+ Post New Thread
Results 1 to 11 of 11
Scripts Thread, Scripts for home area in Coding and Web Development; Ive had a look at old posts on here but cant find what im after. Does someone have a script ...
  1. #1
    DSapseid's Avatar
    Join Date
    Feb 2007
    Location
    West Sussex
    Posts
    1,155
    Thank Post
    131
    Thanked 54 Times in 47 Posts
    Rep Power
    38

    Scripts for home area

    Ive had a look at old posts on here but cant find what im after.

    Does someone have a script that can set permissions on a folder so that the user has full control as does domain admins and also another group. Also so that the user is the owner of the folder so i can use quotas. The folder name is the same as the username.

    Ive had a look at takeown and icalcs but none of it makes any sense to me and i havent got the time atm to sit down and read it properly.

    Server 2008 R2 if it makes any difference.

    Thanks

    Dan

  2. #2

    SYNACK's Avatar
    Join Date
    Oct 2007
    Posts
    11,271
    Thank Post
    884
    Thanked 2,749 Times in 2,322 Posts
    Blog Entries
    11
    Rep Power
    785
    SetACL kicks the business out of icalcs, give it a spin, there are plenty of examples and you can use it through command line or vbs.

    http://helgeklein.com/setacl/example...th-setacl-exe/

  3. #3

    SYNACK's Avatar
    Join Date
    Oct 2007
    Posts
    11,271
    Thank Post
    884
    Thanked 2,749 Times in 2,322 Posts
    Blog Entries
    11
    Rep Power
    785
    Also I think that @localzuk made an application that did this really easily but I can't find it, the closest I can find is the topic that handled the code. Mass setting NTFS permissions

  4. #4

    localzuk's Avatar
    Join Date
    Dec 2006
    Location
    Minehead
    Posts
    18,529
    Thank Post
    527
    Thanked 2,648 Times in 2,049 Posts
    Blog Entries
    24
    Rep Power
    925
    I do have such a program. I need to fix it so it also does ownership too (it doesn't currently do this), as this is something we've gotta deal with on Monday too.

    I'll sort something out this weekend and post it up.

  5. Thanks to localzuk from:

    SYNACK (17th August 2012)

  6. #5

    localzuk's Avatar
    Join Date
    Dec 2006
    Location
    Minehead
    Posts
    18,529
    Thank Post
    527
    Thanked 2,648 Times in 2,049 Posts
    Blog Entries
    24
    Rep Power
    925
    Right, rather than fiddle around with my old C# program I decided to do this in Powershell instead.

    Code:
    $path = "\\UNC\PATH"
    
    $rootfolder=Get-ChildItem -literalpath $path
    
    
    $domain="DOMAIN"
    
    
    foreach ($userfolder in $rootfolder) {
            $userfolder.FullName
    		Write-Host $userfolder
            If (get-qaduser "$domain\$userfolder") {
                Get-Acl $userfolder.FullName | Format-List
                $acl = Get-Acl $userfolder.FullName
                $acl.SetAccessRuleProtection($True, $False)
                $rule = New-Object System.Security.AccessControl.FileSystemAccessRule("Everyone","FullControl", "ContainerInherit, ObjectInherit", "None", "Allow")
                $acl.RemoveAccessRuleAll($rule)
                $rule = New-Object System.Security.AccessControl.FileSystemAccessRule("Domain Admins","FullControl", "ContainerInherit, ObjectInherit", "None", "Allow")
                $acl.AddAccessRule($rule)
                $rule = New-Object System.Security.AccessControl.FileSystemAccessRule($userfolder.Name,"Modify", "ContainerInherit, ObjectInherit", "None", "Allow")
                $acl.AddAccessRule($rule)
                $acct=New-Object System.Security.Principal.NTAccount($domain,$userfolder.name)
                $acl.SetOwner($acct)
                Set-Acl $userfolder.FullName $acl
                Get-Acl $userfolder.FullName  | Format-List
    			$files = get-childitem -literalpath $userfolder.FullName -rec 
    			foreach($file in $files){
    				Write-Host $file.FullName
    				$item = get-item -literalpath $file.FullName
    				$acl = $item.GetAccessControl()
    				$acl.SetAccessRuleProtection($True,$False)
    				$acl.SetOwner($acct)
    				$item.SetAccessControl($acl)
    			}
    			Write-Host $userfolder
            }
    }
    A few points.

    1. You MUST use a UNC path. You cannot run this locally on the machine with the files on. Windows protection will stop it from working.
    2. Change the path in line 1, and the domain in line 3. I could probably have got hold of the domain via another Cmdlet but didn't.
    3. You need the Quest ActiveRoles Management Shell for ActiveDirectory installed (Available here)
    4. You have to run the script within that shell (not the default PowerShell shell) - it will be under Quest Software in your programs list.
    5. I did not write all of the above script. I pinched most of it, but cannot find the site I pinched it from.

