Folder/File permissions set by Powershell script tidy up

stuarttottle8677 · 2011-11-25T07:55:36.000Z

Hello All,

I’m new to Powershell scripting and have written a script to remove inheritence and change permissions on a folder.

I’ve built the script using various sources from google searches, but i suspect the script i’ve written isn’t the most efficient.

Could someone take a look and let me know if i’m going about it the correct way?

#Set Variables
$FullJobFldPath = “X:\test\testfolder”
$NewRGGrpName = “RG_FLD_TestFolder”

This removes inheritance

$acl = Get-Item $FullJobFldPath |get-acl
$acl.SetAccessRuleProtection($true,$true)
$acl | Set-Acl

This removes all access for the group in question

$acl = Get-Item $FullJobFldPath |get-acl
$JobFldDefaultGroup = “domain\group_name”
$acl.Access |where {$.IdentityReference -eq $JobFldDefaultGroup} |%{$acl.RemoveAccessRule($)}
$acl | Set-Acl

#Add RG group to job folder (Modify Permissions)
$acl = Get-Acl $FullJobFldPath
$permission = $NewRGGrpName,“Modify”, “ContainerInherit, ObjectInherit”, “None”, “Allow”
$accessRule = new-object System.Security.AccessControl.FileSystemAccessRule $permission
$acl.SetAccessRule($accessRule)
$acl | Set-Acl $FullJobFldPath

Kind regards

stottle

NetworkNerd · 2011-11-25T22:36:50.000Z

Here’s a script I wrote to add ftp account users to a specific directory, allow one user full control of that directory, and set a deny permission on that directory for all other users. Maybe this will help a little.

#The outer and inner for loops can be manipulated in such a way that this script will add security parameters to any
#folder in e:\inetpub\ftproot. When more ftp accounts are created, we can easily apply the proper allow and deny priviliges to both new and existing folders.

for($max = 11; $max -le 11;$max++)
{

#target folder that needs security rules added
$target = "e:\inetpub\ftproot" + $max

$mydir = get-acl $target

for($x=30; $x -gt 11; $x–)
{
$account = “anchorftp” + $x

#write-host $account + " now being analyzed "
if ($x -eq $max)
{
#allow the proper account full control
$rule = new-object system.security.accesscontrol.filesystemaccessrule ($account,“fullcontrol”, “containerinherit,objectinherit”,“none”,“allow”)
}
else
{
#deny access to any other account trying to access the folder
$rule = new-object system.security.accesscontrol.filesystemaccessrule ($account,“fullcontrol”, “containerinherit,objectinherit”,“none”,“deny”)
}

#Add the access rule to be applied later
$mydir.addaccessrule($rule)
}

#apply all access rules to target directory
set-acl $target $mydir
}