locked
Rights for scanner on a folder in the user home folder RRS feed

  • Question

  • Hello guys and girls,

    I have the following situation

    \\Server\Home\  Read/List rights 'this folder only' for the group DL_SCANUTIL  - This is not the problem

    \\Server\Home\Username1\SCAN

    \\Server\Home\Username1\Documents

    \\Server\Home\Username2\SCAN

    \\Server\Home\Username2\Documents

    \\Server\Home\Username3\SCAN

    \\Server\Home\Username3\Documents

    \\Server\Home\Username4\SCAN

    \\Server\Home\Username4\Documents

    \\Server\Home\Username5\SCAN

    \\Server\Home\Username5\Documents

    Goal: For every user I want the  DL_SCANUTIL group to have modify right on only the SCAN folder in a user directory.

    I this situation how would I do this with powershell? Or are there other options?


    • Edited by Borgy333 Wednesday, July 1, 2020 12:15 PM
    Wednesday, July 1, 2020 12:14 PM

Answers

  • Ok here is my solution:

    $FolderPath = "D:\Users\" 
    foreach ($homeFolder in (Get-ChildItem $FolderPath -Recurse | Where {$_.psIsContainer -eq $true -and $_.name -like "My Scans"} )) { 
        
        $acl = Get-Acl $homefolder.FullName 
        $rule = New-Object System.Security.AccessControl.FileSystemAccessRule("Domain\DL_SCANUTIL","Modify","ContainerInherit,ObjectInherit","None","Allow")
        $acl.AddAccessRule($rule) 
        Set-Acl $homefolder.FullName $acl 
    }




    • Proposed as answer by Vector BCO Wednesday, July 1, 2020 4:15 PM
    • Marked as answer by Borgy333 Wednesday, July 1, 2020 5:49 PM
    • Edited by Borgy333 Wednesday, July 1, 2020 5:53 PM
    Wednesday, July 1, 2020 4:04 PM

All replies

  • Yes. You can use ICACLS or just use Explorer to set the security of folders.

    Group Policy can also be used to set security on specific folders.


    \_(ツ)_/

    Wednesday, July 1, 2020 1:23 PM
  • I've tried group policy with no result. Do you set it on the specific fileserver with a %username% variable?

    And with ICALCS do you use the %username% variable to loop through it?

    Wednesday, July 1, 2020 1:34 PM
  • Your question and choices have little to do with PowerShell as they are issues of how to use Windows.  ICACLS is documented well and can be found with your search engine.

    For help with using Group Policy post your issues in the Group Policy forum.

    Also, if you search for "how to set folder permissions" you will find many articles explaining how to use various tools including PowerShell to set permissions.


    \_(ツ)_/

    Wednesday, July 1, 2020 1:59 PM
  • This is not my question. I know how to set permissions. I know Powershell, but I'm stuck on setting permissions on 1 folder on a home drive and leaving other folders alone, for 1000 users. So i thought the best way to do this was Powershell and I'm asking some thoughts. 

    Don't bother, I have some ideas, I will post the solution here.

    • Edited by Borgy333 Wednesday, July 1, 2020 2:34 PM
    Wednesday, July 1, 2020 2:17 PM
  • Ok here is my solution:

    $FolderPath = "D:\Users\" 
    foreach ($homeFolder in (Get-ChildItem $FolderPath -Recurse | Where {$_.psIsContainer -eq $true -and $_.name -like "My Scans"} )) { 
        
        $acl = Get-Acl $homefolder.FullName 
        $rule = New-Object System.Security.AccessControl.FileSystemAccessRule("Domain\DL_SCANUTIL","Modify","ContainerInherit,ObjectInherit","None","Allow")
        $acl.AddAccessRule($rule) 
        Set-Acl $homefolder.FullName $acl 
    }




    • Proposed as answer by Vector BCO Wednesday, July 1, 2020 4:15 PM
    • Marked as answer by Borgy333 Wednesday, July 1, 2020 5:49 PM
    • Edited by Borgy333 Wednesday, July 1, 2020 5:53 PM
    Wednesday, July 1, 2020 4:04 PM
  • I've tested it and it works like a charm and very fast. 
    Wednesday, July 1, 2020 4:08 PM
  • I've tested it and it works like a charm and very fast. 
    if you have found working solution please mark your comment as an answer

    The opinion expressed by me is not an official position of Microsoft

    Wednesday, July 1, 2020 4:14 PM
  • Ok here is my solution:

    $FolderPath = "D:\Users\" 
    foreach ($homeFolder in (Get-ChildItem $FolderPath -Recurse | Where {$_.psIsContainer -eq $true -and $_.name -like "My Scans"} )) { 
        $targetFolder 
        $acl = Get-Acl $homefolder.FullName 
        $rule = New-Object System.Security.AccessControl.FileSystemAccessRule("Domain\DL_SCANUTIL","Modify","ContainerInherit,ObjectInherit","None","Allow")
        $acl.AddAccessRule($rule) 
        Set-Acl $homefolder.FullName $acl 
    }
    targetfolder var not assigned ;)

    The opinion expressed by me is not an official position of Microsoft

    Wednesday, July 1, 2020 4:15 PM
  • Hey Vector,

    Target folder is from the test, I've tested it with two loop, but because you use Get-Childitem you don't need an extra loop, you can recurse. 

    Thanks, I will remove it.

    Wednesday, July 1, 2020 5:53 PM