none
NTFSSecurity 3.2.3 PS module RRS feed

  • General discussion

  • Hi all

    I downloaded and am using this module: NTFSSecurity 3.2.3. Link:

    https://gallery.technet.microsoft.com/scriptcenter/1abd77a5-9c0b-4a2b-acef-90dbb2b84e85

    I then proceeded to create the following script:

    Import-Module NTFSSecurity
    $Departments = "M","MS","MA","MB","MD","ME","MP","MTR","MTC","MTV","MTYT","MTBI","MTN" ForEach($Department in $Departments){ $AccGroupFull = "MyDomain.local\Acc-$Department-Full" $AccGroupRead = "MyDomain.local\Acc-$Department-Read" $DomainUsers = "MyDomain.local\Domain Users" $DomainAdmins = "MyDomain.local\Domain Admins" $RootPath = "\\files.MyDomain.local\CIFS1\data\files\shared\$Department" $DepartmentPath = "\\files.MyDomain.local\CIFS1\data\files\shared\$Department\Department" $PublicPath = "\\files.MyDomain.local\CIFS1\data\files\shared\$Department\Public" # Grant domain admins full access Add-NTFSAccess -Account $DomainAdmins -AccessRights FullControl -Path $RootPath Add-NTFSAccess -Account $DomainAdmins -AccessRights FullControl -Path $PublicPath Add-NTFSAccess -Account $DomainAdmins -AccessRights FullControl -Path $DepartmentPath # Grant everyone in MyDomain list rights to root directory and read/execute to public folder Add-NTFSAccess -Account $DomainUsers -AccessRights ListDirectory -Path $RootPath Add-NTFSAccess -Account $DomainUsers -AccessRights ReadAndExecute -Path $PublicPath # Grant members of the Acc-Department-Full access Add-NTFSAccess -Account $AccGroupFull -AccessRights ReadAndExecute,Write -Path $DepartmentPath Add-NTFSAccess -Account $AccGroupFull -AccessRights ReadAndExecute,Write -Path $PublicPath # Grant members of the Acc-Department-Read access Add-NTFSAccess -Account $AccGroupRead -AccessRights ReadAndExecute -Path $DepartmentPath # Disable inheritance for both the root, department and public folder Disable-Inheritance -Path $RootPath -RemoveInheritedAccessRules Disable-Inheritance -Path $PublicPath -RemoveInheritedAccessRules Disable-Inheritance -Path $DepartmentPath -RemoveInheritedAccessRules }

    If I go to the folder it correctly displays the security groups on the folder with the rights I want, but it doesn't actually work. If I then proceed to modify the security for each group added to the folder by adding an extra right, pressing apply and then removing the same right and pressing apply again, then it will work perfectly. It's like it doesn't fully realize that the new permissions have been set through a script untill I manually change something.

    I've also tried setting it with the SID of the security groups. which I can see is then succesfully resolved to the name of the group on the security of the folder, but it still doesn't work.

    Any ideas why I'm having this issue? Thanks for any help! :-)

    Tuesday, June 30, 2015 6:44 AM

All replies