Friday, December 20, 2013

Set ACL on a folder

"Set ACL"
One of my Runbooks I create a home drive based on the location of the user and their name. I also set the ACL so they are the only ones with rights.

Screen shot of Runbook:

The DriveMap-Var build the drive mapping based on the location of the user. The VAR is taken from in Initialize Data. In my case
$locNLK ="\\nlkvflesvr04\NLK-Home"
$locBDU ="\\nlkvflesvr02\BDU-Home"
If ($location -eq "NLK"){
$loc = $locNLK

Once that is defined, I build the share name:

$homeDrive = "\`d.T.~Ed/{30B8BA77-3261-41F6-8EC5-F84511D45983}.loc\`d.T.~Ed/"
$username = "\`d.T.~Ed/{70D59E59-DB18-4D99-B7FE-FF591376E64C}.{F857D2AB-8976-40C1-B25A-6965985B8541}\`d.T.~Ed/"
$ShareName = "$homeDrive\$username"

I use the built in Create Folder in Orchestrator to create the users folder based on the $sharename.

Next I Set-ACL and the user is all set with a Home Drive.

Script: Set-ACL
$acl = get-acl "\`d.T.~Ed/{0FFE6E93-2182-4081-B0B3-7C9DD2B1F871}.Folder\`d.T.~Ed/"
$UserACL = "SCHOLLE\\`d.T.~Ed/{70D59E59-DB18-4D99-B7FE-FF591376E64C}.{F857D2AB-8976-40C1-B25A-6965985B8541}\`d.T.~Ed/"
$arguments = "$UserACL","Modify", "3", "None", "Allow"
$accessRule = New-Object System.Security.AccessControl.FileSystemAccessRule $arguments
$acl | Set-Acl "\`d.T.~Ed/{0FFE6E93-2182-4081-B0B3-7C9DD2B1F871}.Folder\`d.T.~Ed/"

No comments: