Tag Archives: Systems Administrator

Setting permissions on home drive folders

Scenario: Home drives were initially shared out on a Linux based NAS appliance.  The device fails, but the data remains intact. The data is recovered using a file copy utility.  The data is recovered… Yay!  All the NTFS-like file permissions are gone… 🙁

By the way, here’s a really good blog that details the required NTFS permissions for user home drives:

https://blogs.technet.microsoft.com/askds/2008/06/30/automatic-creation-of-user-folders-for-home-roaming-profile-and-redirected-folders/

I get to fix these sorts of things!  Welcome to my world!

Now, I need to iterate through all of the folders and set them for each individual user.  Doing through the NTFS permissions GUI for each one is a Systems Administrator’s purgatory.  Needless to say, I’m not going to do that.  Wouldn’t it be better to script that?  I see a bunch of virtual heads nodding and I agree.

I’m going to do it using PowerShell module that was created by Raimund Andree.  Thank God for that cat!  You can get the module here: https://gallery.technet.microsoft.com/scriptcenter/1abd77a5-9c0b-4a2b-acef-90dbb2b84e85

More details on how to use the module to manage NTFS permissions can be found here: https://blogs.technet.microsoft.com/heyscriptingguy/2014/11/22/weekend-scripter-use-powershell-to-get-add-and-remove-ntfs-permissions/

$userFolderPath = "E:\User\"
$folders = Get-ChildItem $userFolderPath
foreach ($folder in $folders)
{
    $ADUser = Get-ADUser -Filter {Enabled -eq  $true -and SamAccountName -eq $folder.Name} -Properties CanonicalName
    if (-Not ($ADUser -eq $null))
    {
        $domain = $ADUser.CanonicalName.Substring(0,$ADUser.CanonicalName.IndexOf("."))
        $userSecurityPrincipal = $domain + "\" + $ADUser.SamAccountName
        $userFolder = $userFolderPath + $folder
        $userSecurityPrincipal + " => " + $userFolder
        Add-NTFSAccess -Path $userFolder -Account $userSecurityPrincipal -AccessRights FullControl
    }
}