Код: Выделить всё
#$file_name - Файл с колонками - папка, тип прав, пользователь или гр с правами.
#file_path - путь до файла $file_name
$file_name = 'folders_groups_permissions.csv'
$file_path = 'C:\temp'
####################################################################################################
<#
Apply To Inheritance Propagation
-------- ----------- -----------
This folder only None any
This folder, subfolders and files CI, OI None or NoPropagateInherit
This folder and subfolders CI None or NoPropagateInherit
This folder and files OI None or NoPropagateInherit
Subfolders and files only CI, OI InheritOnly
Subfolders only CI InheritOnly
Files only OI InheritOnly
#>
$fld_r = ""
$folder = ""
$usr = ""
$Perm = ""
$content = ""
$InheritanceFlag = [System.Security.AccessControl.InheritanceFlags]::ContainerInherit, [System.Security.AccessControl.InheritanceFlags]::ObjectInherit
$PropagationFlag = [System.Security.AccessControl.PropagationFlags]::None
$objType =[System.Security.AccessControl.AccessControlType]::Allow
$colRights_F= [System.Security.AccessControl.FileSystemRights]"Modify", "Synchronize"
$colRights_R= [System.Security.AccessControl.FileSystemRights]"ReadAndExecute", "Synchronize"
#import DATA
$content = Import-Csv -Path $file_path\$file_name -Delimiter ";"
#$folders = Get-ChildItem -Path D:\jobs -Attributes D | % { $_.FullName }
$object_R = $content | where {$_.Rights -eq "Read"}
$object_F = $Content | where {$_.Rights -eq "Change"}
#$folders_R = $object_R | select -ExpandProperty Folder
#$folders_F = $object_F | select -ExpandProperty Folder
#Read permission
foreach ( $fld_r in $object_R)
{
$msg=''
$exist_folder = ''
$exist_usr = ''
$null_folder = ''
$folder = $fld_R | select -ExpandProperty Folder
$usr = $fld_r | select -ExpandProperty SID
$Perm = $fld_r | select -ExpandProperty Rights
#checking existing param
$exist_folder = Test-Path $folder
$exist_usr = [string]::IsNullOrEmpty($usr)
$null_folder = [string]::IsNullOrEmpty($folder)
#if param contains error
if ( ( $exist_folder -ne $false ) -and ( $exist_usr -ne $true ) -and ( $null_folder -ne $true ) )
{
$objUser_R = New-Object System.Security.Principal.NTAccount($usr)
$objACE_R = New-Object System.Security.AccessControl.FileSystemAccessRule ($objUser_r, $colRights_R, $InheritanceFlag, $PropagationFlag, $objType)
$objACL = (Get-Item -literalPath $folder ).GetAccessControl('Access') #| Format-List
$objACL.AddAccessRule($objACE_R)
[System.IO.Directory]::SetAccessControl($folder,$objACL)
}
else
{
#error log
Write-Host "error. check file error_permission.log"
$msg = $folder + " " + $usr + "`n"
$msg >> $file_path\error_permission.log
}
}
$folder = ""
$usr = ""
$Perm = ""
foreach ( $fld in $object_F)
{
$msg=''
$msg=''
$exist_folder = ''
$exist_usr = ''
$null_folder = ''
$folder = $fld | select -ExpandProperty Folder
$usr = $fld | select -ExpandProperty SID
$Perm = $fld | select -ExpandProperty Rights
$exist_folder = Test-Path $folder
$exist_usr = [string]::IsNullOrEmpty($usr)
$null_folder = [string]::IsNullOrEmpty($folder)
if ( ( $exist_folder -ne $false ) -and ( $exist_usr -ne $true ) -and ( $null_folder -ne $true ) )
{
$objUser_F = New-Object System.Security.Principal.NTAccount($usr)
$objACE_F = New-Object System.Security.AccessControl.FileSystemAccessRule ($objUser_f, $colRights_F, $InheritanceFlag, $PropagationFlag, $objType)
$objACL = (Get-Item -literalPath $folder ).GetAccessControl('Access') #| Format-List
$objACL.AddAccessRule($objACE_F)
[System.IO.Directory]::SetAccessControl($folder,$objACL)
}
else
{
Write-Host "error. check file error_permission.log"
$msg = $folder + " " + $usr + "`n"
$msg >> $file_path\error_permission.log
}
}
$err = Test-Path $file_path\error_permission.log
if ( $err -eq $true ) {
$window = New-Object -ComObject Wscript.Shell
$window.Popup("error. check file $file_path\error_permission.log",0,"Done")
}