none
Set ACL Recursively for a single folder within multiple directories RRS feed

  • Question

  • Hello,

    Share Directory is D:\Projects

    Within Projects, we have several hundred project folders --

    • 001-001 Project A
    • 001-002 Project B
    • 001-003 Project C
    • Etc.

    Within each project folder there are many folders and files; However, the one I want to restrict is PM

    • Folder A
    • Folder B
    • Folder C
    • PM
    • miscellaneous files

    The question is how do I setup the ForEach statement to parse the Project Share and only set the ACLs on the PM folder?

    Monday, November 5, 2018 6:22 PM

Answers

  • Hi Erik4000

    To get the list of Folder just use get-childitem with a filter in a variable. Once you have that do a foreach loop. See below 

    I would just create some test folder first to make sure it works correctly. 


    $folders = Get-ChildItem -Directory -Path D:\Projects -Recurse -Filter "PM"
    foreach ($folder in $folders){
    ##adds PM group to PM folder
    $acl = Get-Acl -path $folder.FullName
    $accessRule = New-Object System.Security.AccessControl.FileSystemAccessRule `
    ("domain_name\pm_group", "Modify", "ContainerInherit,ObjectInherit", "None", "Allow")
    $acl.SetAccessRule($accessRule)
    $acl | Set-Acl -path $folder.FullName
    }



    If you find that my post has answered your question, please mark it as the answer. If you find my post to be helpful in anyway, please click vote as helpful.

    • Marked as answer by Erik4000 Tuesday, November 6, 2018 3:48 PM
    Monday, November 5, 2018 7:00 PM

All replies

  • What does your script look like so far?

    -- Bill Stewart [Bill_Stewart]

    Monday, November 5, 2018 6:26 PM
    Moderator
  • ##set path
    $path = "D:\Projects"

    ##get project name
    $npf = read-host "Please Enter A Project Name"

    ##create PM folder
    new-item -path $path\$npf\PM -type Directory

    ##removes inheritance from PM folder
    $acl = Get-Item $path\$npf\PM | get-acl
    $acl.SetAccessRuleProtection($true,$true)
    $acl |Set-Acl

    ##remove domain users from PM folder
    $acl = (Get-Item $path\$npf\PM).GetAccessControl('Access')
    $RemoveACL = $acl.Access | ?{ $_.IsInherited -eq $false -and $_.IdentityReference -eq domain_name\domain users" }
    $acl.RemoveAccessRuleAll($RemoveACL)
    $acl | Set-Acl -path $path\$npf\PM

    ##adds PM group to PM folder
    $acl = Get-Acl -path $path\$npf\PM
    $accessRule = New-Object System.Security.AccessControl.FileSystemAccessRule ("domain_name\pm_group", "Modify", "ContainerInherit,ObjectInherit", "None", "Allow")
    $acl.SetAccessRule($accessRule)
    $acl | Set-Acl -path $path\$npf\PM

    ---------------------------------------------------------------

    PM folders have been added manually before this script existed so I need to convert this script and run it against every PM folder so that every PM folder is locked down.

    Monday, November 5, 2018 6:38 PM
  • Hi Erik4000

    To get the list of Folder just use get-childitem with a filter in a variable. Once you have that do a foreach loop. See below 

    I would just create some test folder first to make sure it works correctly. 


    $folders = Get-ChildItem -Directory -Path D:\Projects -Recurse -Filter "PM"
    foreach ($folder in $folders){
    ##adds PM group to PM folder
    $acl = Get-Acl -path $folder.FullName
    $accessRule = New-Object System.Security.AccessControl.FileSystemAccessRule `
    ("domain_name\pm_group", "Modify", "ContainerInherit,ObjectInherit", "None", "Allow")
    $acl.SetAccessRule($accessRule)
    $acl | Set-Acl -path $folder.FullName
    }



    If you find that my post has answered your question, please mark it as the answer. If you find my post to be helpful in anyway, please click vote as helpful.

    • Marked as answer by Erik4000 Tuesday, November 6, 2018 3:48 PM
    Monday, November 5, 2018 7:00 PM