Applying extra permissions to new user’s home drive

Posted: March 1, 2011 in Active Directory, Scripts

Script to run after creaing a new user to set permissions on their home drive. Will look at adding this onto our Exchange 2010 Scripting Agent config as well.

$Acl = Get-Acl “\\FileServer\homedrives$\$username”
$Ar = New-Object system.security.accesscontrol.filesystemaccessrule(“Domain\SecurityGroup”,”FullControl, Synchronize”,”ObjectInherit, ContainerInherit”,”None”,”Allow”)
$Acl.SetAccessRule($Ar)
Set-Acl “\\FileServer\homedrives$\$username” $Acl

— UPDATE —

Haven’t completed tested this yet, but this should be the code to have the Exchange scripting agent check if the home drive exists and then add our default admin group to it. If it doesn’t exist, create it and add the new user and the default admin group.

$username = (Get-User $provisioningHandler.UserSpecifiedParameters[“Name”]).sAMAccountName

if (Test-Path “\\FileServer\homedrives$\$username”){
$Acl = Get-Acl “\\FileServer\homedrives$\$username”
$Ar = New-Object system.security.accesscontrol.filesystemaccessrule(“DOMAIN\DefaultAdminGroup”,”FullControl, Synchronize”,”ObjectInherit, ContainerInherit”,”None”,”Allow”)
$Acl.SetAccessRule($Ar)
Set-Acl “\\FileServer\homedrives$\$username” $Acl
}
else{
New-Item \\FileServer\homedrives$\$username -type directory

$Acl = Get-Acl “\\FileServer\homedrives$\$username”
$Ar = New-Object system.security.accesscontrol.filesystemaccessrule(“DOMAIN\DefaultAdminGroup”,”FullControl, Synchronize”,”ObjectInherit, ContainerInherit”,”None”,”Allow”)
$Acl.SetAccessRule($Ar)
Set-Acl “\\FileServer\homedrives$\$username” $Acl

$Acl = Get-Acl “\\FileServer\homedrives$\$username”
$Ar = New-Object system.security.accesscontrol.filesystemaccessrule(“DOMAIN\$username”,”FullControl, Synchronize”,”ObjectInherit, ContainerInherit”,”None”,”Allow”)
$Acl.SetAccessRule($Ar)
Set-Acl “\\FileServer\homedrives$\$username” $Acl
}

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s