I tried the powershell forum at myitfourm.com.
I did not even think to setup a template and store the ACL list and then
just reset from the file. I will give it a go when I get some time today.
Which I may add looks like it will be tomorrow.
Bob
From: Michael B. Smith [mailto:[email protected]]
Sent: Wednesday, August 25, 2010 9:26 PM
To: NT System Admin Issues
Subject: RE: [powershell] clear all permissions on a folder
Which PowerShell forum did you try?
The easiest thing to do is to configure one file and one folder exactly the
way you want.
Then, store off the desired ACL for file and folder
$folderACL = get-acl c:\folder
$fileACL = get-acl c:\folder\specific.file
Then, use that ACL to set the ACL on each item.
For example
Dir x:\some-directory -recurse |% {
If( $_.PSIsContainer ) { set-acl $_
$folderACL; }
Else { set-acl $_ fileACL; }
}
Note, I didn't test the above, but it's pretty close. You might need to use
$_.FullName as the first parameter to set-acl instead of just $_.
Regards,
Michael B. Smith
Consultant and Exchange MVP
http://TheEssentialExchange.com
From: Johonn2 [mailto:[email protected]]
Sent: Wednesday, August 25, 2010 8:20 PM
To: NT System Admin Issues
Subject: [powershell] clear all permissions on a folder
Fyi. I did try the powershell forum but did not get any reply's. Can anyone
help me out here?
I need to figure out how to remove all permissions from a folder then add
"domain admins". History: We are about to begin a data migration from
multiple file servers to one nas-head. Everything we need to do to automate
the migration is completed in a powershell script I have been working on
expect for removing permissions on the old directory. Right now things are
messed up where multiple people have access to other people's home drives.
That is changing with this migration. To insure the data does not change in
the old location once we migrate the data we want to strip all permissions
expect for domain admins. This also insures if there is a problem with the
migration we will have access to the old (backup) data right away.
The script right now exports any user in a set OU where their homeDirectory
does not equal \\newShare\share\%username%
<file:///\\newShare\share\%25username%25> to a csv file along with their AD
account name and current homeDirectory.
What I need to do for removing permissions;
Done - Input csv file of users home directory and parse each record
Done - Get-acl for each homeDirectory
No Clue - Remove each users access from each homeDirectory
Done - Add acl for "domain Admins"
Done - Commit or set-acl.
Example of exported file:
"test02","\\oldShare\share\test02
What I am thinking...
$ADusers = "file location"
#Import AdUser to remove permissions
$colResult = Import-Csv $ADUsers
#parse each record for home directories
foreach ($objHomeDirectory in $colResult)
{
#reterive ACL list of current users homeDirectory
$acl = Get-Acl ($objHomeDirectory.HomeDirectory)
### At this point $acl should hold the ACL list for all users that have
permissions to \\oldShare\share\test02 <file:///\\oldShare\share\test02>
### I am just not sure what to do with it to remove permissions.
###
#parse each $acl record and remove permissions
Foreach ...........
Thank you,
Bob
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
