I need to create a script that will apply permissions on many folders, with different permissions depending on the folder name. There is a root folder share, inside of which is a folder representing each client. Inside of each client folder is a departmental folder. I need to restrict access to each department folder by security group, so that only the people belonging to the department can access them.
It would look as follows:
ROOT FOLDER SHARE
|
|-----CLIENT1 (everyone has access)
|.......|------DEPARTMENT1 (only members of department1 have access)
|.......|------DEPARTMENT2 (only members of department2 have access)
|.......|------DEPARTMENT3 (only members of department3 have access)
|
|-----CLIENT2 (everyone has access)
|.......|------DEPARTMENT1 (only members of department1 have access)
|.......|------DEPARTMENT2 (only members of department2 have access)
|.......|------DEPARTMENT3 (only members of department3 have access)
|
|-----CLIENT3 (everyone has access)
........|------DEPARTMENT1 (only members of department1 have access)
........|------DEPARTMENT2 (only members of department2 have access)
........|------DEPARTMENT3 (only members of department3 have access)
I'm not entirely sure how to pull this off correctly. Can someone please help point me in the right direction? This is on a server running Windows Server 2008 R2 with active directory setup.
What I currently have looks like this (which seems like it works):
$Path = Read-Host "What is the starting path?"
$DirectoryName = Read-Host "What is the name of the directory?"
$SecurityGroup = Read-Host "What is the name of the security group that will be given permissions on these directories?"
$ListOfDirectories = Get-ChildItem $Path -Recurse | Where-Object { $_.PSIsContainer } | Where-Object { $_.name -eq $DirectoryName } | foreach-object -process { $_.FullName }
foreach ($directory in $ListOfDirectories) {
icacls.exe $directory /grant ""$SecurityGroup":M" /t
}
You can use the Set-ACL command to automate permissions settings with PowerShell.
There is a good article overhere that can help you with this task...
http://technet.microsoft.com/en-us/magazine/2008.02.powershell.aspx