so might little complicated.... have created script generates lists of people have security permissions on share. issue share permission share different security permissions. want remove share permissions , set share permissions same people same full control security permissions.
i need run on 4 different servers need script change that. ideas or resources?
edit: after discussion colleagues objective has changed. want use set-acl remove full control users except 1 specific group. shouldn't difficult right? throw each share - each user- if user not in specific group set acl remove full control.
how 1 remove permissions? see commands setting fc not removing.
as per reply, way removes bugs get-acl , set-acl can used in earlier versions of powershell. once it's removed, can change (reference $perm) add on group want retain access. let me know if need tweaking.
$folderpath = "somefolderpath" write-output "removing inheritance " $acl = get-acl $folderpath $acl.setaccessruleprotection($true, $true) $acl | set-acl $acl = get-acl $folderpath $acl.access |where {$_.identityreference -eq "nt authority\authenticated users"} |%{$acl.removeaccessrule($_)} $acl | set-acl if ($?){ write-output "inheritance removed" } write-output "set permissions" $acl = get-acl $folderpath $perm = "addgrouphere","fullcontrol","allow" $accessrule = new-object system.security.accesscontrol.filesystemaccessrule $perm $acl.addaccessrule($accessrule) $acl | set-acl if ($?){ write-output "acl set" } 
Comments
Post a Comment