Fixing home drive permissions

One of the tasks that seems to come up fairly regularly when managing school servers is fixing the permissions for home directories. For whatever reason, the permissions for these can get messed up and need a quick tweak to reset them to the default.

This Powershell script does just that. There are a couple of requirements:

The person running the script needs adequate permissions to edit the permissions for all the directories
The directories need to be named using the usernames of the owner of the home directories

This code sets domain admin as the owner of the folder, removes the old permissions, then adds the new permissions.

$folders = get-childitem 'D:\Users\Redirects' -directory
$InheritanceFlag = [System.Security.AccessControl.InheritanceFlags]::ContainerInherit -bor [System.Security.AccessControl.InheritanceFlags]::ObjectInherit
$PropagationFlag = [System.Security.AccessControl.PropagationFlags]::None 

foreach($folder in $folders){
    # Skip Pupils subfolder if it exists
    if($folder.Name -ne "Pupils"){
        #Get Current ACL for the folder
        $Acl = Get-Acl $folder.FullName
        Write-Host "Setting full permissions for $($folder.Name)"
        #Create new ACL
        $ar = New-Object System.Security.AccessControl.FileSystemAccessRule($folder.Name,"FullControl",$InheritanceFlag, $PropagationFlag, "Allow")
        $Acl.Access | %{$Acl.RemoveAccessRule($_)}
        $Acl.SetOwner([System.Security.Principal.NTAccount]"Domain Admins");
        #Remove existing permissions 
        Set-Acl -Path $folder.FullName -AclObject $Acl
        $Acl.SetAccessRule($ar)
        #Add new permissions
        Set-Acl -Path $folder.FullName -AclObject $Acl
    }
}

$folders = get-childitem 'D:\Users\Redirects' -directory

$InheritanceFlag = [System.Security.AccessControl.InheritanceFlags]::ContainerInherit -bor [System.Security.AccessControl.InheritanceFlags]::ObjectInherit

$PropagationFlag = [System.Security.AccessControl.PropagationFlags]::None

foreach($folder in $folders){

# Skip Pupils subfolder if it exists

if($folder.Name -ne "Pupils"){

#Get Current ACL for the folder

$Acl = Get-Acl $folder.FullName

Write-Host "Setting full permissions for $($folder.Name)"

#Create new ACL

$ar = New-Object System.Security.AccessControl.FileSystemAccessRule($folder.Name,"FullControl",$InheritanceFlag, $PropagationFlag, "Allow")

$Acl.Access | %{$Acl.RemoveAccessRule($_)}

$Acl.SetOwner([System.Security.Principal.NTAccount]"Domain Admins");

#Remove existing permissions

Set-Acl -Path $folder.FullName -AclObject $Acl

$Acl.SetAccessRule($ar)

#Add new permissions

Set-Acl -Path $folder.FullName -AclObject $Acl

}

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Fixing home drive permissions

Be First to Comment

Leave a Reply Cancel reply