danjpadgett/Repair-ACL.ps1

## Repair-ACL.ps1
#Repairs acl and perms for users folders

$paths = (Get-ChildItem -Path "\\company\dfs\Users\")


if ((Get-Module).name -Match "PSCX")

    {}#Null
else

    {
    #Download and install
    $url = "http://download-codeplex.sec.s-msft.com/Download/Release?ProjectName=pscx&DownloadId=923562&FileTime=130585918034470000&Build=21031"
    $output = "C:\windows\temp\PSCX.msi"
    Invoke-WebRequest -Uri $url -OutFile $output
    ##install MSI
    $arguments= ' /qn /l*v C:\windows\temp\PSCX.log'
    Start-Process `
     -file  $output `
     -arg $arguments `
     -passthru | wait-process

    Import-Module "PSCX"

    } # Module is required from http://pscx.codeplex.com/


Set-Privilege (new-object Pscx.Interop.TokenPrivilege "SeRestorePrivilege", $true) #Necessary to set Owner Permissions
Set-Privilege (new-object Pscx.Interop.TokenPrivilege "SeBackupPrivilege", $true) #Necessary to bypass Traverse Checking
Set-Privilege (new-object Pscx.Interop.TokenPrivilege "SeTakeOwnershipPrivilege", $true) #Necessary to override FilePermissions & take Ownership
$blankdirAcl = New-Object System.Security.AccessControl.DirectorySecurity
$blankdirAcl.SetOwner([System.Security.Principal.NTAccount]'BUILTIN\Administrators')

$paths | % {
##Blank Out ACL Info On path and reset
            (Get-Item $_.FullName).SetAccessControl($blankdirAcl)
            $sAMAccountName = $null
            $currentACL = $null
            #Lookup Current Path and Extract username ($samccountname)
                try {
                $sAMAccountName = (Get-ADUser $_.name  | select-object -expandproperty samAccountName)
                } catch {
                        Write-Warning "($_. - The User has not been found in AD)"
                        return
                        }
            $userfolder = "\\company\dfs\Users\$_"
            $FileSystemAccessRights = [System.Security.AccessControl.FileSystemRights]"Modify"
            $InheritanceFlags = [System.Security.AccessControl.InheritanceFlags]::"ContainerInherit", "ObjectInherit"
            $PropagationFlags = [System.Security.AccessControl.PropagationFlags]::None
            $AccessControl =[System.Security.AccessControl.AccessControlType]::Allow
            $NewAccessrule = New-Object System.Security.AccessControl.FileSystemAccessRule ` ($sAMAccountName, $FileSystemAccessRights, $InheritanceFlags, $PropagationFlags, $AccessControl)
            $currentACL = Get-Acl -path $userfolder
            $currentACL.SetAccessRule($NewAccessrule)

                    Write-Host "Managing Permissions for $_ - in folder path '$userfolder'.....please wait.."
		            Set-Acl -path $userfolder -AclObject $currentACL
                    #Set Owner back to SamAccountUser
                    $RepairedACL = New-Object System.Security.AccessControl.DirectorySecurity
                    $RepairedACL.SetOwner([System.Security.Principal.NTAccount]$sAMAccountName)
                    (Get-Item $_.FullName).SetAccessControl($RepairedACL)
}


##//END Home Drive/Permissions Code
	#Repairs acl and perms for users folders

	$paths = (Get-ChildItem -Path "\\company\dfs\Users\")


	if ((Get-Module).name -Match "PSCX")

	{}#Null
	else

	{
	#Download and install
	$url = "http://download-codeplex.sec.s-msft.com/Download/Release?ProjectName=pscx&DownloadId=923562&FileTime=130585918034470000&Build=21031"
	$output = "C:\windows\temp\PSCX.msi"
	Invoke-WebRequest -Uri $url -OutFile $output
	##install MSI
	$arguments= ' /qn /l*v C:\windows\temp\PSCX.log'
	Start-Process `
	-file $output `
	-arg $arguments `
	-passthru \| wait-process

	Import-Module "PSCX"

	} # Module is required from http://pscx.codeplex.com/





	Set-Privilege (new-object Pscx.Interop.TokenPrivilege "SeRestorePrivilege", $true) #Necessary to set Owner Permissions
	Set-Privilege (new-object Pscx.Interop.TokenPrivilege "SeBackupPrivilege", $true) #Necessary to bypass Traverse Checking
	Set-Privilege (new-object Pscx.Interop.TokenPrivilege "SeTakeOwnershipPrivilege", $true) #Necessary to override FilePermissions & take Ownership
	$blankdirAcl = New-Object System.Security.AccessControl.DirectorySecurity
	$blankdirAcl.SetOwner([System.Security.Principal.NTAccount]'BUILTIN\Administrators')

	$paths \| % {
	##Blank Out ACL Info On path and reset
	(Get-Item $_.FullName).SetAccessControl($blankdirAcl)
	$sAMAccountName = $null
	$currentACL = $null
	#Lookup Current Path and Extract username ($samccountname)
	try {
	$sAMAccountName = (Get-ADUser $_.name \| select-object -expandproperty samAccountName)
	} catch {
	Write-Warning "($_. - The User has not been found in AD)"
	return
	}
	$userfolder = "\\company\dfs\Users\$_"
	$FileSystemAccessRights = [System.Security.AccessControl.FileSystemRights]"Modify"
	$InheritanceFlags = [System.Security.AccessControl.InheritanceFlags]::"ContainerInherit", "ObjectInherit"
	$PropagationFlags = [System.Security.AccessControl.PropagationFlags]::None
	$AccessControl =[System.Security.AccessControl.AccessControlType]::Allow
	$NewAccessrule = New-Object System.Security.AccessControl.FileSystemAccessRule ` ($sAMAccountName, $FileSystemAccessRights, $InheritanceFlags, $PropagationFlags, $AccessControl)
	$currentACL = Get-Acl -path $userfolder
	$currentACL.SetAccessRule($NewAccessrule)

	Write-Host "Managing Permissions for $_ - in folder path '$userfolder'.....please wait.."
	Set-Acl -path $userfolder -AclObject $currentACL
	#Set Owner back to SamAccountUser
	$RepairedACL = New-Object System.Security.AccessControl.DirectorySecurity
	$RepairedACL.SetOwner([System.Security.Principal.NTAccount]$sAMAccountName)
	(Get-Item $_.FullName).SetAccessControl($RepairedACL)
	}


	##//END Home Drive/Permissions Code