Setting ownership of existing user homedrive files

james-sackville-school · 2021-03-19T17:55:24.000Z

Hi.

We are having to rebuild our file servers at our school due to an attack on our it network.
We have managed to get everything back up and running and set the permissions for user home drives but when trying to set up the storage quota again on the servers the files within the home drives are owned by Administrator rather than the user so the quota for all users is incorrect as it is showing all 2000 users as having 1kb of files and then administrator as having all of them.
Is there a way of automating setting the users files back to their owner based of the user homedrive folder name?
We used a powershell script to set the permissions for each folder that looks at the homedrive folder name and setting access for that user to their files.
Here is the script we used: http://www.steelbytes.net/set-owner-rights-on-user-profile-or-home-folders-script
Is there a modification that we can make to that script to set the owner of all files within the users homedrive to make the quota work again?
I’m not very experienced with powershell so this might be obvious to someone else.
Thanks,
James.

Neally · 2021-03-19T18:46:28.000Z

James-Sackville-School:

s there a way of automating setting the users files back to their owner based of the user homedrive folder name?

absolutely. i use icacls for that

e.g.

ICACLS ("$($user.homedir)") /setowner ("$env:USERDOMAIN\$(split-path $user.homedir -leaf)")

james-sackville-school · 2021-03-19T19:12:30.000Z

@alexw Amazing thanks.

Do I just run that in the folder containing the user homes and do I replace USERDOMAIN with our domain name?

Thanks,

James.

Neally · 2021-03-19T19:20:46.000Z

James-Sackville-School:

Do I just run that in the folder containing the user homes and do I replace USERDOMAIN with our domain name?

Depends, I guess, I’d get all the folders in the user directory and then run a foreach and set the permissions.

and no $env:USERDOMAIN is an environment variable, so it will pull YOUR domain name

try maybe like so

$folders = get-childitem "\\server\share\homedirs"

foreach($user in $folders){
    write-verbose "$($user.homedir)" -verbose
    write-verbose "$("$env:USERDOMAIN\$(split-path $user.homedir -leaf)")" -verbose
    ICACLS ("$($user.homedir)") /setowner ("$env:USERDOMAIN\$(split-path $user.homedir -leaf)")
}

DISCLAIMER: it’s a script from the internet, so you want to test is before running in prod, i don’t want if something goes wrong that mess up all your permissions.

james-sackville-school · 2021-03-19T19:31:02.000Z

Hi @alexw .

Thanks.

I’m running this on some users I have copied to another server for testing.

I have just run what you posted above and I get the following error.

VERBOSE:
Split-Path : Cannot bind argument to parameter ‘Path’ because it is null.
At line:5 char:52

… write-verbose “$(”$env:USERDOMAIN$(split-path $user.homedir -leaf)" …
CategoryInfo : InvalidData: ( [Split-Path], ParameterBindingValidationException
FullyQualifiedErrorId : ParameterArgumentValidationErrorNullNotAllowed,Microsoft.PowerShell.Commands.SplitPathCommand

VERBOSE: SACKVILLE
Split-Path : Cannot bind argument to parameter ‘Path’ because it is null.
At line:6 char:74

… dir)“) /setowner (”$env:USERDOMAIN$(split-path $user.homedir -leaf)" …
CategoryInfo : InvalidData: ( [Split-Path], ParameterBindingValidationException
FullyQualifiedErrorId : ParameterArgumentValidationErrorNullNotAllowed,Microsoft.PowerShell.Commands.SplitPathCommand

ICACLS : First parameter must be a file name pattern or “/?”
At line:6 char:5

ICACLS (“$($user.homedir)”) /setowner ("$env:USERDOMAIN$(split-p …
CategoryInfo : NotSpecified: (First parameter…pattern or “/?”:String) , RemoteException
FullyQualifiedErrorId : NativeCommandError

Is this because I have moved the user files I’m testing this with to a new share with a different path as to what is on AD?

Thanks,

James.

Neally · 2021-03-19T19:36:50.000Z

can you post, verbatim (other than sensitive data) what you run?

I mean you replaced the server directory I assume?

Do you run it against a local server or unc path?

james-sackville-school · 2021-03-19T19:44:19.000Z

Hi.

What I’m running in Powershell ISE as Administrator is:

$folders = get-childitem "\\FILESERVERNAME\data2\2012"

foreach($user in $folders){
    write-verbose "$($user.homedir)" -verbose
    write-verbose "$("$env:USERDOMAIN\$(split-path $user.homedir -leaf)")" -verbose
    ICACLS ("$($user.homedir)") /setowner ("$env:USERDOMAIN\$(split-path $user.homedir -leaf)")
}

And the output I’m getting is:

