Powershell – Assigning Group Permissions on Folders via CSV

access-control-listcsvpermissionspowershellscripting

we are working on a new Permission Concept.
We created different Security Groups,depending on the Department.

For example:

Finance_List, Finance_Read, Finance_ReadWrite
Controlling_List, Controlling_Read, Controlling_ReadWrite
Planning_List, Planning_Read, Planning_ReadWrite

Now I am searching for a script to automate the process for setting GroupPermissions on specific Folders.

Example:
Folder Finance:
Disable Inheritance and then set new permissions and replace them to all files and subfolders:
Group Finance_List (List Folder), Group Finance_Read (Read), Group Finance_ReadWrite (Modify)

CSV Example (Folderpath and the 3 GroupPermissions per Folder):

\\cifs\Finance;Finance_List;Finance_Read;Finance_ReadWrite

I have 300 securitygroups and 100 folders.

Any help would be much appreciated.

Thank You!

Best Answer

The following should get you what you need (make sure that the groups in your CSV match the name of the group in AD or it won't work correctly):

$Folders = Import-Csv "C:\Scripts\Folders.csv" -Delimiter ";" -Header "Path","List","Read","ReadWrite"

ForEach ($F in $Folders) {
    $ACL = Get-Acl $F.Path

    # Set the first parameter to $true to disable inheritance
    # Set the second parameter to $false if you don't want to retain a copy the permissions to this folder.
    # Set the second parameter to $true if you want to retain a copy of the inherited permissions.
    $ACL.SetAccessRuleProtection($true, $true)

    # 'ReadData' grants List Folder / Read Data
    $List = New-object System.Security.AccessControl.FileSystemAccessRule($F.List,"ReadData","Allow")
    $ACL.SetAccessRule($List)

    # 'ReadAndExecute' grants Traverse Folder / Execute File
    # 'Read' only grants List Folder / Read Data
    $Read = New-object System.Security.AccessControl.FileSystemAccessRule($F.List,"ReadAndExecute","Allow")
    $ACL.SetAccessRule($Read)

    $ReadWrite = New-object System.Security.AccessControl.FileSystemAccessRule($F.ReadWrite,"Modify","Allow")
    $ACL.SetAccessRule($ReadWrite)

    $ACL | Set-Acl $F.Path
}

This website has good examples of how to modify this if needed as well as a list of the various Access Rights and their Powershell equivalent. How to Manage File System ACLs with PowerShell Scripts

Best Answer

Related Solutions

Windows NTFS Permissions replacing child objects bulk

Linux – Default permission for newly-created files/folders using ACLs not respected by commands like “unzip”

Related Topic