Folder Creation and Restrictions 1.0

1. #Used to create multiple individual folders on a shared drive
2. #Restricts rights to those approved through the $accessCSV (name[account name],access[level of access],type[allow/deny])
3. #Creates folder for all users in $importfile (displayName,samaccountname)
4. #Will disable inheritance and remove inherited rights from folder, while applying restrictions based on $accessCSV
5. #Children of new folder will have rights propagate correctly, while not having the root share's permissions inherit
6. Param(
7.     [string]$username,
8.     [string]$importfile,
9.     [string]$accessCSV,
10.     [string]$folderroot,
11.     [string]$domain
12. )
13. #import user list
14. $folderList = Import-Csv -Path $importfile
15. #import ACLs
16. $accessList = Import-Csv -Path $accessCSV
17. #start folder creation loop
18. $folderList|
19. %{
20.     #pull user display name
21.     $folderName = $_.name
22.     #sets samaccountname for ACL addition
23.     $accountName = $domain + "\" + $_.samaccountname
24.     #creates folder path
25.     $folderPath = $folderroot + "\" + $folderName
26.     #test if folder exists
27.     $exist = Test-Path -Path $folderPath
28.     #create folder loop
29.     if ($exist -ne $true)
30.     {
31.         #create folder
32.         New-Item -ItemType "directory" -Path $folderPath
33.         #get current ACL
34.         $acl = Get-Acl $folderPath
35.         #sets inheritance to allow ACL to propigate to children of new folder
36.         $inheritanceFlags = "ContainerInherit, ObjectInherit"
37.         $propagationFlags = "none"
38.         $folderAccess = "Allow"
39.         #populates ACL based on CSV with accounts (administration, administors etc)
40.         $accessList|
41.             %{
42.                 $user = $_.name
43.                 $access = $_.access
44.                 $type = $_.type
45.                 #creates ACL rule
46.                 $allowAccess = New-Object System.Security.AccessControl.FileSystemAccessRule ($user,                                $access,$inheritanceFlags,$propagationFlags,$type)
47.                 #applies ACL rule
48.                 $acl.SetAccessRule($allowAccess)
49.                 #saves ACL rule
50.                 Set-Acl -Path $folderPath -AclObject $acl
51.             }
52.         #creates ACL for myself *MAY NOT NEED*
53.         $allowAccess = New-Object System.Security.AccessControl.FileSystemAccessRule ($username,            "FullControl",$inheritanceFlags,$propagationFlags, "Allow")
54.         #applies ACL rule
55.         $acl.SetAccessRule($allowAccess)
56.         #saves new ACL
57.         Set-Acl -Path $folderPath -AclObject $acl
58.         #creates ACL for user
59.         $allowAccess = New-Object System.Security.AccessControl.FileSystemAccessRule ($accountName,"FullControl",$inheritanceFlags,$propagationFlags,$folderAccess)
60.         #applies ACL rule
61.         $acl.SetAccessRule($allowAccess)
62.         #saves ACL rule
63.         Set-Acl -Path $folderPath -AclObject $acl
64.         #disables inheritance and removes inherited rights
65.         $acl.SetAccessRuleProtection(1,0)
66.         #saves inheritance rule
67.         Set-Acl -Path $folderPath -AclObject $acl
68.     If ($exist -eq $true)
69.     {
70.         Write-Host "Folder already exists for $folderName"
71.     }
72. }