Applying permissions across many folders

user2988831 picture user2988831 · Nov 13, 2013 · Viewed 13.9k times · Source

I need to create a script that will apply permissions on many folders, with different permissions depending on the folder name. There is a root folder share, inside of which is a folder representing each client. Inside of each client folder is a departmental folder. I need to restrict access to each department folder by security group, so that only the people belonging to the department can access them.

It would look as follows:

ROOT FOLDER SHARE  
|  
|-----CLIENT1 (everyone has access)  
|.......|------DEPARTMENT1 (only members of department1 have access)  
|.......|------DEPARTMENT2 (only members of department2 have access)  
|.......|------DEPARTMENT3 (only members of department3 have access)  
|  
|-----CLIENT2 (everyone has access)  
|.......|------DEPARTMENT1 (only members of department1 have access)  
|.......|------DEPARTMENT2 (only members of department2 have access)  
|.......|------DEPARTMENT3 (only members of department3 have access)  
|  
|-----CLIENT3 (everyone has access)  
........|------DEPARTMENT1 (only members of department1 have access)  
........|------DEPARTMENT2 (only members of department2 have access)  
........|------DEPARTMENT3 (only members of department3 have access)  

I'm not entirely sure how to pull this off correctly. Can someone please help point me in the right direction? This is on a server running Windows Server 2008 R2 with active directory setup.

What I currently have looks like this (which seems like it works):

$Path = Read-Host "What is the starting path?"
$DirectoryName = Read-Host "What is the name of the directory?"
$SecurityGroup = Read-Host "What is the name of the security group that will be given permissions on these directories?"
$ListOfDirectories = Get-ChildItem $Path -Recurse | Where-Object { $_.PSIsContainer } | Where-Object { $_.name -eq $DirectoryName } | foreach-object -process { $_.FullName }

foreach ($directory in $ListOfDirectories) {
    icacls.exe $directory /grant ""$SecurityGroup":M" /t
}

Answer

xashcorex picture xashcorex · Nov 14, 2013

You can use the Set-ACL command to automate permissions settings with PowerShell.

There is a good article overhere that can help you with this task...

http://technet.microsoft.com/en-us/magazine/2008.02.powershell.aspx