locked
IF statement not working RRS feed

  • Question

  • Hi,

    I'm trying to write a script to remotely add a group to all shared folders in the environment, using IF-ElseIF statements to differentiate between permissions levels. It sets permissions ok, but ignores the IF block and just sets permissions as per the first block. I really can't see where I've gone wrong.

    $ObjFolder = (Get-WMIObject -Class Win32_Share -ComputerName $Server | Where {$_.Name -Like "$Folder"} | Select Name, Path) $str = ($ObjFolder).Path $str = $str.Replace(':','$') $Target = "\\$Server\$Str" IF ($Permissions = "Modify"{ $Rule = $ACE+':(OI)(CI)M' } ElseIF ($Permissions = "ReadOnly"){ $Rule = $ACE+':(OI)(CI)RX' }

    cmd /c "icacls $Target /Grant $Rule /C /Q"


    I've tried it with calling icacls.exe (as above), and also using Set-ACL in case it made a difference but it didn't.

    	$ObjFolder = (Get-WMIObject -Class Win32_Share -ComputerName $Server | Where {$_.Name -Like "$Folder"} | Select Name, Path)	
    
    	$str = ($ObjFolder).Path
    	$str = $str.Replace(':','$')
    	$Target =  "\\$Server\$Str"
    
    		IF ($Permissions = "Modify")
    		{
    
    			$objACE = New-Object System.Security.AccessControl.FileSystemAccessRule("$ACE", "Modify", "ObjectInherit,ContainerInherit", "None", "Allow") 
    
    			$objACL = Get-ACL $Target 
    			$objACL.AddAccessRule($objACE) 
    
    			Set-ACL $Target $objACL
    		
    		}
    
    		ElseIF ($Permissions = "ReadOnly")
    		{
    
    			$objACE = New-Object System.Security.AccessControl.FileSystemAccessRule("$ACE", "ReadAttributes, ReadData, ReadPermissions", "ObjectInherit,ContainerInherit", "None", "Allow") 
    
    			$objACL = Get-ACL $Target 
    			$objACL.AddAccessRule($objACE) 
    
    			Set-ACL $Target $objACL
    
    		}

    Any and all help greatly appreciated.

    Thanks,

    Rich


    Monday, January 19, 2015 12:03 PM

Answers

  • The following line:

    IF ($Permissions = "Modify")

    assigns "Modify" to $permissions and test the result.  This willl always be true.

    To use if/else youneed to undrstand how expressions work in PowerShell.  THe ccode you are using is not the kind of expression you want.

    Start here: help about_if

    Some tests:

    $x = 1
    $x -eq 2
    $x -eq 1



    ¯\_(ツ)_/¯

    Monday, January 19, 2015 12:36 PM

All replies

  • Where do you set the $permissions variable? Neither of those snippets includes it, which implies that you might have just left the $permissions variable set to "Modify" without altering it.
    Monday, January 19, 2015 12:06 PM
  • When you run the script:

    .\Permissions.ps1 -Server <servername> -Folder <targetfolder> -ACE <ACE to be added> -Permissions <permission level>

    Monday, January 19, 2015 12:09 PM
  • The following line:

    IF ($Permissions = "Modify")

    assigns "Modify" to $permissions and test the result.  This willl always be true.

    To use if/else youneed to undrstand how expressions work in PowerShell.  THe ccode you are using is not the kind of expression you want.

    Start here: help about_if

    Some tests:

    $x = 1
    $x -eq 2
    $x -eq 1



    ¯\_(ツ)_/¯

    Monday, January 19, 2015 12:36 PM
  • Note that youhave a bit of fall through code which will not work as expected.


    ¯\_(ツ)_/¯

    Monday, January 19, 2015 12:37 PM
  • Of course it does, that wasn't obvious or anything...

    Corrected and working fine.

    Thanks JRV


    Monday, January 19, 2015 1:01 PM
  • if( <A> )
    elseif (<B>
    else ->>> ?????

    if it is nether what will happen?


    ¯\_(ツ)_/¯

    Monday, January 19, 2015 1:06 PM