PowerShell: give permission on folders from csv file

Ответить
M.K
Новичок
Сообщения: 9
Зарегистрирован: 04 дек 2014 16:52

PowerShell: give permission on folders from csv file

Сообщение M.K »

Скрипт раздает права на папки согласно CSV файлу.

Код: Выделить всё



#$file_name - Файл с колонками - папка, тип прав, пользователь или гр с правами. 
#file_path  - путь до файла  $file_name
$file_name = 'folders_groups_permissions.csv'
$file_path = 'C:\temp'

####################################################################################################

<#

Apply To                            Inheritance   Propagation
--------                            -----------   -----------
This folder only                    None          any
This folder, subfolders and files   CI, OI        None or NoPropagateInherit
This folder and subfolders          CI            None or NoPropagateInherit
This folder and files               OI            None or NoPropagateInherit
Subfolders and files only           CI, OI        InheritOnly
Subfolders only                     CI            InheritOnly
Files only                          OI            InheritOnly

#>
$fld_r = ""
$folder =  "" 
$usr =  ""
$Perm =  ""
$content = ""

$InheritanceFlag = [System.Security.AccessControl.InheritanceFlags]::ContainerInherit, [System.Security.AccessControl.InheritanceFlags]::ObjectInherit
$PropagationFlag = [System.Security.AccessControl.PropagationFlags]::None
$objType =[System.Security.AccessControl.AccessControlType]::Allow

$colRights_F= [System.Security.AccessControl.FileSystemRights]"Modify", "Synchronize"
$colRights_R= [System.Security.AccessControl.FileSystemRights]"ReadAndExecute", "Synchronize"


#import DATA
$content = Import-Csv -Path $file_path\$file_name -Delimiter ";"

#$folders = Get-ChildItem -Path D:\jobs -Attributes D | % {  $_.FullName }

$object_R = $content | where {$_.Rights -eq "Read"}
$object_F = $Content | where {$_.Rights -eq "Change"}
#$folders_R = $object_R  | select -ExpandProperty Folder
#$folders_F = $object_F  | select -ExpandProperty Folder


#Read permission

foreach ( $fld_r in $object_R) 

    {  
      $msg=''
      $exist_folder = ''
      $exist_usr = ''
      $null_folder = ''
      $folder =  $fld_R  | select -ExpandProperty Folder 
      $usr =  $fld_r | select -ExpandProperty SID
      $Perm =  $fld_r | select -ExpandProperty Rights
      
      #checking existing param
       $exist_folder = Test-Path $folder
       $exist_usr = [string]::IsNullOrEmpty($usr)
       $null_folder = [string]::IsNullOrEmpty($folder)
      #if param contains error 
       if ( ( $exist_folder -ne $false ) -and (  $exist_usr -ne $true  ) -and ( $null_folder -ne $true ) )
       
       {
                      $objUser_R = New-Object System.Security.Principal.NTAccount($usr)      
                      $objACE_R  = New-Object System.Security.AccessControl.FileSystemAccessRule ($objUser_r, $colRights_R, $InheritanceFlag, $PropagationFlag, $objType)
                           
                     
                      $objACL = (Get-Item -literalPath $folder ).GetAccessControl('Access') #| Format-List
                      $objACL.AddAccessRule($objACE_R)
                      [System.IO.Directory]::SetAccessControl($folder,$objACL)
         }
       else
        {
        #error log
         Write-Host "error. check file error_permission.log"
         $msg = $folder + "  " + $usr + "`n"  
         $msg >> $file_path\error_permission.log 
         }
     }  
       
      $folder =  "" 
      $usr =  ""
      $Perm =  ""

foreach ( $fld in $object_F) 

    {  
      $msg=''
      $msg=''
      $exist_folder = ''
      $exist_usr = ''
      $null_folder = ''
      $folder =  $fld  | select -ExpandProperty Folder 
      $usr =  $fld | select -ExpandProperty SID
      $Perm =  $fld | select -ExpandProperty Rights
      
       $exist_folder = Test-Path $folder
       $exist_usr = [string]::IsNullOrEmpty($usr)
       $null_folder = [string]::IsNullOrEmpty($folder)
       
       if ( ( $exist_folder -ne $false ) -and (  $exist_usr -ne $true  ) -and ( $null_folder -ne $true ) )
       
       {
            $objUser_F = New-Object System.Security.Principal.NTAccount($usr)      
            $objACE_F  = New-Object System.Security.AccessControl.FileSystemAccessRule ($objUser_f, $colRights_F, $InheritanceFlag, $PropagationFlag, $objType)
            $objACL = (Get-Item -literalPath $folder ).GetAccessControl('Access') #| Format-List
            $objACL.AddAccessRule($objACE_F)
            [System.IO.Directory]::SetAccessControl($folder,$objACL)
      }
      else
        {
        
         Write-Host "error. check file error_permission.log"
         $msg = $folder + "  " + $usr + "`n"  
         $msg >> $file_path\error_permission.log 
         
         }
  }    
    $err = Test-Path  $file_path\error_permission.log 
     if ( $err -eq $true ) { 
      $window = New-Object -ComObject Wscript.Shell
      $window.Popup("error. check file  $file_path\error_permission.log",0,"Done")
      }   


Ответить

Вернуться в «Powershell»