This one will be short and sweet.
Imagine you have an Active Directory full of users. You also have a file server in your environment. And, as it happens, each of your users needs to have a folder created just for himself, on this file server. Each folder should have inheritance disabled and each user should get full permissions on his folder.
What do you do?
Well, we can manually create the required folders, or we can use a PowerShell script which will do it for us. Obviously, I’ve chosen PowerShell (maybe not the nicest script in the world, but it does the job), or this post would be… lame.
So, the interesting part of this script goes like this (I’ve added a few empty lines to make comments more visible):
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 |
# get user/folder names from Active Directory (SamAccountName property) $users = Get-ADUser -Filter * | Select SamAccountName foreach($user in $users) { $folder = "D:\Share\$user" # create a (sub)folder for each user New-Item -Path $folder -Type Directory # read the current access rules applied to a folder $acl = Get-Acl -Path $folder # disable the inheritance, but leave the inherited access rules in place $acl.SetAccessRuleProtection($True, $True) # add Full access rule for a specific user $rule = New-Object System.Security.AccessControl.FileSystemAccessRule("$user","FullControl", "ContainerInherit, ObjectInherit", "None", "Allow") # add this rule to existing ruleset $acl.AddAccessRule($rule) # and finally, apply the new ruleset to a folder Set-Acl -Path $folder -AclObject $acl } |
Cheers!