Geek asks and answers

Powershell script create home folder for user and set permissions

I am making a powershell script that creates new domain user accounts in AD, and also creates home directories on the file server with the appropriate permissions.

My problem: I can not get the installed permissions.

In the code below, my_fileServer is the name of the file server; sso means the single sign-on identifier, which is set to "user9999" in the test code below.

Any help is much appreciated!

Set-Variable homeDir -option Constant -value "\\my_fileServer\Users"
Set-Variable sso -option Constant -value "user9999"

# If the folder for the user does not exist, make a new one and set the correct permissions.
if ( (Test-Path "$homeDir\$sso") -eq $false)
{
    try 
    {
        $NewFolder = New-Item -Path $homeDir -Name $sso -ItemType "Directory"
        $Rights = [System.Security.AccessControl.FileSystemRights]"FullControl,Modify,ReadAndExecute,ListDirectory,Read,Write"
        $InheritanceFlag = [System.Security.AccessControl.InheritanceFlags]::None
        $PropagationFlag = [System.Security.AccessControl.PropagationFlags]::None
        $objType =[System.Security.AccessControl.AccessControlType]::Allow
        $objUser = New-Object System.Security.Principal.NTAccount "my_full_domain_name\$sso"
        $objACE = New-Object System.Security.AccessControl.FileSystemAccessRule `
                ($objUser, $Rights, $InheritanceFlag, $PropagationFlag, $objType)
        $ACL = get-acl -Path $NewFolder
        $ACL.AddAccessRule($objACE)
        $objReturn = Set-ACL -Path "$homeDir\$sso" -AclObject $ACL
    $objReturn
    }
    catch
    {
        $msg = $_
        $msg
    }
}

The home folder is created OK, but when I check permissions for the user, none of them tick. enter image description here

+5
source share
4 answers

. (, ). ( " " ) . " ", , , . ( ) CREATOR OWNER, , , . :

$InheritanceFlag = @([System.Security.AccessControl.InheritanceFlags]::ContainerInherit,[System.Security.AccessControl.InheritanceFlags]::ObjectInherit)

, ( ). ( Set-ACL returnobject):

try 
{
    $NewFolder = New-Item -Path $homeDir -Name $sso -ItemType "Directory"
    $Rights = [System.Security.AccessControl.FileSystemRights]"FullControl,Modify,ReadAndExecute,ListDirectory,Read,Write"
    $InheritanceFlag = @([System.Security.AccessControl.InheritanceFlags]::ContainerInherit,[System.Security.AccessControl.InheritanceFlags]::ObjectInherit)
    $PropagationFlag = [System.Security.AccessControl.PropagationFlags]::None
    $objType =[System.Security.AccessControl.AccessControlType]::Allow
    $objUser = New-Object System.Security.Principal.NTAccount "my_full_domain_name\$sso"
    $objACE = New-Object System.Security.AccessControl.FileSystemAccessRule `
            ($objUser, $Rights, $InheritanceFlag, $PropagationFlag, $objType)
    $ACL = Get-Acl -Path $NewFolder
    $ACL.AddAccessRule($objACE)
    Set-ACL -Path $NewFolder.FullName -AclObject $ACL
}
+6

, , , (Graimer C.B.), - .
- ""
- , "", , , .

+2

'Special Permmissions', Advanced "".

0

, ... , SetAccessRuleProtection.

, , .

if (-not (Test-Path "$homeDir\$sso"))
{
    $acl = Get-Acl (New-Item -Path $homedir -Name $sso -ItemType Directory)

    # Make sure access rules inherited from parent folders.
    $acl.SetAccessRuleProtection($false, $true)

    $ace = "$domain\$sso","FullControl", "ContainerInherit,ObjectInherit","None","Allow"
    $objACE = New-Object System.Security.AccessControl.FileSystemAccessRule($ace)
    $acl.AddAccessRule($objACE)
    Set-ACL -Path "$homeDir\$sso" -AclObject $acl

}
0

More articles:


All Articles