none
Create directories , share them and set appropriate security powershell RRS feed

  • Question

  • hello , 

    i need to create 1000 folders share them and set the corresponding security for example

    folder001 should be shared to username called  " folder001" and set cacls "cacls c:\test\foldername /e /c /g folder:F  /r users"

    so i set this up like this.

    $folders = Get-Content "C:\Users\user\Desktop\Powershell\a.txt"
    $path = "C:\test"
    $users = Get-LocalUser | Where-Object {$_.name -match "folder*"}
    foreach ($folder in $folders){
    New-Item -Name $folder -Path $path -ItemType "directory"
    foreach ($user in $users){
    New-SmbShare -Name $folder -Path c:\test\$folder -FullAccess $user}
    }

    this creates all the folders successfully and shares them successfully except that they are all shared with full permission for username " folder001" and i also get an error "New-SmbShare : The name has already been shared."

    im stuck on this can anyone help please


    RM

    • Moved by Bill_Stewart Tuesday, December 11, 2018 9:41 PM This is not "scripts on demand"
    Tuesday, July 31, 2018 3:38 PM

All replies

  • We do not recommend doing this in this way.  Create s single folder with all user folders then share the root folder.  Users can be easily mapped to their folder by name.

    Group Policy can do this for you and will set all permissions to each user as it creates the folders automatically. 

    I recommend using NTFRS or DFS-R for these folders as it allows you to expand the storage as needed transparent.  You can also move the folders transparently,

    http://blogs.catapultsystems.com/chsimmons/archive/2015/07/27/ntfrs-or-dfs-r-replication-for-sysvol/#


    \_(ツ)_/

    Tuesday, July 31, 2018 4:55 PM
  • Ok well ... i already do that for another purpose ... i have a gpo to create folders and map drive them ... but the thing is .. when a new user logs kn he has to type “gpupdate /force “ then log out the log in in order for that mapped drive to appear ... and im fine with that... but in this case i need those 1000 users to immediately see their mapped drive .. i guess ill just create the 1000 folders first and map drive them to their corresponding users via gpo ... but still ... what if i wanna do it all with powershell ... can u help ? Can it be done? I have another question also ... when i tried importing the names from a csv file ... the fllders names appeared something like this. @{folder001=folder002} So i pit the names in a txt file Etc ... can u explain why ?

    RM

    Tuesday, July 31, 2018 5:45 PM
  • I am not talking about a logon script or any other tricks.  Folder redirection works immediately on first logon.  For an existing user it will take a bit to actually move the folder but this is normally not an issue.  Running "gpupdate" is never required if GP is working correctly.  In Win 8 and later the move can be delayed by as much as 5 minutes.  This is normal. 

    Once you have existing users set up correctly then new users will be provisioned sooner than they need at first logon.

    If you are trying to move many users all at once I recommend using a group filter and adding users 20 to 30 at a time until everyone has completed the initial move.

    I have done this many times.  Once the policy is defined and tested the whole move is very  efficient. 


    \_(ツ)_/

    Tuesday, July 31, 2018 5:53 PM
  • I dont use folder redirection ... i just use group policy preferences ... the knly issue is that if a new user logs in ... the mapped drive Doesnt show immediately... it shows after a logout/login ... the clients are windows 10 the Dc is windows 212 anyways i dont have a problem with that ... its all fine ... and thanks for your help .

    RM

    Tuesday, July 31, 2018 8:59 PM
  • Use redirection.  Post in GP forum for help with GP issues.


    \_(ツ)_/

    Tuesday, July 31, 2018 9:13 PM