I have been struggling a bit with a cleanup script we have running on user home directories. It is SUPPOSED to delete user folders for employees who no longer work here.
The users are not always smart so I have a large list of potential issues and am looking for the fastest way to delete this users folders.
Issues so far:
ReparsePoints/Junction Points - I need them removed, but not followed... would hate to delete something the user linked to for some stupid reason
Long Path Length - Some users have magically created path lengths that are way too long
Need to be able to perform this delete remotely - The techs that will be running this script do not have permission to log directly onto the server, however they have full admin on the locations in question
Attempts so far:
robocopy "c:\temp\empty" $d.FullName /MIR /R:3 /W:1
remove-item $d.FullName -recurse -force
It should be noted I have tried with both UNC and mounted drive letters.
So all that to say I ask you, the brilliant folks of the web. What is the best way to delete a folder, regardless of its content, length or links?
Thanks for any hints or help you can provide
Related
I often have to move a large number of files from one part of sharepoint to another, and the GUI often has issues with data loss or duplication, as well as being extremely repetitive and time intensive.
Ideally I'd really like there to be a way to just navigate sharepoint files as if they were just any other files on a command line in a computer file system. Is such a thing even possible? If not, is there at least a way to cp files from one directory into another?
Things like these make it seem easy, except the file paths don't actually match up in reality to any expected path:
https://www.sharepointdiary.com/2018/03/sharepoint-online-move-files-using-powershell.html
When attempting to use the SPO or PNP module in powershell, the documentation is pretty unclear. Get-PNPfile either always returns file not found if I try to use /Documents/Foldername like one would think. Even if I right click and copy link and get that messy url and make sure to deal with the ampersands, it still doesn't work. For example
Get-PnPFile -Url "https://domain.sharepoint.com/sites/team/Documents/file"
I would expect this to well, return an object that contains something pointing to the file, but it never works.
One possibility is that MFA is a requirement in the environment I'm using and it seems requires a flag -UseWebLogin which appears to work without errors, but it also appears to work when I mistyped the url of the team name when I used the command Connect PnPOnline, so maybe there is an issue there?
First for MFA, it will be better to user Connect-PnPOnline -Url "https://domain.sharepoint.com" -Interactive just like the comment on your original post.
And for the file not found error, it seems you are not using the correct URL. Have a try on the site relative URL.
Here is what I have tested
So, the solution ended up being the use of the "sync" feature which then creates an alias that can be manipulated as if it was a regular file on a machine using powershell. There doesn't seem to be a straightforward way to interact with the sharepoint filesystem via command line which is bonkers.
After trying to use ConvertTo-Application and New-WebApplication, I've had no luck converting a folder to an app when it's located on a network share.
I receive a "Path doesn't belong to 'WebAdministration' provider"
I've scoured the internet trying to find a solution, including several links from stackoverflow.
Basically I'm making a GUI script to create a website, convert folders to webapps, I have two comboboxes for selecting current websites and AppPools. The GUI also let's me create AppPools. The GUI works great, but I'm just trying to get this one feature of it going.
This feature of the script is something that is required by management.
New-WebApplication -Name $Name2 -Site $SiteN -PhysicalPath $Path -ApplicationPool $AppP
(also)
ConvertTo-WebApplication -PSPath "\\domain.local\webstuff\WebSites\Dev\Internet\foldername\scriptdevsite\scriptdevsite2\SiteApp1"
Now, I realize that ConvertTo-WebApplication is for converting Virtual Directories to apps, but I wanted to try this and see if it'll work.
The New-Website command works great, but it makes apps and leaves the folders.
So I'll get scriptdevsite2\SiteApp1\SiteApp1, not going to work.
We have websites that have physical folders that sometimes need to be converted to an application and occasionally removed for testing.
Likely going to have to implement some C# for this, I've been checking into Application Class.
But it's not very helpful, at least not to me.
I'm still new to this site, so if there's anything I'm leaving out, I apologize in advance.
Thank you for your help
I have been doing some research to see if there is a way to script this functionality and I cant seem to find where these certs are actually stored. I see the other articles on "deleting certificates from store", but I think these are causing me more confusion.
If I run a search like get-childitem -path cert:\CurrentUser, I don't see the Other People location. But, I am able to see the location in certmgr.msc. I have also checked the reg locations outlined here: https://technet.microsoft.com/en-us/library/cc783813(WS.10).aspx and can't seem to find the location either.
So, I guess my question is as follows:
Can a script be built to go into this location and do a full clean-up?
Where are these certs actually installed on the local system?
Thank you, and I apologize if this seems a little erratic. This has been making my head spin for almost two hours. Thanks.
What you are looking for is the AddressBook directory of the CurrentUser store. Do a gci Cert:\CurrentUser\AddressBook and I bet you see the exact same certificates as you do in the 'Other People' section of certmgr.msc. If you do not want to keep any of those certificates deleting them all is as simple as:
Get-ChildItem Cert:\CurrentUser\AddressBook | Remove-Item
They will all be deleted if you do that, so please do so with caution. Just want to get rid of expired certificates? Add a where statement like this:
Get-ChildItem Cert:\CurrentUser\AddressBook | Where{$_.NotAfter -lt [datetime]::Now} | Remove-Item
That one would only remove expired certificates.
Anyway, you want Cert:\CurrentUser\AddressBook.
I need to generate an ACL Report for NAS Shares, even for folders where the local administrators group has been removed from those files.
Some application can use the privilege to bypass traverse checking and or bypass ntfs permissions, similar to what robocopy does.
Treesize is a tool I used but it does not work in the way I need, it would only get the ntfs acls correctly for the first level of the folder where I do not have access, but if there are other subfolders, it will fail to obtain the information.
Subinacl seems to work fine, but here is my question has anyone share idea how to manipulate data so this can be accomplished using this tool. The report is not showing the permissions directly instead it is showing hex codes representing the actual permissions.
I read that powershell might also be able to do this but I have no idea or I could not find any code related to this.
If you have a good reason to see those permissions, hopefully someone with access can help, or at least grant you the Read permissions permission.
Parsing the text from subinacl will take work, as you've noticed. (Scroll down to the permission element for translations of those codes you're asking about.) I've never used ShareEnum from Sysinternals, but maybe that's a step in the right direction.
PowerShell's Get-Acl returns objects, maybe easier to report from. But before Get-Acl will see those subfolders, you might need to change object ownership. PowerShell can do that, depending on the context, but the admins might prefer a friendly knock before you start picking locks, if you catch my drift. Here is some guidance from Server Fault.
I've gotten comfortable using icacls to add people to file folders but now I am having trouble figuring out how to do the following:
on a folder with many children, g
get the existing permissions on the folder and store them
Add a bunch of new users, propogating to all children and turning on inheritance, replace and force (already working from previous scripts)
check the top level folder and remove any permissions not placed on in step 2.
now that the parent folder has the correct permissions and all children have inheritance set, set all children to have the same permissions as the parent (recompute acl inheritance?)
thanks for any help you all can provide, I just need a push to get into the right direction.
If you're using PowerShell, you don't need icacls (which returns text instead of objects) since you have have Get-Acl and Set-Acl. However, the help for those two commands is severely lacking, so I recommend supplementing with the .NET framework.
http://technet.microsoft.com/en-us/library/ff730951.aspx is a very good article on ACLs using the .NET framework in PowerShell. If you need more in depth information on System.Security.AccessControl, go to http://msdn.microsoft.com/en-us/library/system.security.accesscontrol.aspx.