locked
Copy permissions through different computers RRS feed

  • Question

  • Hello,

    I'm a teacher and I have to configure multiple computers. I modified permissions in different parts of the directories on my 1st computer to allow softwares to work for standard user (not administrator ones).

    I was able to get permissions with get-acl on a directory (and write it in a variable var) and to use these permissions with set-acl on another directory. 

    I was able to display $var, but just a part of it. To be concrete, here are my commands in an administrator powershell (copy permissions from .\Temp2 to .\Temp3):

    $MineDir = Get-Acl -Path .\Temp2\

    Set-Acl -Path ".\Temp3\" -AclObject $MineDir

    echo $MineDir 

    gives: 

    Temp2 UX32VD_util1\util1 BUILTIN\Users Deny  DeleteSubdirectoriesAndFiles, Modify, ChangePermissions...

    As you can see I don't have all of the contents of MineDir displayed.

    If I use :

     $testt = echo $DogACL | Format-List

    I get all of the permissions formatted.

    So my questions are:

    1/ How to get permissions on a directory and be able to copy the contents in a script to be able later to use it on other computers ?

    2/ Is-it possible to modify name on this content (user1 becomes user2, ... and computer name computer1 becomes computer2, ...).

    3/ I want to get permissions on directories under directory1 for example and to be able to apply them on all others computers (the directory structure is identical because I cloned all computers). Is-it possible ?

    Thanks for help


    Saturday, September 23, 2017 6:06 PM

All replies

  • Teacher?  You certainly don't teach grammar, logic or writing.

    Reread what you wrote and see if it makes any sense.

    As a teacher you should know the first rule - study something before trying to use it.

    1/ How to get permissions on a directory and be able to copy the contents in a script to be able later to use it on other computers ?

         Doesn't make sense grammatically  or technically.  What are you trying to ask?  Are you trying to ask how to copy permissions between computers?

    2/ Is-it possible to modify name on this content (user1 becomes user2, ... and computer name computer1 becomes computer2, ...).

        An ACE does not have a rename method.

    3/ I want to get permissions on directories under directory1 for example and to be able to apply them on all others computers (the directory structure is identical because I cloned all computers). Is-it possible ?

         You need to start by learning abut NTFS security.  Security is not a set of strings.  It is a binary structure containing account objects and permissions flags.

    First you need to learn PowerShell so you will not waste time guessing.

    Learn PowerShell: https://mva.microsoft.com/en-us/training-courses/getting-started-with-microsoft-powershell-8276

    Next learn NTFS security: https://technet.microsoft.com/en-us/library/2005.11.howitworksntfs.aspx

    Look in the Gallery for examples of working with NTFS security descriptors: http://gallery.technet.microsoft.com

    You can also search for blogs that give examples of how to work with security.

    The teacher needs to go back to school.  You might also try asking your students.  I bet at least one of them is a PowerShell wizard.


        


    \_(ツ)_/

    Saturday, September 23, 2017 6:41 PM
  • You need to look at powershell remoting, SET-ACL / ICACLS examples,  maybe looping examples. 

    In your script, dont try to copy current settings (which u modify through GUI), write a script where the permissions are hard-coded inside script ..

    If I set my folders on remote computers, i usually remove all permisions except "Administrators" related, then set new one i need.  

    All you need is easily achievable through powershell  (no more than 20-30 lines of code).

    Look at links JRV posted, i think there is everything u need to achieve your goal.   

    Sunday, September 24, 2017 8:07 AM
  • Hello JRV,

    Thanks for reply. I'm not a teacher in computer science nor a native english. So I change my sentences multiple times (copy/paste), and you're right finally the 1st question is not understandable.

    But you understood this 1st question: yes i want to copy permissions from one computer to other ones, which have the same structure of directories (the computers were cloned). I'm able to copy permissions from one directory on a computer to another one. But not to another computer.

    OK, no rename method for 2nd question.

    For the 3rd answer, I understand NTFS permissions and I'm able to modify them correctly by hand. I want to automate the process because at the beginning I have only 3 computers and now I have 35 computers to configure. And my question was if it's possible to copy permissions for all directories under a directory and to apply them in another computer. But i didn't find something like this on forums. So it was the purpose of my question.

    Have a nice day !


    • Edited by Goupil35000b Sunday, September 24, 2017 11:41 AM
    Sunday, September 24, 2017 11:05 AM
  • Hello Mekac,

    Thanks for your very interesting answer.

    I will hard-coded permissions in script if i didn't find another solution. But I think I will try to see if I'm able to read permissions through network and to apply them on other computers.


    Sunday, September 24, 2017 11:52 AM
  • Thank you for trying to clarify and please excuse my little bit of fun.

    You are also asking to rename permissions which is not possible.  YOU can use a backup program or RoboCopy to copy folders and permissions within the same domain.  You can then use a program called "SubInAcl" (SUBstitute IN ACL) to replace an account name in an ACL.

    RoboCopy /?

    SubInAcl /?  https://www.microsoft.com/en-us/download/details.aspx?id=23510

    These two utilities will do what you ask.

    I still say your students can help you with this.  They may already be master hackers.  In any case it would be a good lesson.  I used to teach second graders about electricity and electric distribution technology.  They had great questions.  I learned a lot from them.


    \_(ツ)_/

    Sunday, September 24, 2017 11:52 AM