How to give a user NTFS rights to a folder, via Powershell
Posted
by
Don
on Server Fault
See other posts from Server Fault
or by Don
Published on 2011-11-15T23:00:00Z
Indexed on
2011/11/16
1:55 UTC
Read the original article
Hit count: 548
I'm trying to build a script that will create a folder for a new user on our file server. Then take the inherited rights away from that folder and add specific rights back in. I have it successfully adding the folder (if i give it a static entry in the script), giving domain admin rights, removing inheritance, etc...but i'm having trouble getting it to use a variable I set as the user. I don't want there to be a static user each time, I want to be able to run this script, have it ask me for a username, it then goes out and creates the folder, then gives that same user full rights to that folder based on the username i've supplied it. I can use Smithd as a user, like this:
New-Item \\fileserver\home$\Smithd –Type Directory
But can't get it to reference the user like this:
New-Item \\fileserver\home$\$username –Type Directory
Here's what i have:
Creating a new folder and setting NTFS permissions.
$username = read-host -prompt "Enter User Name"
New-Item \\\fileserver\home$\$username –Type Directory
Get-Acl \\\fileserver\home$\$username
$acl = Get-Acl \\\fileserver\home$\$username
$acl.SetAccessRuleProtection($True, $False)
$rule = New-Object System.Security.AccessControl.FileSystemAccessRule("Administrators","FullControl", "ContainerInherit, ObjectInherit", "None", "Allow")
$acl.AddAccessRule($rule)
$rule = New-Object System.Security.AccessControl.FileSystemAccessRule("Domain\Domain Admins","FullControl", "ContainerInherit, ObjectInherit", "None", "Allow")
$acl.AddAccessRule($rule)
$rule = New-Object System.Security.AccessControl.FileSystemAccessRule("Domain\"+$username,"FullControl", "ContainerInherit, ObjectInherit", "None", "Allow")
$acl.AddAccessRule($rule)
Set-Acl \\\fileserver\home$\$username $acl
I've tried several ways to get it to work, but no luck. Any ideas or suggestions would be welcome, thanks.
© Server Fault or respective owner