forked from scriptrunner/ActionPacks
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathNew-FilMFolder.ps1
187 lines (165 loc) · 7.14 KB
/
New-FilMFolder.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
#Requires -Version 4.0
<#
.SYNOPSIS
Creates an folder and sets the permissions for the accounts
.DESCRIPTION
.NOTES
This PowerShell script was developed and optimized for ScriptRunner. The use of the scripts requires ScriptRunner.
The customer or user is authorized to copy the script from the repository and use them in ScriptRunner.
The terms of use for ScriptRunner do not apply to this script. In particular, ScriptRunner Software GmbH assumes no liability for the function,
the use and the consequences of the use of this freely available script.
PowerShell is a product of Microsoft Corporation. ScriptRunner is a product of ScriptRunner Software GmbH.
© ScriptRunner Software GmbH
.COMPONENT
.LINK
https://github.com/scriptrunner/ActionPacks/tree/master/WinFileManagement/FolderAndFiles
.Parameter FolderName
Specifies a name for the folder
.Parameter Path
Specifies the path of the folder location
.Parameter AccessAccount
Specifies a user account that has permission to perform this action. If Credential is not specified, the current user account is used.
.Parameter ModifyAccess
Specifies which accounts are granted modify permission to access the folder. Multiple accounts can be specified comma separated
.Parameter FullControlAccess
Specifies which accounts are granted full control permission to access the folder. Multiple accounts can be specified comma separated
.Parameter ReadAccess
Specifies which accounts are granted read permission to access the folder. Multiple accounts can be specified comma separated
.Parameter ReadAndExecuteAccess
Specifies which accounts are granted read and execute permission to access the folder. Multiple accounts can be specified comma separated
.EXAMPLE
#>
[CmdLetBinding()]
Param(
[Parameter(Mandatory = $true)]
[string]$FolderName,
[Parameter(Mandatory = $true)]
[string]$Path,
# [PSCredential]$AccessAccount,
[string[]]$ModifyAccess,
[string[]]$FullControlAccess,
[string[]]$ReadAccess,
[string[]]$ReadAndExecuteAccess
)
[string]$Script:Identity
$Script:output=@()
[string[]]$Script:Properties = @("Name","FullName","CreationTime","Root")
try{
function CheckIdentity([string] $Name){
$Name = $Name.Trim()
if(($Name -eq "Jeder") -or ($Name -eq "Everyone") -or ($Name -eq "S-1-1-0"))
{
$sid =New-Object System.Security.Principal.SecurityIdentifier("S-1-1-0")
$Script:Identity= $sid.Translate([System.Security.Principal.NTAccount]).Value
}
elseif(($Name -eq "System") -or ($Name -eq "Local System") -or ($Name -eq "S-1-5-18"))
{
$sid =New-Object System.Security.Principal.SecurityIdentifier("S-1-5-18")
$Script:Identity= $sid.Translate([System.Security.Principal.NTAccount]).Value
}
elseif(($Name -eq "Administratoren") -or ($Name -eq "Administrators") -or ($Name -eq "S-1-5-32-544"))
{
$sid =New-Object System.Security.Principal.SecurityIdentifier("S-1-5-32-544")
$Script:Identity= $sid.Translate([System.Security.Principal.NTAccount]).Value
}
elseif(($Name -eq "Authenticated Users") -or ($Name -eq "Authentifizierte Benutzer") -or ($Name -eq "S-1-5-11"))
{
$sid =New-Object System.Security.Principal.SecurityIdentifier("S-1-5-11")
$Script:Identity= $sid.Translate([System.Security.Principal.NTAccount]).Value
}
elseif(($Name -eq "Interactive") -or ($Name -eq "Interaktiv") -or ($Name -eq "S-1-5-4"))
{
$sid =New-Object System.Security.Principal.SecurityIdentifier("S-1-5-4")
$Script:Identity= $sid.Translate([System.Security.Principal.NTAccount]).Value
}
elseif(($Name -eq "Users") -or($Name -eq "Benutzer") -or ($Name -eq "S-1-5-32-545"))
{
$sid =New-Object System.Security.Principal.SecurityIdentifier("S-1-5-32-545")
$Script:Identity= $sid.Translate([System.Security.Principal.NTAccount]).Value
}
else{
if($Name.IndexOf('\') -lt 0){ # no domain in account
$tmp = New-Object System.Security.Principal.NTAccount($Name)
$tmp = New-Object System.Security.Principal.SecurityIdentifier ($tmp.translate([System.Security.Principal.SecurityIdentifier]).value)
$Name = $tmp.Translate([System.Security.Principal.NTAccount]).Value
}
$Script:Identity=$Name
}
}
function SetAccess($Permission){
try{
$ACE = New-Object System.Security.AccessControl.FileSystemAccessRule `
($Script:Identity,$Permission, "ContainerInherit,ObjectInherit", "NoPropagateInherit", "Allow")
$null = $Script:acl.SetAccessRule($ACE)
Set-Acl -Path $newFolder -AclObject $Script:acl -ErrorAction Stop
$Script:output += "$($Permission) access set for $($Script:Identity)"
}
catch
{$Script:output +="Error set $($Permission) access for $($Script:Identity) - $($_.Exception.Message)"}
}
# if($null -eq $AccessAccount){
$tmp = New-Item -Name $FolderName -Path $Path -ItemType "directory" -ErrorAction Stop
# }
# else{
# $tmp = New-Item -Name $FolderName -Path $Path -ItemType "directory" -Credential $AccessAccount -ErrorAction Stop
# }
$newFolder = "$($Path)\$($FolderName)"
$Script:acl = Get-Acl -Path $newFolder -ErrorAction Stop
# Modify access
if(-not [System.String]::IsNullOrWhiteSpace($ModifyAccess)){
foreach($chn in $ModifyAccess){
try{
CheckIdentity $chn
SetAccess "Modify"
}
catch
{$Script:output +="Error set Modify access for $($chn) - $($_.Exception.Message)"}
}
}
# Read access
if(-not [System.String]::IsNullOrWhiteSpace($ReadAccess)){
foreach($rd in $ReadAccess){
try{
CheckIdentity $rd
SetAccess "Read"
}
catch
{$Script:output +="Error set Read access for $($rd) - $($_.Exception.Message)"}
}
}
# Full access
if(-not [System.String]::IsNullOrWhiteSpace($FullControlAccess)){
foreach($fa in $FullControlAccess){
try{
CheckIdentity $fa
SetAccess "FullControl"
}
catch
{$Script:output +="Error set FullControl access for $($fa) - $($_.Exception.Message)"}
}
}
# Read and execute
if(-not [System.String]::IsNullOrWhiteSpace($ReadAndExecuteAccess)){
foreach($no in $ReadAndExecuteAccess){
try{
CheckIdentity $no
SetAccess "ReadAndExecute"
}
catch
{$Script:output +="Error set ReadAndExecute access for $($no) - $($_.Exception.Message)"}
}
}
$Script:output += Get-Item -Path $newFolder `
| Select-Object @($Script:Properties) | Format-List
if($SRXEnv) {
$SRXEnv.ResultMessage = $Script:output
}
else{
Write-Output $Script:output
}
}
catch{
throw
}
finally{
}