Set-Permissions.ps1

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95

<#PSScriptInfo
 
.VERSION 1.0
 
.GUID ca8ae9d9-6bb8-4240-9161-62db7243039e
 
.AUTHOR Guilherme Neto
 
.COMPANYNAME
 
.COPYRIGHT Guilherme Neto
 
.TAGS
 
.LICENSEURI
 
.PROJECTURI
 
.ICONURI
 
.EXTERNALMODULEDEPENDENCIES
 
.REQUIREDSCRIPTS
 
.EXTERNALSCRIPTDEPENDENCIES
 
.RELEASENOTES
 
 
#>


<#
 
.DESCRIPTION
 Function to set group permissions to specified smb shares
 
#>
 

Param()


#Function to set groups permissions in specified shares
# $share has to be FQDN

#Example:
#Set-Permissions -FileSystemAccessRights Read -objGroup $GroupName -domaingGroup $domain
#Set-Permissions -FileSystemAccessRights Modify -objGroup $GroupName -domaingGroup $domain
#Set-Permissions -FileSystemAccessRights FullControl -objGroup $GroupName -domaingGroup $domain
#Set-Permissions -FileSystemAccessRights ListDirectory -objGroup $GroupName -domaingGroup $domain

function Set-Permissions {
    param(
        [parameter(ValueFromPipeline = $true, ValueFromPipelineByPropertyName = $true, Mandatory = $true, HelpMessage = "File System Rights Parameter not specified.")]
        [System.Security.AccessControl.FileSystemRights]$FileSystemAccessRights,
        [parameter(ValueFromPipeline = $true, ValueFromPipelineByPropertyName = $true, Mandatory = $true, HelpMessage = "Group Name Parameter not specified.")]
        [string]$objGroup,
        [parameter(ValueFromPipeline = $true, ValueFromPipelineByPropertyName = $true, Mandatory = $true, HelpMessage = "Domain Parameter not specified.")]
        [string]$domainGroup,
        [System.Security.AccessControl.InheritanceFlags]$InheritanceFlags = "ContainerInherit, ObjectInherit",
        [System.Security.AccessControl.PropagationFlags]$PropagationFlags = "None",
        [System.Security.AccessControl.AccessControlType]$objType = "Allow"
    )
    Write-Output "Managing Permissions for $groupname in $share... please wait...`n"
    try {
        $objsearch = (Get-ADGroup $groupname -Server $RWDC | Select Name).Name
    }
    catch {
        Write-Host "Can't find Group $groupname in AD."
        break
    }
    [string]$objfinal = "$domaingroup" + "\" + $objsearch
    $NewAccessRule = New-Object System.Security.AccessControl.FileSystemAccessRule($objfinal, $FileSystemAccessRights, $InheritanceFlags, $PropagationFlags, $objType)
    
    if ($currentACL) { Remove-Variable currentACL }
    
    $currentACL = Get-Acl $sharefull
    
    $var = 0
    while ($error -eq $true -or $var -eq 0) {
        try {
            $var++
            $error = $false
            Write-Host "Trying to apply permissions. Try no. $var ..."
            $currentACL.AddAccessRule($NewAccessRule)
            Write-Output "`DONE!`n"
        }
        catch {
            $error = $true
            New-Sleep 5
        }
    }
    Set-Acl -AclObject $currentACL $sharefull
}