none
Need ICACLS script to set homefolder permissions where user has modify permissions and owner RRS feed

  • Question

  • We are moving already created user folders over from one server to another one.

    The user folders are the name of the username.

    I don't understand why this does not work...

    This command alone works to give a user Modify rights to folder/subfolders:

    icacls.exe c:\test /grant username:M /T

    But when I stick it in this little script and run in powershell it tells me "Invalid parameter username:M /T" for each homefolder it comes across, so invalid parameter username1:M /T username2:M /T and so on.

    Any idea how to get this working? 

    I have placed the last line in quotations to see what powershell writes out and it writes out the correct command for each and every user folder so I don't understand if it is writing the correct command why it does not take place.

    $folders = Get-ChildItem -Path c:\test\ | Where-Object -FilterScript {
    
    $_.PSIsContainer -eq $true
    
    }
    
    foreach ($folder in $folders)
    
    {
    
    $path = $folder.fullname
    
    $ACL = Get-Acl -Path $path
    
    $user1 = $folder.name + ":M /T"
    
    icacls.exe $path /grant $user1
    
    }

    You can see below what happens, I bleeped out part of the username cause those are actual usernames.

    The second time I run the script you can see I put the command that needs to be run in quotes to see what it types out.

    It is typing out the EXACT command that would work if I typed them one at a time myself. I am not sure why this is not working.




    • Edited by SCCMN0ob Thursday, June 28, 2018 9:23 PM
    • Moved by Bill_Stewart Wednesday, September 5, 2018 9:58 PM This is not "scripts on demand"
    Thursday, June 28, 2018 9:22 PM

All replies

  • FYI, this is the one that does work to set the owner, the same script but last variable and command are different

    $folders = Get-ChildItem -Path c:\test | Where-Object -FilterScript {
        $_.PSIsContainer -eq $true
    }
    
    foreach ($folder in $folders) 
    {
        $path = $folder.fullname
        $ACL = Get-Acl -Path $path
        $user = "ourDOMAIN\" + $folder.name
        icacls.exe $path /setowner $user /t
    }

    Thursday, June 28, 2018 9:27 PM
  • sorry to ruin your scripting fiesta; but you do know that you can mirror one server to another retaining permissions and timestamps with Robocopy......... right?
    Thursday, June 28, 2018 9:27 PM
  • The permissions are wrong right now so we dont want to mirror, we need to change everything :(

    bad admins have gone and set themselves as owners, set themselves with modify or full control permissions and so on so we are wiping all permissions when we copy over and starting new.

    We using ViceVersa instead of robocopy, same thing but with a GUI.

    • Edited by SCCMN0ob Thursday, June 28, 2018 9:31 PM
    Thursday, June 28, 2018 9:28 PM