Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
I
I
Ismat Gayibov2021-07-19 09:43:05
PowerShell
Ismat Gayibov, 2021-07-19 09:43:05

How to grant access to folders of a domain user through Powershell?

Hello. The purpose of the script is to give access to a folder for a specific user. I have been suffering for 2 days now. Found different options. But everything throws an error, supposedly not the right argument, etc.

The scheme is like this. There is a file exchanger ( folder Obmen ) . Further it is created under folders. The general path to the user's personal folder is as follows.

C:\Obmen\Sklad\Ivanov Ivan Ivanovich\Private.

It would be desirable to give the rights in such a way that the user on these folders C:\Obmen\Sklad would have read-only access.

........Ivanov Ivan Ivanovich\Personal has full access to these folders and besides him, other users, except for reading, had no access.

$newuser = (get-eventlog -log Security -InstanceID 4720 -newest 1).ReplacementStrings[9]

mkdir C:\obmen\$newou\$newfolder\Private

# Read the current ACL settings for our folder
$acl = Get-Acl C:\obmen\$newou\$newfolder\Private
# Let's see the resulting ACL
$acl | fl *

# Create a permission set that we will assign to the folder
$permission = “ADTEST0\$newuser”,”read,write",”containerinherit,objectinherit”,”none”,”allow”

# View current ACEs
$acl.Access

# Create new ACE object based on previously written permissions
$ace = new-object security.accesscontrol.filesystemaccessrule $permission

# Apply the changes made to the original ACL
$acl.setaccessrule($ace)
# Assign an ACL to the selected folder
$acl | set-aclC:\ obmen\$newou\$newfolder\Private

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

2 answer(s)
Report
A
Alexey Dmitriev, 2021-07-19
@SignFinder

Use third-party modules so as not to suffer.
https://github.com/raandree/NTFSSecurity
https://github.com/alphaleonis/AlphaFS
Or this third-party command line utility - it feels great in Powershell.
https://helgeklein.com/setacl/

Report
M
Morrowind, 2021-07-24
@hekkaaa

Hello.
Here, try this script:

$a = Get-Acl -Path C:\Temp\TestPS
$fileSystemAccessRuleArgumentList 
# Тут Указываем пользователя
$identity = "NT AUTHORITY\Прошедшие проверку"
# тут доступ
$fileSystemRights = "Read"
$type = "Allow"
$fileSystemAccessRuleArgumentList = $identity, $fileSystemRights, $type
$fileSystemAccessRule = New-Object -TypeName System.Security.AccessControl.FileSystemAccessRule -ArgumentList $fileSystemAccessRuleArgumentList

$a.SetAccessRule($fileSystemAccessRule)
Set-Acl -Path C:\Temp\TestPS -AclObject $a

I took it from the manual and checked it on my laptop. It seems to work.

Similar questions
C
cursed2012-02-20 18:21:57
About sh, bat and binary files? 3Reply
Y
Young_nigilist2020-05-19 18:36:38
Powershell script how to set a condition? 3Reply
N
Nikita2021-07-31 16:15:25
How to display the name of a running batch file containing a PowerShell script on the command line? 3Reply
D
Digsecman2021-08-09 11:40:45
How to enable script execution support on all domain PCs? 1Reply
R
Roman Kharchenko2020-06-02 03:48:13
How to sort an array of paths in PowerShell? 2Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question