I changed the user quota on a windows 2008 machine and after that some users reported that they were able to read but not write to their mapped home folders. If I re-enter the Home Folder path in the Server Manager and accept the default prompt of…
"The \\server\folder home folder already exists. Do you want this user to be granted full control on this folder?"
…the issue disappears.
-
Is there a way to do the same thing with Powershell where the script will check to see if the user has the permissions and if not reassign them?
-
What about listing the folder permissions along with the owner to identify who doesn't have full permissions? I spent a couple hours on this second question with mixed results.
The following script does not seem to list folders with mismatching permissions.
get-acl "D:\users\*" | select Path -Expand Access | where
{ $_.Identityreference -notcontains 'NT AUTHORITY\SYSTEM'
-and $_.Identityreference -notcontains 'CREATOR OWNER'
-and $_.Identityreference -notcontains 'BUILTIN\Administrators'
-and $_.Identityreference -notcontains 'BUILTIN\Users'
-and $_.Identityreference -notcontains 'BUILTIN\Account Operators'
-and $_.Identityreference -notcontains 'BUILTIN\BUILTIN\Users'} |
select @{Expression={$_.path};Label="Folder"},
@{Expression={$_.IdentityReference};Label="User"},
@{Expression={$_.AccessControlType};Label="Permissions"} |
Format-Table -Wrap -AutoSize
Best Answer
Since you are setting the Home folders in AD, why not just re-assign using ADUC and variables?
Let's say your folders are named as your usernames
You can filter the view to only show users who currently have a value set for their home folder.
Select all the users you want to update and go to the Properties of those users, then the
Profiletab.Enter in the path of the home folder as such:
and then hit okay. It will cycle through and reset the permissions for each folder using their individual usernames.
You will need to change the path to match your pathing, but the important part is the
%USERNAME%.