    EDIT: Above is now version 2. It takes a lot longer, as there appears to not be an easy way to propagate ownership downwards through files/folders, so it now iterates through all files/folders manually. However, because some files contain [] characters, the old 'get-acl' and 'set-acl' won't work as they see them as globbing operators. So instead, the get-item command is used with -literalpath to handle them. You will see the occasional random error line though. Not figured out why, and as its handling the vast, vast majority of files, I don't *really* care...
    Last edited by localzuk; 20th August 2012 at 12:39 PM.

  7. #6
    jamesfed's Avatar
    Join Date
    Sep 2009
    Location
    Reading
    Posts
    2,214
    Thank Post
    138
    Thanked 347 Times in 293 Posts
    Rep Power
    90
    This - NTFSFix will fix your permissions.

    For quotas you maybe running something else but in Server 2008 R2 with FSRM you don't need the user set as the folder owner to apply quotas (set it as auto apply template on subfolders) although if you want to do the email alerts you will......

  8. #7

    localzuk's Avatar
    Join Date
    Dec 2006
    Location
    Minehead
    Posts
    18,529
    Thank Post
    527
    Thanked 2,648 Times in 2,049 Posts
    Blog Entries
    24
    Rep Power
    925
    Quote Originally Posted by jamesfed View Post
    This - NTFSFix will fix your permissions.

    For quotas you maybe running something else but in Server 2008 R2 with FSRM you don't need the user set as the folder owner to apply quotas (set it as auto apply template on subfolders) although if you want to do the email alerts you will......
    We still have a 2003 server with disk quotas, not FSRM. So, ownership is needed when putting all the files back for the calculations to be made.

  9. #8

    localzuk's Avatar
    Join Date
    Dec 2006
    Location
    Minehead
    Posts
    18,529
    Thank Post
    527
    Thanked 2,648 Times in 2,049 Posts
    Blog Entries
    24
    Rep Power
    925
    Updated the script to a working version that does ownership on all sub-directories and files.

    EDIT:

    If you want to add more permissions, you can do so by adding more lines like these:

    Code:
                $rule = New-Object System.Security.AccessControl.FileSystemAccessRule("UsernameHere","ReadAndExecute, Traverse, ListDirectory", "ContainerInherit, ObjectInherit", "None", "Allow")
                $acl.AddAccessRule($rule)
    Changing the 'ReadAndExecute, Traverse, ListDirectory' bit according to your needs. The different flags are here: http://msdn.microsoft.com/en-us/libr...temrights.aspx
    Last edited by localzuk; 20th August 2012 at 01:21 PM.

  10. #9

    localzuk's Avatar
    Join Date
    Dec 2006
    Location
    Minehead
    Posts
    18,529
    Thank Post
    527
    Thanked 2,648 Times in 2,049 Posts
    Blog Entries
    24
    Rep Power
    925
    EDIT: Le Sigh. This isn't working right. It doesn't propagate permissions now, just ownership...

  11. #10

    localzuk's Avatar
    Join Date
    Dec 2006
    Location
    Minehead
    Posts
    18,529
    Thank Post
    527
    Thanked 2,648 Times in 2,049 Posts
    Blog Entries
    24
    Rep Power
    925
    Right!!! After much faffing with PowerShell, I gave up and used C# instead.

    This is confirmed to be working properly. Instructions are in the readme file.

    It requires .net 4 client profile.

    Oh, and it spits out a lot of info on the console, so you might want to pipe it into a text file to check through after. It will skip any folders it errors on (eg. if a user doesn't exist, it will error on them and move on).

    EDIT: Slight update to v0.3 to fix a few things.
    Attached Files Attached Files
    Last edited by localzuk; 21st August 2012 at 02:17 PM.

  12. #11

    localzuk's Avatar
    Join Date
    Dec 2006
    Location
    Minehead
    Posts
    18,529
    Thank Post
    527
    Thanked 2,648 Times in 2,049 Posts
    Blog Entries
    24
    Rep Power
    925
    Oh, and by the way... It will take a long time to do its work.



SHARE:
+ Post New Thread

Similar Threads

  1. Script to reset home area permissions
    By FN-GM in forum Scripts
    Replies: 11
    Last Post: 25th February 2014, 05:06 PM
  2. Searching for inappropriate material on home areas
    By Redemption_Man in forum How do you do....it?
    Replies: 0
    Last Post: 7th July 2010, 02:58 PM
  3. VBS script for prestaging computers anyone?
    By ChrisH in forum Scripts
    Replies: 7
    Last Post: 23rd June 2006, 10:59 AM
  4. Low budget laptop for home use
    By ajbritton in forum Hardware
    Replies: 5
    Last Post: 23rd February 2006, 03:51 PM
  5. Backup Script for NT backup and Robocopy
    By ChrisH in forum Scripts
    Replies: 12
    Last Post: 20th October 2005, 02:01 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •