Sheridan Wendt
  • Home
  • Technology
  • Business
  • Music
  • Adventures
  • Resume
  • Contact

Technology

Fix NTFS Permissions with PowerShell

9/26/2017

Comments

 
Do your users have Home Drives or other folders that require special permissions? Has the permission structure on your users' Home Drives ever gotten so out of control that cleaning it up with be an absolute nightmare? Or maybe your organization uses a cloud service such as OneDrive for Business, Google Drive, or something similar that takes care of permissions for you. If your organization hasn't moved to cloud yet, this article is for you. Today we'll discuss how to fix the permission structure of your user's Home Drives in less than a half hour using PowerShell.
Click below to view the full .ps1 on github
FixPermissions.ps1
​There are certainly many ways to go about fixing folder permission structures so feel free to comment if you think we could benefit from knowing another method. This article covers a script that does the following:
  • Changing the variables so that the right folders' permissions are edited
  • Creating a template folder with the permissions you want
  • Applying the permissions of the template folder to all of the folders in a root directory
  • Adding an Access Control Rule allowing the user permission to access the folder
  • Preventing users from taking ownership of their folder, causing problems later when it's time to archive the folder
To view the whole script in github please click here:
https://github.com/sheridanwendt/powershell/blob/master/HomeDriveCleanup.ps1 

First things first, you'll need to make a template folder that is configured with the desired permissions that should be applied to all of the folders inside the root folder.

Next, we define a function called Set-Permissions and configure it to run on every folder inside of the root folder. We'll go through each step the function performs. 

The first step of the function is to set some variables. The variables are:
$Greeting
Function Set-Permissions{
     $Template = Read-Host "Template Address"
     $TemplateACL = Get-Item "$Template"
     $RootFolder = Read-Host "Root Folder"
     $RootDirectory = Get-ChildItem "$RootFolder" -Directory
The $Greeting is shown to the user each time they run the script to remind them what it does. The $Template variable asks the user of the script for the UNC path of a template folder that has the desired permissions configured that all of the other folders should have. I suggest putting the template folder inside the root folder. The $RootFolder variable is the UNC path to the folder containing all of the folders that you'd like to fix the permissions for, such as your user's Home Drives. Example: If the UNC path to your user folders looks like this: \\FileServer\users\jsmith the UNC path to the root folder is \\FileServer\users. The $Template is the $TemplateACL grabs some detailed properties of the template folder, including the access control list (ACL). The $RootDirectory variable is a list of all of the folders inside of the root folder. 

Now that all of the variables are defined, the next step is a foreach statement. The foreaxh statement in this script performs the following actions on each folder inside of the root folder:
  • Gets the path of each folder and assigns it to the $Path variable
  • Assigns the current Access Control List (ACL), AKA permissions, of the template folder to the variable $ACL
  • Assigns the name of the folder to the variable $Username to be used later
  • Creates an Access Rule that grants Modify access to the $Username variable if a user exists with the same username as the name of the folder. If no user exists, an error is given and the script continues. The new Access Rule is assigned to the variable $AR
  • The $AR (Access Rule) is added to the $ACL (Access Control List)
  • The new ACL is applied to the folder


The code looks like this:
foreach ($SubFolder in $RootDirectory) {
     $Path = $SubFolder.FullName
     $ACL = ($TemplateACL).GetAccessControl('Access')
     $Username = $SubFolder.Name
     $AR = New-Object System.Security.AccessControl.FileSystemAccessRule($Username, 'Modify', 'ContainerInherit,ObjectInherit', 'None', 'Allow')
     $ACL.AddAccessRule($AR)
     Set-Acl -path $Path -ACLObject $ACL
That’s it! The steps above are competed on every folder in the root folder until they’ve all been updated to your new desired permissions based on the template folder. 

Dependency: The account that runs this script must be able to “change permissions” and “take ownership” for the script to run properly. It may be necessary to grant those permissions to the root folder before running the script if those permissions are not present. 
Comments

    Repositories

    PowerShell
    SQL

    Author

    Sheridan's interests are in technology, business, music, and adventures

    View my profile on LinkedIn

    RSS Feed

    Categories

    All
    Alerts
    Azure
    Business Intelligence
    Data Visualization
    Notifications
    Photo Frame
    PowerShell
    Raspberry Pi
    Scripting
    SMS
    SQL
    Technology
    Virtualization
    VMWare

    Business

    Archives

    June 2019
    May 2019
    September 2018
    May 2018
    April 2018
    March 2018
    February 2018
    December 2017
    September 2017
    July 2003

Powered by Create your own unique website with customizable templates.
  • Home
  • Technology
  • Business
  • Music
  • Adventures
  • Resume
  • Contact