VMware Cloud Community
owz
Contributor
Contributor
‎01-29-2010 09:13 AM

Modify access

Hi,

I'd like to write a powershell script to give modify access to domain Users for "C:\Program Files\TestSystems" on computers belonging to the "List: TestComputers" group, is there any simple way to do that? I have been googling answers for the cmdlet and have no luck so far, Thanks for your time and help,

Owen

0 Kudos
4 Replies
Zsoldier
Expert
Expert
‎01-29-2010 09:20 AM

In truth, that would be easier done using group policies. If you want to do that in Powershell, you would need powershell installed on each of those boxes or use vbscript. You might want to check the MS scripting guys pages to see if they have anything to do that.

K. Chris Nakagaki (Zsoldier)

Chris Nakagaki (中垣浩一)
Blog: https://tech.zsoldier.com
Twitter: @zsoldier
0 Kudos
owz
Contributor
Contributor
‎02-02-2010 12:24 PM

[

|mailto:owenzhang.chicago@gmail.com] Join Date: Jan 2010 windows vista 2 posts Rep Power: 1

[2 posts|http://www.vistax64.com/reputation.php?p=1223771] vbrep_register("1223771")

[2 posts|http://www.vistax64.com/report.php?p=1223771]

Re: give modify access to domain Users

-

I'd like to use it remotely, meaning, I want to run this script from one server in the network, the script will do

1. Go through all the computers in the computer list : TestComputers

2. foreach (computer in TestComputers), I'd lke to grant the modify permission to the user in the user list :TestUsers.

$directory = "
$computer\C$\Temp"

$inherit = http://system.security.accesscontrol.InheritanceFlags"ContainerInherit, ObjectInherit"

$propagation = http://system.security.accesscontrol.PropagationFlags"None"

$acl = Get-Acl $directory

$accessrule = New-Object

system.security.AccessControl.FileSystemAccessRule("TestUers",

"Modify", $inherit, $propagation, "Allow")

$acl.AddAccessRule($accessrule)

set-acl -aclobject $acl $directory

Now the code for step 2 works for me as above, the question is how to

get the step 1 work which is go through all the computers in the

TestComputers group?

I am using Powershell version 2 , and OS is Windows server 2003 R2.

PS U:\> $env:psver = $host.version.tostring()

PS U:\> $env:psver

2.0

Do I have to install/import these modules instead of using the native ones?

PowerShell Commands (CMDLETs) for Active Directory by Quest Software

Thanks!

Owen

0 Kudos
owz
Contributor
Contributor
‎02-02-2010 12:25 PM

BTW, we got powreshell installed on each of these servers already.

0 Kudos
RvdNieuwendijk
Leadership
Leadership
‎02-12-2010 02:58 AM

In PowerShell V2 you can use the Invoke-Command cmdlet to run commands on other computers. See Get-Help About_Remote for more information. If you put the code that changes the ACL in a function named Set-ACL the script will be:

Get-Content Computers.txt | ForEach-Object { Invoke-Command -computername $_ -scriptblock {Set-ACL}}

Blog: https://rvdnieuwendijk.com/ | Twitter: @rvdnieuwendijk | Author of: https://www.packtpub.com/virtualization-and-cloud/learning-powercli-second-edition
0 Kudos