I've gotten comfortable using icacls to add people to file folders but now I am having trouble figuring out how to do the following:
on a folder with many children, g
get the existing permissions on the folder and store them
Add a bunch of new users, propogating to all children and turning on inheritance, replace and force (already working from previous scripts)
check the top level folder and remove any permissions not placed on in step 2.
now that the parent folder has the correct permissions and all children have inheritance set, set all children to have the same permissions as the parent (recompute acl inheritance?)
thanks for any help you all can provide, I just need a push to get into the right direction.
If you're using PowerShell, you don't need icacls (which returns text instead of objects) since you have have Get-Acl and Set-Acl. However, the help for those two commands is severely lacking, so I recommend supplementing with the .NET framework.
http://technet.microsoft.com/en-us/library/ff730951.aspx is a very good article on ACLs using the .NET framework in PowerShell. If you need more in depth information on System.Security.AccessControl, go to http://msdn.microsoft.com/en-us/library/system.security.accesscontrol.aspx.
Related
A little more context, I'm trying to use PowerShell to search through SharePoint for any files which have a particular Author.
We have an issue where if someone tries to delete a file that is authored by an ex-employee it alerts a different person that they did not have permission for the file to go to recycle bin for some reason and makes them permanently delete it instead. Below is a link of what they get:
Microsoft won't support it as they say they won't supply custom scripts so I was wondering if anyone here had any ideas?
I've tried around a bit, but haven't come up with a good result yet. My powershell skills are also a bit rusty.
What do I have in mind?
I want to read all security groups from a folder. For each security group I search in a domain (Active Directory) for the group and get all users contained in it.
Afterwards I add the user with the same rights again extra to the folder.
Reason: I search for the group or the user in another domain. Both domains are accessible from the same server. The groups will be removed at some point.
How can I do this? I have already tried a bit to read out groups (Get-Acl) etc, but I do not get further.
I do not ask for a complete solution, but just need hints how I could do this. Possibly also how this is then called in Powershell etc.
I'd like to find an automatic way to share OneDrive files with a specific internal user, what's the best approach? My current scripts are using PowerShell, but that's not a hard requirement.
I've tried:
https://learn.microsoft.com/en-us/graph/api/driveitem-invite?view=graph-rest-1.0 - what's the best library to use for this? I've created an AzureAD app with the appropriate delegated permissions. In PowerShell, once I run Connect-MgGraph, what method can I run to call this?
https://learn.microsoft.com/en-us/powershell/module/sharepoint-pnp/set-pnplistitempermission?view=sharepoint-ps - but my OneDrive items aren't part of a list. Could they be? The folder permission works well: https://learn.microsoft.com/en-us/powershell/module/sharepoint-pnp/set-pnpfolderpermission but I don't understand why there isn't a file one just like this folder one
I know the absolute URL of the file, the UPN of the internal user I want to directly share with, and I have owner permissions to the file. How can I do this?
I need to generate an ACL Report for NAS Shares, even for folders where the local administrators group has been removed from those files.
Some application can use the privilege to bypass traverse checking and or bypass ntfs permissions, similar to what robocopy does.
Treesize is a tool I used but it does not work in the way I need, it would only get the ntfs acls correctly for the first level of the folder where I do not have access, but if there are other subfolders, it will fail to obtain the information.
Subinacl seems to work fine, but here is my question has anyone share idea how to manipulate data so this can be accomplished using this tool. The report is not showing the permissions directly instead it is showing hex codes representing the actual permissions.
I read that powershell might also be able to do this but I have no idea or I could not find any code related to this.
If you have a good reason to see those permissions, hopefully someone with access can help, or at least grant you the Read permissions permission.
Parsing the text from subinacl will take work, as you've noticed. (Scroll down to the permission element for translations of those codes you're asking about.) I've never used ShareEnum from Sysinternals, but maybe that's a step in the right direction.
PowerShell's Get-Acl returns objects, maybe easier to report from. But before Get-Acl will see those subfolders, you might need to change object ownership. PowerShell can do that, depending on the context, but the admins might prefer a friendly knock before you start picking locks, if you catch my drift. Here is some guidance from Server Fault.
I have been working with SharePoint Designer, and have been creating workflows, but cannot seem to find a way to create a folder inside of another folder that already exists. Now, I have no problem creating a folder and then creating another one inside of it, but I need to be able to add the subfolder to a pre-existing folder. Can anyone help. I am using SharePoint Designer 2010. I keep getting the error that it could not create the list item and to make sure the list exists and the user has permissions to the list. I am the owner with all permissions and the list does exist. I can give you more details if you have specific questions. I have tried referencing the data several different ways, starting with the way in which I referenced it to create a folder and subfolder, but am having no luck. Please help.
Have you tried including the existing folder name? See this blog post for details: http://www.getinthesky.com/2012/08/creating-folders-and-sub-folders-using-sharepoint-2010-designer-workflow/
It involves creating the folder and subfolder in the same workflow, however, the parent folder must be created first anyway.