I am new to Powershell scripting and needs some guidance on creating a script.
We've have terminal server environment where we have to regularly reset user profile in order to resolve application related issues for them. Currently we rename the user profile folder manually to .old, which forces the profile service create a new profile for user next time they login. We are thinking to create a powershell based tool to do this operation for some priority users not from technical domain.
Currently we have one user, who has different profile in different file share depending on which region (Asia, America) user is connecting to. I am looking to create a script which first loads the folders from all region file shares(for performance reason), then a list box to select the region Asia or America, and a username search box. The script should search for the username profile folder in the selected region only.
I havefound only a small bit, need help constructing rest
# Date to append folder name
$Date = Get-Date -Format yyyyMMddhhmm
# List of file shares for FsLogix containers
$FileShares = "\\abc\fileshare"
# Retrieving list of subfolders in each file share
$Containers = foreach ($FileShare in $FileShares) {((Get-ChildItem -Path $FileShare -Directory -Force).FullName)}
# Display containers to select for rename/removal
$UserContainer = $Containers | Out-GridView -PassThru
# Rename container to _OLD with date
Rename-Item $UserContainer -NewName $UserContainer"_OLD_"$Date
Related
Okay, so I'm trying to make this simple stupid easy for people, as well as myself - I'm trying to basically rename a name folder inside a network share but the way we are set up is to have 2 accounts, your main account and one with Admin access. We can ONLY log in with PIV(CAC/Smart) cards, password is not an option.
Basically, trying to run a script as a different user that prompts for the folder name to rename and rename to .old.
Here's what I have that works in PowerShell, but involves manually renaming everything.
Rename-Item "\\%%SERVERNAMEHERE%%\PROFILE\%%NAMEHERE%%" "\\%%SERVERNAMEHERE\PROFILE\%%NAMEHERE%%old"
I understand this is very basic but I'm still pretty novice in scripting.
Here's a short script that prompts for a user name and runs Rename-Item. You should be able to adapt to your needs fairly easily.
$UserName = Read-Host "Enter username [blank=quit]"
if ( $UserName -ne "" ) {
Rename-Item "\\servername\PROFILE\$UserName" "$UserName.old"
Read-Host "Press ENTER to continue"
}
I am looking to delete highlighted value from registry shown in Picture, where 'standard user' is the user id from which system is logged in. I need power shell script so that I can deploy it in every machine of my organization from backend and this highlighted value gets deleted from every user's system profile.
Assuming you are planning on doing this via GPO I would advise two steps:
1- Create the script file and add it to the Files preference on your GPMC
2- Create a one-time Scheduled Task and run the remote script.
This code should do what you want as long as you adapt the Path to your needs. It will get a list of the Values inside the Key you point it to and match it using the where-object.
(Get-Item -Path HKCU:\SOFTWARE\Microsoft\OneDrive\Accounts\Business1\Tenants\Intune Test').Property | Where-Object{$_ -match 'Test Sync - Documents'} | Remove-Item
Deployment is up to you, please assume this code can be improved and or adapted. This is just the core block you need to achieve what you asked.
I'm trying to share a folder to a specific machine/user using Powershell.
Some background: I've many Windows machines which have a folder (data folders) that needs to be backed up. These folders are shared with a "special" machine running backup software. This software daily checks the contents of the data folders and backup the data to its local harddisks. When a new machine arrives, we share the folder by hand using Explorer. (Properties -> sharing -> share ...). All the machines are part of a large network, and we don't want to share the data with all the machines. Therefore we only allow read access to the data folder by the backup machine (let's call the user on the backup machine domain\BackupUser). I want to move the creation of these shared data folders into some script which we can run from Powershell.
The command I found is: New-SmbShare -Path C:\Data\ -Name Data -ReadAccess "domain\BackupUser". The command will create the (smb) share as expected, and I can observe it via the backup machine. But on access it, the permission is denied.
When listing the shared folder access (Get-SmbShareAccess -Name "Data") it does show the expected user.
I've also tried to create the shared folder with: net share Data=C:\Data /grant:BackupUser,FULL but still got the permission is denied error.
