locked
Setting permissions on a home folder RRS feed

  • Question

  • Hello

    Im creating a script to create home directories for users and set permissions on them.

    My script does create the folders but does not set the actual permissions on the users folder.

    Here's my code.

    $User = Get-ADUser -filter * -SearchBase "OU=DomainUsers,DC=Terry,DC=Local" | Select Name,SamAccountName,SID
    ForEach ($x in $User.SamAccountName) {
    #param([Parameter(Mandatory=$true)][String]$samAccountName)
     
    $fullPath = "\\terry-server01\Userhome\$x"
    $driveLetter = "W:"
     
        Set-ADUser $x -HomeDrive $driveLetter -HomeDirectory $fullPath -ea Stop
        $homeShare = New-Item -path $fullPath -ItemType Directory -force -ea Stop
     
        $acl = Get-Acl $homeShare
     
        $FileSystemRights = [System.Security.AccessControl.FileSystemRights]"Modify"
        $AccessControlType = [System.Security.AccessControl.AccessControlType]::Allow
        $InheritanceFlags = [System.Security.AccessControl.InheritanceFlags]"ContainerInherit, ObjectInherit"
        $PropagationFlags = [System.Security.AccessControl.PropagationFlags]"InheritOnly"
     
        $AccessRule = New-Object System.Security.AccessControl.FileSystemAccessRule ($x, $FileSystemRights, $InheritanceFlags, $PropagationFlags, $AccessControlType)
        $acl.AddAccessRule($AccessRule)
     
        Set-Acl -Path $homeShare -AclObject $acl -ea Stop
     
        Write-Host ("HomeDirectory created at {0}" -f $fullPath)
    } 

    When viewing the permissions on each folder (client01 - client12), Client01 etc shows up in the list of Security users, but has no permissions applied.  Also  Terry\Users has read&Execute, list and Read for permissions; and because this is a Home folder, only the specific user should have permissions (Modify).

    I don't get any errors when running the script, the folders get created in the right place (client01, client02 etc).

    What am I doing incorrectly or not doing?

    Thank You

    Terry

    Wednesday, September 5, 2018 10:07 PM

All replies

  • This is normally done by Group Policy which does it automatically and sets the permissions correctly.

    Post in GP forum to learn how to do this correctly.

    The method you are using has not been needed since Windows 2000/XP.


    \_(ツ)_/

    Wednesday, September 5, 2018 10:22 PM
  • The following shows you how to set the homedrive and folder correctly for modern AD and Windows:

    https://community.spiceworks.com/how_to/83883-configure-user-home-folders-and-folder-redirection


    \_(ツ)_/

    Wednesday, September 5, 2018 10:29 PM
  • Yes, I can do it via GP, but in this instance, I will be doing it via powershell.

    Thank You

    Terry

    Thursday, September 6, 2018 2:21 PM
  • All you need to do is search and you will find many blogs that describe various ways to do what you ask.


    \_(ツ)_/

    Thursday, September 6, 2018 4:58 PM
  • Ok, so I've decided to map the drive using user preferences in GP.  And it maps fine.

    However, the folders I created for each user are not getting the proper permissions.

    system has fullcontrol --> which it should

    Administrators have full control ---> which they should

    but domain users have Read&execute, list folders and read ---> which they shouldn't.

    The actual user for the folder (ex:  Client 01) is not even listed there.

    Thank you

    Terry

    Thursday, September 6, 2018 8:31 PM
  • Please search for a blog that tells you how to do this.

    Better yet, use folder redirection which is designed to solve this issue.


    \_(ツ)_/

    Thursday, September 6, 2018 8:50 PM
  • Use group policy and also how many uses are there in your environment 

    I would stay away from scripts as you can do all this from GPO 

    This link will help in setting it up 

    http://www.grouppolicy.biz/2012/07/how-to-set-users-home-folder-via-group-policy-in-windows-8/

    • Proposed as answer by KeshGuru Thursday, September 6, 2018 9:08 PM
    Thursday, September 6, 2018 9:08 PM