How to give a user NTFS rights to a folder, via Powershell

Posted by Don on Server Fault See other posts from Server Fault or by Don
Published on 2011-11-15T23:00:00Z Indexed on 2011/11/16 1:55 UTC
Read the original article Hit count: 548

I'm trying to build a script that will create a folder for a new user on our file server. Then take the inherited rights away from that folder and add specific rights back in. I have it successfully adding the folder (if i give it a static entry in the script), giving domain admin rights, removing inheritance, etc...but i'm having trouble getting it to use a variable I set as the user. I don't want there to be a static user each time, I want to be able to run this script, have it ask me for a username, it then goes out and creates the folder, then gives that same user full rights to that folder based on the username i've supplied it. I can use Smithd as a user, like this:

New-Item \\fileserver\home$\Smithd –Type Directory

But can't get it to reference the user like this:

New-Item \\fileserver\home$\$username –Type Directory

Here's what i have:

Creating a new folder and setting NTFS permissions.

$username = read-host -prompt "Enter User Name"

New-Item \\\fileserver\home$\$username –Type Directory

Get-Acl \\\fileserver\home$\$username  

$acl = Get-Acl \\\fileserver\home$\$username

$acl.SetAccessRuleProtection($True, $False)

$rule = New-Object System.Security.AccessControl.FileSystemAccessRule("Administrators","FullControl", "ContainerInherit, ObjectInherit", "None", "Allow")
$acl.AddAccessRule($rule)

$rule = New-Object System.Security.AccessControl.FileSystemAccessRule("Domain\Domain Admins","FullControl", "ContainerInherit, ObjectInherit", "None", "Allow")
$acl.AddAccessRule($rule)

$rule = New-Object System.Security.AccessControl.FileSystemAccessRule("Domain\"+$username,"FullControl", "ContainerInherit, ObjectInherit", "None", "Allow")
$acl.AddAccessRule($rule)

Set-Acl \\\fileserver\home$\$username $acl

I've tried several ways to get it to work, but no luck. Any ideas or suggestions would be welcome, thanks.

© Server Fault or respective owner

Related posts about active-directory

Related posts about permissions