Oct 28 2022 03:04 PM
Hi All
I'm trying to put together a script to perform the following task:
First to add an AD Security Group named "ADMigration" and assign it (Read access) to a large list of User Home Drives (folders).
I have a master user list with the home drive location/path and would like to leverage the list to apply the new permissions to the ACL of each user home folders.
I have been reading so many articles on assigning permission using Set-ACL, Get-ACL and modules like ADD-NTFDAccess etc, but have now got to the point where I'm confusing myself.
Could I please ask one of you clever scripting people to possibly assist me with a script to accomplish this or at least point me in the best direction or way of achieving the above?
Would really appreciate all your input and really appreciate any suggestions.
Many thanks
Nitrox
Mar 22 2023 05:04 AM
If you're still looking to solve this, hopefully this will get you started. The Set-ACL syntax you want will be something like:
$HomeFolderPath="X:\Path\To\Home\Folder"
#Get Existing Permissions
$NewAcl=Get-Acl -Path $HomeFolderPath
# Set properties
$identity = "ADMigration"
$fileSystemRights = "Read"
$type = "Allow"
# Create new rule
$fileSystemAccessRuleArgumentList = $identity, $fileSystemRights, $type
$fileSystemAccessRule = New-Object -TypeName System.Security.AccessControl.FileSystemAccessRule -ArgumentList $fileSystemAccessRuleArgumentList
# Apply new rule
$NewAcl.SetAccessRule($fileSystemAccessRule)
Set-Acl -Path $HomeFolderPath -AclObject $NewAcl
If this works for you, the next step would be to wrap it up in a loop, reading the Home Drive paths from your list.
Mar 28 2023 01:09 PM
# Set the name of the AD security group to create
$GroupName = "ADMigration"
# Create the new AD security group
New-ADGroup -Name $GroupName -GroupScope Global -GroupCategory Security
# Set the list of home drive folders to modify
$HomeDriveList = @(
"\\server\share\user1",
"\\server\share\user2",
"\\server\share\user3"
)
# Loop through each home drive folder and add the AD security group to its ACL with Read access
foreach ($HomeDrive in $HomeDriveList) {
# Get the current ACL of the home drive folder
$acl = Get-Acl $HomeDrive
# Create a new Access Rule for the AD security group with Read access
$rule = New-Object System.Security.AccessControl.FileSystemAccessRule($GroupName, "ReadAndExecute", "Allow")
# Add the new Access Rule to the home drive folder's ACL
$acl.SetAccessRule($rule)
# Set the modified ACL to the home drive folder
Set-Acl $HomeDrive $acl
}
You will need to update the $GroupName and $HomeDriveList variables to match your environment. Also, make sure to run the script as an administrator and that the account you use has sufficient permissions to modify the ACLs of the home drive folders.
Apr 17 2023 07:35 AM
Apr 17 2023 08:13 AM
May 30 2023 02:22 AM
@Varun_Ghildiyal thanks for sharing. Working fine with few folders, but how I use it with a csv file with over 1000 fileshares?