Main Area and Open Discussion > General Software Discussion
Script to set read+write permissions to folders for users based on foldername
questorfla:
We have system that hosts a folder where every employee has a sub-folder for their private use that is named the same as their username for that system. There have been a couple of times when those rights "per user" get removed. The folders are fine, the admin access is fine. But the user who stores files in that folder loses all rights to it for both read and write. I believe this might be tied to a special archive program that runs every 3 months but i have to track it down.
It wondered if there was a way to walk the directory and read the name of each sub-folder within and Add read/write share permissions for each folder to the user with the same name as the folder.
The main folder named "employees" has sub-folders named johnsmith, fredwilson, maryjones, etc. for about 40 - 50 users
The last two times it happened, i went through the list one by one and restored the read/write permissions. Since the folder names are the exact same as the user names (no spaces) I was hoping there would be a way to walk through the sub-folders under "Employees" and add read/write permissions for each folder to the user with the same name as the folder. The User named "johnsmith" would get read/write only to his sub-folder named "johnsmith". Same for "fredwilson" and "maryjones"
Below is an example layout.
C:\Employees\
fredwilson
johnsmith
maryjones
There are no loose files in the Employees folder and no folders that do not belong to Users that have an account on that system. I just wondered is there was a way to handle the issue programmatically when it occurs > Read in the name of the folder and add read/write permissions for that folder to the user with that name.
Would prefer Powershell or batch but whatever works :) I am sure it will be some variation of the "icacls" command.
icacls C:\employees\%user% /grant %user%:(F)
But I am not sure if this is even close as i seldom if ever use icacls
Ath:
tl;dr;
You really should get the cause fixed, not clean up the mess afterward.
4wd:
tl;dr;
You really should get the cause fixed, not clean up the mess afterward.
-Ath (April 02, 2018, 03:03 PM)
--- End quote ---
That's not the way the world works.
wraith808:
tl;dr;
You really should get the cause fixed, not clean up the mess afterward.
-Ath (April 02, 2018, 03:03 PM)
--- End quote ---
That's not the way the world works.
-4wd (April 02, 2018, 04:53 PM)
--- End quote ---
Especially not when someone else is paying you. :-\ :huh: ;D
4wd:
Open a PowerShell console with Admin rights.
Install the PowerShell NTFS Security module from the PowerShell Gallery as per here.
EDIT: If you want to mark the PowerShell Gallery as a Trusted repository, (it's run by Microsoft), open a PoSh console as Admin and enter the following:
--- Code: PowerShell ---Set-PSRepository -Name PSGallery -InstallationPolicy Trusted
PoSh will no longer complain about modules installed from it being non-signed.
Set2Rights.ps1
--- Code: PowerShell ---$source = 'C:\Employees'get-childitem -Path $source -Directory -Name | % { Add-NTFSAccess -Path "$source\$_" -Account "$env:computername\$_" -AccessRights FullControl }
If you don't want them to have full control of their directory, change FullControl to any of the following, multiple terms to be comma separated:
AppendData, ChangePermissions, CreateDirectories, CreateFiles, Delete, DeleteSubdirectoriesAndFiles, ExecuteFile, FullControl, GenericAll, GenericExecute, GenericRead, GenericWrite, ListDirectory, Modify, None, Read, ReadAndExecute, ReadAttributes, ReadData, ReadExtendedAttributes, ReadPermissions, Synchronize, TakeOwnership, Traverse, Write, WriteAttributes, WriteExtendedAttributes
NOTE: OK, I got un-lazy and tested it, couple of typos but it worked.
You'll need to create a shortcut and add options to bypass Policy Control, set the following as Target, (change path to file to suit), and set the Run as admin option, (under Advanced).
powershell.exe -executionpolicy bypass -File "<full path>\Set2Rights.ps1"
Or if running from a CLI/PoSh, (as Admin):
powershell.exe -executionpolicy bypass -File "<full path>\Set2Rights.ps1"
Navigation
[0] Message Index
[#] Next page
Go to full version