The weird thing is when the folder is shared using explorer and list the access (`Get-SmbShareAccess -Name "Data"). The user (BackupUser) is not listed, but an "Everyone" is shown. But when trying to access the data folder from another (random) machine, it does not give access, as desired. The backup machine does have access.
So, the main question: What powershell command(s) creates a new shared folder to a specific machine/user?
Share permissions are not the same as file system permissions.
Set the SHARE permission, then apply the FOLDER/FILE permissions:
$FolderName = 'C:\Data'
$UserId = 'DOMAIN\BackupUser'
New-SmbShare -Path $FolderName -Name Data -ReadAccess $UserId
$Acl = Get-Acl $FolderName
$NewAccessRule = New-Object system.security.accesscontrol.filesystemaccessrule($UserId,"Read","Allow")
$Acl.SetAccessRule($NewAccessRule)
Set-Acl $FolderName $Acl
I want to check whether a given Active Directory user (specified by username and domain) has read/(write) permissions on a given folder. And this unrelated to having them granted directly by user name or indirectly by some group membership. However I've been googling like 5 hours by now to no avail.
I understand, that Get-Acl Cmdlet is used to read folder permissions. Most likely the user is member of some group, that indirectly grants it permissions.
So my idea was to just match the output of
(Get-Acl <Folder>).Access | ft
against the group membership of the user.
I collect the group Information using the command
Get-ADPrincipalGroupMembership "<Username>" | select name
but found out, that this features an entirely different set of group names. I assumed, that the groups outputted by Get-Acl are local ones, while the other ones were AD-sided groups.
I found the command whoami /groups, that prints all groups, but only for the currently logged in user.
After quite some additional time I figured out the command (based on .NET):
(New-Object Security.Principal.WindowsIdentity -ArgumentList #(,"<User#fullDomain.com>")).Claims | select Value
This however just prints SIDs, while
(Get-Acl <Folder>).Access | ft
displays some human friendly output like "NT SERVICE\TrustedInstaller" and such.
I believe I'm pretty close, but I just can't get it to work.
On another note: Does this really have to be that complicated?
Other solutions I found only work based on direct user permissions but do not check group permissions.
Oh and one thing: Everything has to run on PowerShell 4.0 on Windows Server 2012 R2 and the PowerShell script will be running locally. No NuGet packages or anything requiring an Internet connection are allowed.
I've been searching all the internet and stackOF to and resolve this issue.
I am trying to automate a db restore using SQL Server Agent. The sql server agent job comprises of four steps 3 of which are tsql and one which is a powershell script.
I have created a proxy with admin credentials so that the script can be run as admin.
cd c:;
$backuppath="Microsoft.PowerShell.Core\FileSystem::\\sharedcomputer\backup";
$destpath="c:\tmp\";
get-childitem -path $backuppath | where-object { -not $_.PSIsContainer } |
sort-object -Property $_.CreationTime |
select-object -last 1 | copy-item -Destination (join-path $destpath "byte.BAK");
It copies the .bak file from the source shared folder and places it in to tmp folder on the target.
Whenever I run this through regular Powershell it works fine.
Whenever I try to run this from SQL server agent I get an error stating that it cannot find path.
I tried to even use net use to pass credentials for the shared folder. I am thinking it has to do with the fact that the folder has requirement for credentials.
I have turned of password file sharing as well on the source server but for some reason when i use windows explorer to locate the shared file it still asks for credentials initially. Once its saved and cached I can then use powershell to cd in to that folder. But none of this works when its executed from sql server agent
I was able to finally figure this out with a little help from a Windows Server guy...
Going back to answering the question. When I created a proxy agent I used the credentials that were associated with the current Domain Account i.e Domain\Administrator.
In order for the proxy to connect to the remote server it needs to have credentials on that domain.
So what I did was create another domain account on my target and source servers using the same name and password and gave it permissions to the folders I needed
That account was used in the proxy and the credential was set up as .\AccountName, so because the wildcard was in place the proxy was able to jump back and fort between the two servers and successfully transfer the files....
Hope this helps