I'd like to find an automatic way to share OneDrive files with a specific internal user, what's the best approach? My current scripts are using PowerShell, but that's not a hard requirement.
I've tried:
https://learn.microsoft.com/en-us/graph/api/driveitem-invite?view=graph-rest-1.0 - what's the best library to use for this? I've created an AzureAD app with the appropriate delegated permissions. In PowerShell, once I run Connect-MgGraph, what method can I run to call this?
https://learn.microsoft.com/en-us/powershell/module/sharepoint-pnp/set-pnplistitempermission?view=sharepoint-ps - but my OneDrive items aren't part of a list. Could they be? The folder permission works well: https://learn.microsoft.com/en-us/powershell/module/sharepoint-pnp/set-pnpfolderpermission but I don't understand why there isn't a file one just like this folder one
I know the absolute URL of the file, the UPN of the internal user I want to directly share with, and I have owner permissions to the file. How can I do this?
Related
A little more context, I'm trying to use PowerShell to search through SharePoint for any files which have a particular Author.
We have an issue where if someone tries to delete a file that is authored by an ex-employee it alerts a different person that they did not have permission for the file to go to recycle bin for some reason and makes them permanently delete it instead. Below is a link of what they get:
Microsoft won't support it as they say they won't supply custom scripts so I was wondering if anyone here had any ideas?
I've tried around a bit, but haven't come up with a good result yet. My powershell skills are also a bit rusty.
What do I have in mind?
I want to read all security groups from a folder. For each security group I search in a domain (Active Directory) for the group and get all users contained in it.
Afterwards I add the user with the same rights again extra to the folder.
Reason: I search for the group or the user in another domain. Both domains are accessible from the same server. The groups will be removed at some point.
How can I do this? I have already tried a bit to read out groups (Get-Acl) etc, but I do not get further.
I do not ask for a complete solution, but just need hints how I could do this. Possibly also how this is then called in Powershell etc.
I'm trying to give access to users on an application on AAD by powershell or Graph API. I have a list of 60 users and I don't want to do it by hand. I've investigate in AAD cmdleds but I didn't find anything useful for me. Is there any way for doing that?
Thanks a lot.
You can do so through PowerShell with a module from this blog post.
After you download the module, edit it, create a csv file containing your 60 users, run 4 cmdlets and you're done!
(Remember to restart PowerShell if you make an edit to the psm1 module in the middle of a PowerShell session, reimporting doesn't clear the cache.)
I accomplished writing an application code in Matlab. I create a .mat file and save data into it somewhere in the code. I converted it to a standalone application file.(exe) However, I don't want to give permission to the user to see and modify this .mat file because the application uses that file in the next executions. For this reason, I changed the permission settings by right clicking the folder and:
properties-Security-Advanced-Changed Permission
However, after changing the permission, the code cannot reach that file and fails while executing. How can I handle it?
To my opinion you are approaching this the wong way. To make that concept working, your application would require higher permissions than the user has, especially the user may not modify permissions. For the majority of self-administrated PCs this is impossible, because the primary user has full administrative rights, allowing to modify folder permissions.
For such cases the typical solution is encryption. Assume everyone can access your files, store only encrypted files to the hard drive.
If I find (or create) a new PowerShell cmdlet (or function), how do I add it to my machine?
Do I copy it to a particular folder?
Do I put its content in a particular file?
Do I need to authorize it, or sign it, or give it permission in some way?
I don't want to use it in just one session; I want it to be available whenever I use PowerShell on this machine.
As Alex mentions, any function defined in your profile or in a script that gets "dotted" into your profile will always be available. The same goes if you use Add-PSSnapin in your profile to add a snapin. The cmdlets in the snapin will always be available. For more information about profiles check out the help topic:
man about_profiles
However if you have a significant number of functions you may not want to load them until they are needed. In this case, you can organize functionality into scripts and then put those scripts into one or more directories that are in your path. You can then reference the script by name without specifying the full path or even the .PS1 extension. For more information about using scripts check out the help topic:
man about_scripts
PowerShell V2 introduces an even better approach to organizing functions and loading them on demand. The feature is called Modules and allows you to Import-Module by a simple name (rather than path) and to choose which functions and variable are made public versus which ones remain private. If you have V2, check out modules:
man about_modules
You should access the cmdlets through your profile script. That way, every time you access PowerShell, it gets loaded. See The Power of Profiles.