permissions

Set-ACL – Se file and folder permissions

Posted by robd on May 12, 2019
powershell, Server / No Comments

I wanted to add an AD group to all the files and folders in a share, the problem is inheritance had been turned off on lots of the folders so I couldn’t just add the AD group to the top and let it filter down. So the solution was to use PowerShell.
First I mapped a drive to the Share (x: in this case). Why didn’t I run this on the server? UAC is a pain in the bum.

You’ll need to change the path and the domain and AD group.

$folders = Get-ChildItem -Directory -Path X:\ -Recurse
foreach ($folder in $folders){
$acl = Get-Acl -path $folder.FullName
$accessRule = New-Object System.Security.AccessControl.FileSystemAccessRule `
("DOMAIN\AD_GROUP", "FullControl", "ContainerInherit,ObjectInherit", "None", "Allow")
$acl.SetAccessRule($accessRule)
$acl | Set-Acl -path $folder.FullName
}

 

Tags: ,

Get-ACL – Report file and folder permissions

Posted by robd on May 11, 2019
powershell, Server / No Comments

If you need to report out file and folder permissions of a file share, see the below PowerShell.

First map the the share to a drive if it isnt already.  In my case X: drive.

Why didn’t I do this on the server hosting the files?  UAC gets in the way and is a pain the bum.

$FolderPath = dir -Directory -Path "x:\" -Recurse -Force
$Report = @()
Foreach ($Folder in $FolderPath) {
$Acl = Get-Acl -Path $Folder.FullName
foreach ($Access in $acl.Access)
{
$Properties = [ordered]@{'FolderName'=$Folder.FullName;'AD
Group or
User'=$Access.IdentityReference;'Permissions'=$Access.FileSystemRights;'Inherited'=$Access.IsInherited}$Report += New-Object -TypeName PSObject -Property $Properties}
}
$Report | Export-Csv -path "C:\temp\Folder_Permissions.csv"

 

 

Tags: ,

icalcs – Backing up Permissions

Posted by robd on May 10, 2019
powershell, Server / No Comments

I wanted to make some changes to some permissions on mass today but decided it would be prudent to backup the permissions first.

So I used icals, to do this I first ran CMD as admin, then mapped the share drive with “Net Use“.

Why didn’t I do this on the server hosting the files?  UAC gets in the way and is a pain the bum.

To backup the permissions:

Swicthes:

/t – Performs the operation on all specified files in the current directory and its subdirectories.

/c – Continues the operation despite any file errors. Error messages will still be displayed.

icacls x:\ /save c:\temp\permissions.txt /t /c

Then to restore:

icacls y:\test /restore c:\temp\permissions.txt

 

Tags: , ,

Exchange 2010 – Add SendAs permissions from MailboxPermissions

Posted by robd on July 24, 2016
exchange 2010, powershell / No Comments

To add send as permissions from the existing permissions on a mailbox you can use this script:

All you need to do is specify the username twice:

$users = Get-MailboxPermission -identity "USERNAME" | where {$_.user -notlike "*SELF" -and $_.isinherited -eq $false}
foreach ($user in $users)

{
    $mailboxuser = get-aduser  "USERNAME"
    Add-ADPermission -Identity $mailboxuser.DistinguishedName -ExtendedRights Send-As -User $user.user
}

Tags: , ,