Scenario: Home drives were initially shared out on a Linux based NAS appliance. The device fails, but the data remains intact. The data is recovered using a file copy utility. The data is recovered… Yay! All the NTFS-like file permissions are gone… 🙁
By the way, here’s a really good blog that details the required NTFS permissions for user home drives:
https://blogs.technet.microsoft.com/askds/2008/06/30/automatic-creation-of-user-folders-for-home-roaming-profile-and-redirected-folders/
I get to fix these sorts of things! Welcome to my world!
Now, I need to iterate through all of the folders and set them for each individual user. Doing through the NTFS permissions GUI for each one is a Systems Administrator’s purgatory. Needless to say, I’m not going to do that. Wouldn’t it be better to script that? I see a bunch of virtual heads nodding and I agree.
I’m going to do it using PowerShell module that was created by Raimund Andree. Thank God for that cat! You can get the module here: https://gallery.technet.microsoft.com/scriptcenter/1abd77a5-9c0b-4a2b-acef-90dbb2b84e85
More details on how to use the module to manage NTFS permissions can be found here: https://blogs.technet.microsoft.com/heyscriptingguy/2014/11/22/weekend-scripter-use-powershell-to-get-add-and-remove-ntfs-permissions/
$userFolderPath = "E:\User\"
$folders = Get-ChildItem $userFolderPath
foreach ($folder in $folders)
{
$ADUser = Get-ADUser -Filter {Enabled -eq $true -and SamAccountName -eq $folder.Name} -Properties CanonicalName
if (-Not ($ADUser -eq $null))
{
$domain = $ADUser.CanonicalName.Substring(0,$ADUser.CanonicalName.IndexOf("."))
$userSecurityPrincipal = $domain + "\" + $ADUser.SamAccountName
$userFolder = $userFolderPath + $folder
$userSecurityPrincipal + " => " + $userFolder
Add-NTFSAccess -Path $userFolder -Account $userSecurityPrincipal -AccessRights FullControl
}
}