Below is a script, provided as is, that is a non-fancy way to reset permissions with some sense of logic on a users home directory. I’ve got a slightly better version of it, but I want to tweak a few things before posting it online.

$Folder = Read-Host “Enter the name of the user to reset permissions for”
#Enter the name of the user directory here
$Existance = Get-ADUser -LDAPFilter “(SAMAccountName=$Folder)”
$Path = ‘\\YOURNETWORKSHAREHERE’
$Fullpath = $Path + $Folder
#Combine the network path with the variable of the users home folder
$CheckExistance = Test-Path $fullpath
#Checks to make sure the path exists
If ($Existance -eq $Null)
{
“User Does not exist in AD”
#If you get this, the ldap filter didnt find the user in active directory.
}
ElseIf ($CheckExistance -Eq ‘True’ )
{
$Confirmation = Read-Host “Are you sure you want to edit permissions for ” $Folder ” enter Y to continue anything else to exit”
If ($Confirmation -Eq ‘Y’)
{
$User = ‘YOURDOMAINHERE\’ + $Folder
$Admins = ‘YOURDOMAINHERE\Domain Admins’
$HomeShareManagers = ‘YOURDOMAINHERE\WHATEVEROTHERGROUPYOUWANT’
$Path = $Path + $Folder
icacls “$Path” /setowner (“$User”) /Q /T /C
#Sets the owner of the root user folder and all sub-folders to the current “for” user.
iCacls “$Path” /Q /C /T /reset
#Resets the all folders and files starting at the root to ONLY have the permissions granted by inheritance
icacls “$Path” /Grant :R (“$User” + ‘:(OI)(CI)M’) /Q
#Grants the user in question modify rights to all objects within the root user folder.
icacls “$Path” /Grant :R (“$Admins” + ‘:(OI)(CI)F’) /Q
#Grants the Domain Admins group Full control rights to all objects within the root user folder.
icacls “$Path” /Grant :R (“$HomeShareManagers” + ‘:(OI)(CI)F’) /Q
#Grants the site specific Home Share Managers group Full Control within the root user folder.
icacls “$path” /Remove Builtin /Q /T
#Removes the builtin user ACL. This is auto generated and applied when a /reset is performed
iCacls “$Path” /inheritance:R
#Turns off inheritance at the root of the user folder.
}
}
Else
{
‘Something Went Wrong’
#Chances are in this case the folder is not named the same as the user’s Login ID
}

 

adfasdfasdf

 

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: