Just want to give thanks again. That was about 100 times easier then what I was trying. I just need to change what you recommended to fit my needs.
Bob From: Michael B. Smith [mailto:[email protected]] Sent: Wednesday, August 25, 2010 9:26 PM To: NT System Admin Issues Subject: RE: [powershell] clear all permissions on a folder Which PowerShell forum did you try? The easiest thing to do is to configure one file and one folder exactly the way you want. Then, store off the desired ACL for file and folder $folderACL = get-acl c:\folder $fileACL = get-acl c:\folder\specific.file Then, use that ACL to set the ACL on each item. For example Dir x:\some-directory -recurse |% { If( $_.PSIsContainer ) { set-acl $_ $folderACL; } Else { set-acl $_ fileACL; } } Note, I didn't test the above, but it's pretty close. You might need to use $_.FullName as the first parameter to set-acl instead of just $_. Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com From: Johonn2 [mailto:[email protected]] Sent: Wednesday, August 25, 2010 8:20 PM To: NT System Admin Issues Subject: [powershell] clear all permissions on a folder Fyi. I did try the powershell forum but did not get any reply's. Can anyone help me out here? I need to figure out how to remove all permissions from a folder then add "domain admins". History: We are about to begin a data migration from multiple file servers to one nas-head. Everything we need to do to automate the migration is completed in a powershell script I have been working on expect for removing permissions on the old directory. Right now things are messed up where multiple people have access to other people's home drives. That is changing with this migration. To insure the data does not change in the old location once we migrate the data we want to strip all permissions expect for domain admins. This also insures if there is a problem with the migration we will have access to the old (backup) data right away. The script right now exports any user in a set OU where their homeDirectory does not equal \\newShare\share\%username% <file:///\\newShare\share\%25username%25> to a csv file along with their AD account name and current homeDirectory. What I need to do for removing permissions; Done - Input csv file of users home directory and parse each record Done - Get-acl for each homeDirectory No Clue - Remove each users access from each homeDirectory Done - Add acl for "domain Admins" Done - Commit or set-acl. Example of exported file: "test02","\\oldShare\share\test02 What I am thinking... $ADusers = "file location" #Import AdUser to remove permissions $colResult = Import-Csv $ADUsers #parse each record for home directories foreach ($objHomeDirectory in $colResult) { #reterive ACL list of current users homeDirectory $acl = Get-Acl ($objHomeDirectory.HomeDirectory) ### At this point $acl should hold the ACL list for all users that have permissions to \\oldShare\share\test02 <file:///\\oldShare\share\test02> ### I am just not sure what to do with it to remove permissions. ### #parse each $acl record and remove permissions Foreach ........... Thank you, Bob ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- You are currently subscribed to ntsysadmin as: [email protected]. To unsubscribe click here: http://lyris.sunbelt-software.com/u?id=8142875.a9cf90b99baa17cb4fcf8293a59eb3b1&n=T&l=ntsysadmin&o=9076905 or send a blank email to leave-9076905-8142875.a9cf90b99baa17cb4fcf8293a59eb...@lyris.sunbelt-software.com
