Public/sysadmin
1
0
Fork 0
mirror of https://github.com/zebrajr/sysadmin.git synced 2025-12-06 00:20:23 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity

Updated: better logging

Browse Source
This commit is contained in:
Carlos Sousa 2021-10-15 15:01:29 +02:00
parent ebe5ef4b1d
commit 2a55bb674b
1 changed files with 13 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
Windows/Folder Permissions/main.ps1
View File

@ -5,7 +5,7 @@
$JSONBasePath = "C:\Users\Administrator.BSDOM\Desktop\FolderPermissions\jsons\" $JSONBasePath = "C:\Users\Administrator.BSDOM\Desktop\FolderPermissions\jsons\"
# Base Path of the Folder Structure # Base Path of the Folder Structure
$FolderBasePath = "C:\Users\Administrator.BSDOM\Desktop\FolderPermissions\test\" $FolderBasePath = "D:\Shares\bsA"
# Users / Groups who should have Full Control # Users / Groups who should have Full Control
$FullControlList = "Administrator@BSDOM.LOC", "VORDEFINIERT\Administratoren", "SYSTEM" $FullControlList = "Administrator@BSDOM.LOC", "VORDEFINIERT\Administratoren", "SYSTEM"
@ -13,6 +13,9 @@ $FullControlList = "Administrator@BSDOM.LOC", "VORDEFINIERT\Administratoren", "S
<# <#
[TODO] [TODO]
- Change Configuration to JSON
- Base Path of the Folder Structure should be a sub configuration of the indiv. json
- Set Owner
#> #>
@ -23,7 +26,7 @@ $FullControlList = "Administrator@BSDOM.LOC", "VORDEFINIERT\Administratoren", "S
#> #>
cls cls
# Import Helper Functions # Import Helper Functions
. "$PSScriptROot\functions.ps1" . "$PSScriptRoot\functions.ps1"
# Get all JSON files to work though # Get all JSON files to work though
$jsonFiles = Get-ChildItem -Path $JSONBasePath $jsonFiles = Get-ChildItem -Path $JSONBasePath
@ -38,7 +41,7 @@ ForEach ($jsonItem in $jsonFiles){
# For Each Value in the JSON # For Each Value in the JSON
ForEach ($item in $json){ ForEach ($item in $json){
# Get current ACL # Get current ACL
$currentPath = $FolderBasePath + $item.folderPath $currentPath = $FolderBasePath + "\" + $item.folderPath
$acl = Get-Acl -Path $currentPath $acl = Get-Acl -Path $currentPath
Log-Message "New Working Directory:" Log-Message "New Working Directory:"
Log-Message " $currentPath" Log-Message " $currentPath"
@ -49,45 +52,43 @@ ForEach ($jsonItem in $jsonFiles){
($_.IdentityReference -notin "$FullControlList") ($_.IdentityReference -notin "$FullControlList")
} }
# Removes all non FullControl permissions Log-Message "Removing All Except FullControl"
ForEach ($rule in $rules){ ForEach ($rule in $rules){
$acl.RemoveAccessRule($rule) | Out-Null $acl.RemoveAccessRule($rule) | Out-Null
} }
# Sets Inheritance Settings Log-Message "Setting Inheritance Settings"
$acl.SetAccessRuleProtection($item.isProtected, $item.preserveInheritance) $acl.SetAccessRuleProtection($item.isProtected, $item.preserveInheritance)
$acl | Set-Acl $currentPath $acl | Set-Acl $currentPath
# Add the Groups with Full Control
ForEach ($FullControlItem in $FullControlList){ ForEach ($FullControlItem in $FullControlList){
Log-Message "Adding Full Control Users: $FullControlItem"
$accessRule = New-Object System.Security.AccessControl.FileSystemAccessRule($FullControlItem, "FullControl", "ContainerInherit,ObjectInherit", "none", "Allow") $accessRule = New-Object System.Security.AccessControl.FileSystemAccessRule($FullControlItem, "FullControl", "ContainerInherit,ObjectInherit", "none", "Allow")
$acl.SetAccessRule($accessRule) $acl.SetAccessRule($accessRule)
$acl | Set-Acl $currentPath $acl | Set-Acl $currentPath
} }
# Adds the Groups with Read and Execute Permissions
foreach ($readGroup in $item.readOnlyGroups){ foreach ($readGroup in $item.readOnlyGroups){
Log-Message "Adding Read and Execute Permissions: $readGroup"
$accessRule = New-Object System.Security.AccessControl.FileSystemAccessRule($readGroup, "ReadAndExecute", "ContainerInherit,ObjectInherit", "none", "Allow") $accessRule = New-Object System.Security.AccessControl.FileSystemAccessRule($readGroup, "ReadAndExecute", "ContainerInherit,ObjectInherit", "none", "Allow")
$acl.SetAccessRule($accessRule) $acl.SetAccessRule($accessRule)
$acl | Set-Acl $currentPath $acl | Set-Acl $currentPath
} }
# Adds the Groups with Write Permissions
foreach ($writeGroup in $item.writeGroups){ foreach ($writeGroup in $item.writeGroups){
Log-Message "Adding Write Permissions: $writeGroup"
$accessRule = New-Object System.Security.AccessControl.FileSystemAccessRule($writeGroup, "Modify", "ContainerInherit,ObjectInherit", "none", "Allow") $accessRule = New-Object System.Security.AccessControl.FileSystemAccessRule($writeGroup, "Modify", "ContainerInherit,ObjectInherit", "none", "Allow")
$acl.SetAccessRule($accessRule) $acl.SetAccessRule($accessRule)
$acl | Set-Acl $currentPath $acl | Set-Acl $currentPath
} }
# Check if Child Permissions should be replaced with Parent Permissions
if($item.replaceSub -eq $True){ if($item.replaceSub -eq $True){
$subPathName = $currentPath + "\*"
Log-Message "Overwriting SubDirectory Permissions" Log-Message "Overwriting SubDirectory Permissions"
$subPathName = $currentPath + "\*"
icacls $subPathName /q /c /t /reset | Out-Null icacls $subPathName /q /c /t /reset | Out-Null
} }
Log-Message "----------"
} }
Log-Message "<<< JSON '$jsonItem' Ended >>>" Log-Message "<<< JSON '$jsonItem' Ended >>>"
Log-Message "----------"
} }