Created
May 13, 2020 17:02
-
-
Save azure365pro/bd55ed4fe372a994c439c17e0f18fab1 to your computer and use it in GitHub Desktop.
File Server Folder Creator with Groups and Permissions
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<# | |
.Requires -version 2 - Runs in Exchange Management Shell | |
.SYNOPSIS | |
.\FileServerFolder.ps1 - Creates Folder and Applies Standard Permissions for enterprise Environment. | |
.Author | |
Written By: Satheshwaran Manoharan | |
Examples Will be added | |
C:\Scripts> C:\Scripts\FileServerFolder.ps1 | |
File Server - Root Folder Creator | |
---------------------------- | |
1.Create Root Folder on F:\FileServer\ | |
2.Apply Permissions on F:\FileServer\SPECIFIC_FOLDER | |
Importing ActiveDirectory Module | |
Choose The Task: 1 | |
Enter the Root Folder Name: Folder01 | |
Enter the Request ID: 0102 | |
Enter the Owner of the Groups _R and _W E.g UPN Sathesh: Ashok.Magar | |
Creating Root Folder | |
Directory: \\FileServer\F$ | |
Mode LastWriteTime Length Name | |
---- ------------- ------ ---- | |
d---- 11/8/2016 2:48 PM Folder01 | |
Creating Active Directory Groups | |
Applying Request ID Folder01_R | |
Applying Request ID Folder01_W | |
C:\Scripts> C:\Scripts\FileServerFolder.ps1 | |
File Server - Root Folder Creator | |
---------------------------- | |
1.Create Root Folder on F:\FileServer\ | |
2.Apply Permissions on F:\FileServer\SPECIFIC_FOLDER | |
Importing ActiveDirectory Module | |
Choose The Task: 2 | |
Enter the Root Folder Name: folder01 | |
Enter the Root Folder Name: folder01 | |
Removing Inheritance | |
Removing BUILTIN\Users | |
Deny - Delete | |
Add owner Rights | |
Add Read Rights for _R group | |
Add Write Rights for _W group | |
Change Log | |
V1.2, 11/08/2016 | |
#> | |
Write-host " | |
File Server - Root Folder Creator | |
---------------------------- | |
1.Create Root Folder on F:\FileServer\ | |
2.Apply Permissions on F:\FileServer\SPECIFIC_FOLDER | |
"-ForeGround "Cyan" | |
#---------------- | |
# Script | |
#---------------- | |
#Importing ActiveDirectory Module | |
Write-Host "Importing ActiveDirectory Module" | |
Import-Module ActiveDirectory | |
Write-Host " " | |
$number = Read-Host "Choose The Task" | |
$output = @() | |
switch ($number) | |
{ | |
1 { | |
#Saving Required Variables | |
$FolderName = Read-Host "Enter the Root Folder Name" | |
$RequestID = Read-Host "Enter the Request ID" | |
$Managedby = Read-Host "Enter the Owner of the Groups _R and _W E.g UPN Sathesh" | |
$Read = "_R" | |
$Write= "_W" | |
#Creating Directories | |
Write-host "Creating Root Folder" | |
New-Item -Path \\FileServer\F$\$FolderName -type directory | |
#Creating Active Directory Groups _R - Read _W -Write | |
Write-host "Creating Active Directory Groups" | |
New-ADGroup -Name "$FolderName$Read" -SamAccountName $FolderName$Read -GroupCategory Security -GroupScope Global -DisplayName "$FolderName$Read" -Path "OU=02 Groups,DC=Cloudid,DC=biz" | |
New-ADGroup -Name "$FolderName$Write" -SamAccountName $FolderName$Write -GroupCategory Security -GroupScope Global -DisplayName "$FolderName$Write" -Path "OU=02 Groups,DC=Cloudid,DC=biz" | |
#Applying Ticket ID in notes section | |
Write-host "Applying Request ID $FolderName$Read" | |
Set-ADGroup "$FolderName$Read" -replace @{info="Request ID : $RequestID"} -Managedby $Managedby | |
Write-host "Applying Request ID $FolderName$Write" | |
Set-ADGroup "$FolderName$Write" -replace @{info="Request ID : $RequestID"} -Managedby $Managedby | |
;Break} | |
2 { | |
#Saving Required Variables | |
$FolderName = Read-Host "Enter the Root Folder Name" | |
$confirmFolderName = Read-Host "Enter the Root Folder Name" | |
