locked
For each folder in a share RRS feed

  • Question

  • Hi All, 

    Im using this script to add permissions to a folder structure that needs a little tlc, however when i run this against a test folder structure it olnly applied to that folder, so my question is how would i add a for each statement to this script to add these permissions to every folder underneath the folder i specify.

    Thanks

    Alex

    param (
    [string]$RootPath,
    [string]$Log
    )


    function Take-Ownership {
    param(
    [String]$Folder
    )
    takeown.exe /A /F $Folder
    $CurrentACL = Get-Acl $Folder
    write-host ...Adding NT Authority\SYSTEM to $Folder -Fore Yellow
    $SystemACLPermission = "NT AUTHORITY\SYSTEM","FullControl","ContainerInherit,ObjectInherit","None","Allow"
    $SystemAccessRule = new-object System.Security.AccessControl.FileSystemAccessRule $SystemACLPermission
    $CurrentACL.AddAccessRule($SystemAccessRule)
    write-host ...Adding AdminGroup to $Folder -Fore Yellow
    $AdminACLPermission = "Domain\Group","FullControl","ContainerInherit,ObjectInherit","None","Allow"
    $SystemAccessRule = new-object System.Security.AccessControl.FileSystemAccessRule $AdminACLPermission
    $CurrentACL.AddAccessRule($SystemAccessRule)
    Set-Acl -Path $Folder -AclObject $CurrentACL
    }

    function Test-Folder($FolderToTest){
    $error.Clear()
    Get-ChildItem $FolderToTest -Recurse -ErrorAction SilentlyContinue | Select FullName
    if ($error) {
    foreach ($err in $error) {
    if($err.FullyQualifiedErrorId -eq "DirUnauthorizedAccessError,Microsoft.PowerShell.Commands.GetChildItemCommand") {
    Write-Host Unable to access $err.TargetObject -Fore Red
    Write-Host Attempting to take ownership of $err.TargetObject -Fore Yellow
    Take-Ownership($err.TargetObject)
    Test-Folder($err.TargetObject)
    }
    }
    }
    }
    Start-Transcript $Log
    Take-OwnerShip ($RootPath)
    Test-Folder($RootPath)
    Stop-Transcript

    Tuesday, February 2, 2016 11:31 AM

Answers

  • You might want to take a look at File System Security PowerShell Module 4.2.1. This makes permissions management a lot easier.

    You should not add the permissions explicitly to each folder as permissions are usually inherited. The cmdlet Add-NTFSAccess provides the AppliesTo parameter that takes values like ThisFolderSubfoldersAndFiles or SubfoldersAndFilesOnly.

    These cmdlets are making use of the Backup, Restore and TakeOwnership privilege. If you are an administrator you can also manage permissions of files that you do not have access to.


    -Raimund


    Tuesday, February 2, 2016 1:12 PM

All replies

  • Edit: Better version

    There's two ways to do this. You can either use 'Recursion' where you go through each folder, make the changes and then check for subfolders where you do the same thing again.

    Or you can just use a comandlet that grabs all the folders under a starting path and do a for-each over them. That is recursion but the head scratching bit is done for you. See here for the latter:

    http://blogs.technet.com/b/heyscriptingguy/archive/2014/02/03/list-files-in-folders-and-subfolders-with-powershell.aspx

    Tuesday, February 2, 2016 11:49 AM
  • You might want to take a look at File System Security PowerShell Module 4.2.1. This makes permissions management a lot easier.

    You should not add the permissions explicitly to each folder as permissions are usually inherited. The cmdlet Add-NTFSAccess provides the AppliesTo parameter that takes values like ThisFolderSubfoldersAndFiles or SubfoldersAndFilesOnly.

    These cmdlets are making use of the Backup, Restore and TakeOwnership privilege. If you are an administrator you can also manage permissions of files that you do not have access to.


    -Raimund


    Tuesday, February 2, 2016 1:12 PM
  • Thanks
    Wednesday, February 3, 2016 1:04 PM