Last active
May 20, 2022 18:28
-
-
Save adamalbers/fedf043bc679c6a3b0e47429389e0be8 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<# | |
This script fixes the file permissions so that members of $adminGroup can access the redirected | |
folders of users. It also ensures that the users remain the owners of their own folders so that | |
folder redirection does not break. | |
PRO TIP: Make an explicit group to access the folders. DO NOT use a built-in group like Domain Admins or Administrators. | |
Taken from jonahzona on Spiceworks forum. All I did was clean up the formatting and change the variable names. | |
https://community.spiceworks.com/topic/1948116-domain-admins-can-not-access-folders-used-for-folder-redirection | |
#> | |
$topLevelDirectory = 'D:\Shares\FolderRedirection' | |
$adminGroup = 'DOMAIN\File Server Admins' | |
Write-Output $topLevelDirectory | |
$directories = Get-ChildItem "$topLevelDirectory" -Directory | |
foreach ($directory in $directories) { | |
Write-Output $directory.FullName | |
takeown.exe /F $($directory.FullName) /R /D Y | Out-Null | |
icacls.exe $($directory.FullName) /reset /T /C /L /Q | |
icacls.exe $($directory.FullName) /grant ($($directory.BaseName) + ':(OI)(CI)F') /C /L /Q | |
icacls.exe $($directory.FullName) /grant ($($adminGroup) + ':(OI)(CI)M') /C /L /Q | |
icacls.exe $($directory.FullName) /setowner $($directory.BaseName) /T /C /L /Q | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment