Updated: better logging

2025-12-06 00:20:23 +01:00 · 2021-10-15 15:01:29 +02:00 · 2021-10-15 15:01:29 +02:00 · 2a55bb674b
commit 2a55bb674b
parent ebe5ef4b1d
1 changed files with 13 additions and 12 deletions
--- a/Permissions/main.ps1
+++ b/Permissions/main.ps1
@ -5,7 +5,7 @@
 $JSONBasePath = "C:\Users\Administrator.BSDOM\Desktop\FolderPermissions\jsons\"

 # Base Path of the Folder Structure
-$FolderBasePath = "C:\Users\Administrator.BSDOM\Desktop\FolderPermissions\test\"
+$FolderBasePath = "D:\Shares\bsA"

 # Users / Groups who should have Full Control
 $FullControlList = "Administrator@BSDOM.LOC", "VORDEFINIERT\Administratoren", "SYSTEM"
@ -13,6 +13,9 @@ $FullControlList = "Administrator@BSDOM.LOC", "VORDEFINIERT\Administratoren", "S

 <#
    [TODO]
+    - Change Configuration to JSON
+    - Base Path of the Folder Structure should be a sub configuration of the indiv. json
+    - Set Owner
 #>


@ -23,7 +26,7 @@ $FullControlList = "Administrator@BSDOM.LOC", "VORDEFINIERT\Administratoren", "S
 #>
 cls
 # Import Helper Functions
-. "$PSScriptROot\functions.ps1"
+. "$PSScriptRoot\functions.ps1"

 # Get all JSON files to work though
 $jsonFiles = Get-ChildItem -Path $JSONBasePath
@ -38,7 +41,7 @@ ForEach ($jsonItem in $jsonFiles){
    # For Each Value in the JSON
    ForEach ($item in $json){
        # Get current ACL
-        $currentPath = $FolderBasePath + $item.folderPath
+        $currentPath = $FolderBasePath + "\" + $item.folderPath
        $acl = Get-Acl -Path $currentPath
        Log-Message "New Working Directory:"
        Log-Message "    $currentPath"
@ -49,45 +52,43 @@ ForEach ($jsonItem in $jsonFiles){
            ($_.IdentityReference -notin "$FullControlList")
        }

-        # Removes all non FullControl permissions
+        Log-Message "Removing All Except FullControl"
        ForEach ($rule in $rules){
            $acl.RemoveAccessRule($rule) | Out-Null
        }

-        # Sets Inheritance Settings
+        Log-Message "Setting Inheritance Settings"
        $acl.SetAccessRuleProtection($item.isProtected, $item.preserveInheritance)
        $acl | Set-Acl $currentPath

-        # Add the Groups with Full Control
        ForEach ($FullControlItem in $FullControlList){
+            Log-Message "Adding Full Control Users: $FullControlItem"
            $accessRule = New-Object System.Security.AccessControl.FileSystemAccessRule($FullControlItem, "FullControl", "ContainerInherit,ObjectInherit", "none", "Allow")
            $acl.SetAccessRule($accessRule)
            $acl | Set-Acl $currentPath
        }

-        # Adds the Groups with Read and Execute Permissions
        foreach ($readGroup in $item.readOnlyGroups){
+            Log-Message "Adding Read and Execute Permissions: $readGroup"
            $accessRule = New-Object System.Security.AccessControl.FileSystemAccessRule($readGroup, "ReadAndExecute", "ContainerInherit,ObjectInherit", "none", "Allow")
            $acl.SetAccessRule($accessRule)
            $acl | Set-Acl $currentPath
        }

-        # Adds the Groups with Write Permissions
        foreach ($writeGroup in $item.writeGroups){
+            Log-Message "Adding Write Permissions: $writeGroup"
            $accessRule = New-Object System.Security.AccessControl.FileSystemAccessRule($writeGroup, "Modify", "ContainerInherit,ObjectInherit", "none", "Allow")
            $acl.SetAccessRule($accessRule)
            $acl | Set-Acl $currentPath
        }

-        # Check if Child Permissions should be replaced with Parent Permissions
        if($item.replaceSub -eq $True){
-            $subPathName = $currentPath + "\*"
            Log-Message "Overwriting SubDirectory Permissions"
+            $subPathName = $currentPath + "\*"
            icacls $subPathName /q /c /t /reset | Out-Null
        }

-        Log-Message "----------"
-
    }
    Log-Message "<<< JSON '$jsonItem' Ended >>>"
+    Log-Message "----------"
 }