New-item add permissions - PowerShellCommunity.org - Windows PowerShell Discussion Forums - Using PowerShell

Forums Search Members

Forums > Using PowerShell > General PowerShell

New-item add permissions

Last Post 01 Oct 2008 06:48 PM by jcossota. 5 Replies.

Sort:

	Prev Next
You are not authorized to post a reply.

Author

Messages

jcossota

New Member
Posts:6
Avatar

30 Sep 2008 11:05 PM
This question is related to my previous thread here, but since it's a different topic figure I would seperate it. Right now my script will grab the first letter of the user's first name, and if it is A-M it creates a new userhome directory on server1, if not, it creates it on server2. This part works great, but I'm not quite sure of how to add the user with 'modify' permissions on the directory? If possible I would also like the code for 'full control' permissions as I will need that portion for a completely different directory later. Here's a snippet of what I got: $strFname = "Jack" $SmAccount = "JReacher" $strUHAM = "\\server1\privlun01$\home" $strUHNZ = "\\server2\privlun02$\home" $strFnameInit = $strFname[ 0 ] if ($strFnameInit -like "[A-M]") { New-Item $strUHAM"\"$SmAccount -ItemType Directory } else { New-Item $strUHNZ"\"$SmAccount -ItemType Directory }

glnsize

Basic Member
Posts:101

01 Oct 2008 01:19 AM
/\/\o\/\/ has a ton of stuff about working with acl/ssdl. I modified one of his scripts... More of a technique thing but I would also suggest using a switch statement instead of an IF (much more elegant/FAST) param ($sAMAccountName = $(Throw "$SAMAccountNAME is required!")) Begin { # AddRemove-AccessRule.MSH # Add or remove simple access rule to a file/directory # using text parameters # # Original written by /\/\o\/\/ 2006 # http://mow001.blogspot.com # # modified by tony 2006 # http://mshforfun.blogspot.com # # Stolen by Glenn 2008! # #Usage AddRemove-Acl FileOrDirectory (Action) user Rights (Access) # Action: Add / Remove # Rights: ListDirectory / ReadData / WriteData / CreateFiles / # CreateDirectories / AppendData / ReadExtendedAttributes / # WriteExtendedAttributes / Traverse / ExecuteFile / # DeleteSubdirectoriesAndFiles / ReadAttributes / WriteAttributes/ Write / # Delete / ReadPermissions / Read / ReadAndExecute / Modify / # ChangePermissions / TakeOwnership / Synchronize / FullControl # Access: Allow / Deny function Modify-ACL { param ( $FileDir, $User, [System.Security.AccessControl.FileSystemRights] $Rights = "Modify", [System.Security.AccessControl.AccessControlType] $Access = "Allow" ) trap{break} # get the current acl $AccessControl = get-acl $FileDir # create a new access control entry $AccessRule = new-object System.Security.AccessControl.FileSystemAccessRule($User,$Rights,$Access) # check if given user is Valid, this will break function if not so. $Sid = $AccessRule.IdentityReference.Translate([System.Security.Principal.securityidentifier]) # Add that New AC to the current ACL $AccessControl.AddAccessRule($AccessRule) # Overwrite the ACL with the new one we just made set-acl -aclobject $AccessControl -path $FileDir } } Process { # Match the first Character of the sAMAccountName using a regular expression. switch -regex ($sAMAccountName) { "^[a-f]" { New-Item "\\server1\privlun01$\home\"$sAMAccountName -ItemType Directory Modify-ACL -FileDir "\\server1\privlun01$\home\"$sAMAccountName -User $sAMAccountName } "^[g-l]" { New-Item "\\server1\privlun02$\home\"$sAMAccountName -ItemType Directory Modify-ACL -FileDir "\\server1\privlun02$\home\"$sAMAccountName -User $sAMAccountName } "^[m-s]" { New-Item "\\server1\privlun03$\home\"$sAMAccountName -ItemType Directory Modify-ACL -FileDir "\\server1\privlun03$\home\"$sAMAccountName -User $sAMAccountName } "^[t-z]" { New-Item "\\server1\privlun04$\home\"$sAMAccountName -ItemType Directory Modify-ACL -FileDir "\\server1\privlun04$\home\"$sAMAccountName -User $sAMAccountName Modify-ACL -FileDir "\\server1\privlun04$\home\"$sAMAccountName -User "BUILTIN\Administrator" -$Rights "FullControl" } } } Hope that helps, ~Glenn P.S. WooHoo I beat shay...

glnsize

Basic Member
Posts:101

01 Oct 2008 01:44 AM
oops... "^[a-f]" broken down... ^ dictates the first character, and [ - ] declares a range. So "^[a-f]" will match any string that begins with a,A,b,B,c,C,d,D,e,E,f,F ~Glenn

jcossota

New Member
Posts:6
Avatar

01 Oct 2008 05:26 PM
Thanks Glenn! But I'm not sure how to go about using that script. I have tried running it as you have it (although modifying the appropriate new-item markers to reflect my server info), but I get errors returned. I'm fairly new to PSH so not quite sure what I'm missing here!

jcossota

New Member
Posts:6
Avatar

01 Oct 2008 05:56 PM
I attached screenshots of errors I get in the console. The error1 is running it as a .ps1 by itself, then error2 is when I define the $sAMAccountName variable at the beginning with: $sAMAccountName = "dev-jcossota" error1: http://img241.imageshack.us/img241/3163/psherror1za6.jpg error2: http://img396.imageshack.us/img396/5421/psherror2fb0.jpg

jcossota

New Member
Posts:6
Avatar

01 Oct 2008 06:48 PM
Actually nevermind I got a co-worker of mine to look at it and he made some ammendments! Thanks again!

You are not authorized to post a reply.

Forums > Using PowerShell > General PowerShell

Active Forums 4.1