PS C:\Windows\system32> $folders = get-childitem "\\FILESERVERNAME\data2\2012"

foreach($user in $folders){
    write-verbose "$($user.homedir)" -verbose
    write-verbose "$("$env:USERDOMAIN\$(split-path $user.homedir -leaf)")" -verbose
    ICACLS ("$($user.homedir)") /setowner ("$env:USERDOMAIN\$(split-path $user.homedir -leaf)")
}
VERBOSE:
Split-Path : Cannot bind argument to parameter 'Path' because it is null.
At line:5 char:52
+ ... write-verbose "$("$env:USERDOMAIN\$(split-path $user.homedir -leaf)" ...
+                                                   ~~~~~~~~~~~~~
    + CategoryInfo         : InvalidData: (:) [Split-Path], ParameterBindingValidationException
    + FullyQualifiedErrorId : ParameterArgumentValidationErrorNullNotAllowed,Microsoft.PowerShell.Commands.SplitPathCommand

VERBOSE: SACKVILLE\
Split-Path : Cannot bind argument to parameter 'Path' because it is null.
At line:6 char:74
+ ... dir)") /setowner ("$env:USERDOMAIN\$(split-path $user.homedir -leaf)" ...
+                                                   ~~~~~~~~~~~~~
    + CategoryInfo         : InvalidData: (:) [Split-Path], ParameterBindingValidationException
    + FullyQualifiedErrorId : ParameterArgumentValidationErrorNullNotAllowed,Microsoft.PowerShell.Commands.SplitPathCommand

ICACLS : First parameter must be a file name pattern or "/?"
At line:6 char:5
+   ICACLS ("$($user.homedir)") /setowner ("$env:USERDOMAIN\$(split-p ...
+   ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo         : NotSpecified: (First parameter...pattern or "/?":String) [], RemoteException
    + FullyQualifiedErrorId : NativeCommandError

Is there any other info you need?

Thanks,

James.

Neally · 2021-03-19T19:45:36.000Z

If you post code, please use the ‘Insert Code’ button. Please and thank you!

PLEASE READ BEFORE POSTING! Read if you're new to the PowerShell forum! Programming & Development

Hi, and welcome to the PowerShell forum! Don’t apologize for being a “noob” or “newbie” or “n00b.” There’s just no need – nobody will think you’re stupid, and the forums are all about asking questions. Just ask! Use a descriptive subject. Don’t say “Need help” or “PowerShell Help”, actually summarize what the problem is. It helps the rest of us keep track of which problem is which. Don’t post massive scripts. We’re all volunteers and we don’t have time to read all that, nor will we copy…

james-sackville-school · 2021-03-19T19:49:44.000Z

Oops sorry. Edited the post so its correct now.

James.

Neally · 2021-03-19T19:49:55.000Z

my bad , try like so:

$folders = get-childitem "\\FILESERVERNAME\data2\2012"

foreach($user in $folders){
    write-verbose "Folder: $($user.fullname)" -verbose
    write-verbose "User: $("$env:USERDOMAIN\$(split-path $user.name -leaf)")" -verbose
    ICACLS ("$($user.fullname)") /setowner ("$env:USERDOMAIN\$(split-path $user.name -leaf)")
}

james-sackville-school · 2021-03-19T19:52:41.000Z

Thanks, that runs now without error.

It only says one file processed though how do I make it so it processes the files and folders within the homedrive for users?

Thanks,

James

Neally · 2021-03-19T19:57:35.000Z

James-Sackville-School:

Thanks, that runs now without error.

It only says one file processed though how do I make it so it processes the files and folders within the homedrive for users?

Thanks,

James

That’s different than what your OP stated, so I assume the stuff in the folder does not inherit permissions?

you’d want to look into ‘get-childitem -recurse’. ‘-recurse’ will get the stuff in folders.

james-sackville-school · 2021-03-19T20:07:26.000Z

Thanks, Sorry I might not have been very clear, That was my 3rd attempt at wording my question.

The files and folders inside the homedrives do inherit the permissions from the user homedrive folder but they don’t inherit the owner which is what we need for getting the storage quota to work so students don’t fill up our file servers.

I’ll have a look at what you suggested. Is that something I can add to the script you gave me or is it more complicated than that.

As I said I’m not currently very good with powershell but I would like to learn it at some point but unfortunately, recovering from a cyber attack isn’t really the time for doing that.

Thanks,

James.

james-sackville-school · 2021-03-22T09:52:06.000Z

Here is the final script we ended up using for anyone else needing to do this after a data restore. Make sure to run Powershell as Administrator otherwise it will error.

$pathlink = "\\SERVER\SHARENAME"
$folders = get-childitem $pathlink

foreach($user in $folders){
    Write-Host "User folder:" $user
    write-verbose "Folder: $($user.fullname)" -verbose
    write-verbose "User: $("$env:USERDOMAIN\$(split-path $user.name -leaf)")" -verbose
    ICACLS ("$($user.fullname)") /setowner ("$env:USERDOMAIN\$(split-path $user.name -leaf)")
    $userfolder = Get-ChildItem -Recurse $pathlink\$user 
    $username = $user.fullname
    $counter ++
    foreach($subfolder in $userfolder){
        Write-Host "Subfolder:" $subfolder
        ICACLS ("$($subfolder.fullname)") /setowner ("$env:USERDOMAIN\$(split-path $user.name -leaf)")
    }
    Write-Host -ForegroundColor Magenta  "ITEM:" $counter "/" ($folders).count
}