrorArray = $error + $ErrorArray
foreach ($err in $ErrorArray)
{
if($err.FullyQualifiedErrorId -eq "DirUnauthorizedAccessError,Microsoft.PowerShell.Commands.GetChildItemCommand")
{
Write-Host Unable to access $err.TargetObject -Fore Red
Write-Host Attempting to take ownership of $err.TargetObject -Fore Yellow
Take-Ownership($err.TargetObject) Test-Folder($err.TargetObject)
}
}
}
}
Start-Transcript $Log
$Folderlist= Get-ChildItem $RootPath | ?{ $.PSIsContainer } | Select-Object FullName | ForEach-Object {$.FullName} | Out-String -stream | select-object -skip 1
foreach ($Folder in $Folderlist)
{
Take-OwnerShip $Folder
Test-Folder $Folder
}
Stop-Transcript
}
main
What are you looking for in a review? I’m not able to run your code myself, but if you’re having a specific problem I’d be happy to try and help you figure it out.by Milo at 2013-03-19 06:37:03
Whell , As far as I see , my script doesn’t work as should be.by poshoholic at 2013-03-19 10:32:20
It takes ownership & sets my admins with full control, but not on the entire tree…
Sometimes I see folders that are skipped, folders that still have an access denied for some obviguous reason…
This is why I seek for help
I even tried to set takeown.exe /A /F $Folder /R /D y … still no fully working script
Are there any hidden files or folders in your UNC path? You need to use the -Force parameter with Get-ChildItem in order to get hidden files or folders.by Milo at 2013-03-21 08:10:14
Also, if this is an isolated incident, I’d be inclined to use native tools to fix the problem rather than PowerShell.
First off all … not an isolated incident
Well, somewhere your tip helps for some folders, but other ones still are not taken into account.
By rerunning the script , sometimes these are accessible (to me as admin again) sometimes … no luck.
Or sometimes I need to adapt my path for the script to take more folders into consideration…
Really stuck here…