$path = “\\FileServer\F$\$FolderName" | |
$Read = "_R" | |
$Write= "_W" | |
# Directory Name Confirmed | |
if($FolderName -eq $confirmFolderName) | |
{ | |
Write-host "Removing Inheritance" | |
$acl = Get-Acl $path | |
$acl.SetAccessRuleProtection($True, $True) | |
Set-Acl -Path $path -AclObject $acl | |
Write-host "Removing BUILTIN\Users" | |
$acl01 = Get-Acl $path | |
$rules = $acl01.access | Where-Object {$_.IdentityReference -eq "BUILTIN\Users"} | |
ForEach($rule in $rules) | |
{ | |
$acl01.RemoveAccessRule($rule) | Out-Null | |
} | |
Set-ACL -Path $path -AclObject $acl01 | |
Write-host "Deny - Delete " | |
$acl02 = Get-Acl $path | |
$objUser = New-Object System.Security.Principal.NTAccount("Cloudid\$FolderName$Write") | |
$colRights = [System.Security.AccessControl.FileSystemRights]"Delete" | |
$InheritanceFlag = [System.Security.AccessControl.InheritanceFlags]::None | |
$PropagationFlag = [System.Security.AccessControl.PropagationFlags]::None | |
$objType02 =[System.Security.AccessControl.AccessControlType]::Deny | |
$objACE02 = New-Object System.Security.AccessControl.FileSystemAccessRule($objUser, $colRights, $InheritanceFlag, $PropagationFlag, $objType02) | |
$acl02.AddAccessRule($objACE02) | |
Set-ACL -Path $path -AclObject $acl02 | |
Write-host "Add owner Rights" | |
$acl03 = Get-Acl $path | |
$objUser = New-Object System.Security.Principal.NTAccount("OWNER RIGHTS") | |
$colRights = [System.Security.AccessControl.FileSystemRights]"ReadAndExecute, Synchronize" | |
$InheritanceFlag = [System.Security.AccessControl.InheritanceFlags]"ContainerInherit, ObjectInherit" | |
$PropagationFlag = [System.Security.AccessControl.PropagationFlags]::None | |
$objType =[System.Security.AccessControl.AccessControlType]::Allow | |
$objACE03 = New-Object System.Security.AccessControl.FileSystemAccessRule($objUser, $colRights, $InheritanceFlag, $PropagationFlag, $objType) | |
$acl03.AddAccessRule($objACE03) | |
Set-ACL -Path $path -AclObject $acl03 | |
Write-host "Add Read Rights for _R group" | |
$acl04 = Get-Acl $path | |
$objUser = New-Object System.Security.Principal.NTAccount("CLOUDID\$FolderName$Read") | |
$colRights = [System.Security.AccessControl.FileSystemRights]"ReadAndExecute, Synchronize" | |
$InheritanceFlag = [System.Security.AccessControl.InheritanceFlags]"ContainerInherit, ObjectInherit" | |
$PropagationFlag = [System.Security.AccessControl.PropagationFlags]::None | |
$objType =[System.Security.AccessControl.AccessControlType]::Allow | |
$objACE04 = New-Object System.Security.AccessControl.FileSystemAccessRule($objUser, $colRights, $InheritanceFlag, $PropagationFlag, $objType) | |
$acl04.AddAccessRule($objACE04) | |
Set-ACL -Path $path -AclObject $acl04 | |
Write-host "Add Write Rights for _W group" | |
$acl05 = Get-Acl $path | |
$objUser = New-Object System.Security.Principal.NTAccount("CLOUDID\$FolderName$Write") | |
$colRights05 = [System.Security.AccessControl.FileSystemRights]"Modify, Synchronize" | |
$InheritanceFlag = [System.Security.AccessControl.InheritanceFlags]"ContainerInherit, ObjectInherit" | |
$PropagationFlag = [System.Security.AccessControl.PropagationFlags]::None | |
$objType =[System.Security.AccessControl.AccessControlType]::Allow | |
$objACE05 = New-Object System.Security.AccessControl.FileSystemAccessRule($objUser, $colRights05, $InheritanceFlag, $PropagationFlag, $objType) | |
$acl05.AddAccessRule($objACE05) | |
Set-ACL -Path $path -AclObject $acl05 | |
} | |
else | |
{ | |
Write-host "Re-enter Folder Name" | |
} | |
;Break} | |
Default {Write-Host "No matches found , Enter Options 1 or 2" -ForeGround "red"} | |
} | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment