<#
.SYNOPSIS
Create a folder, share it and set permissions for several users or groups
.DESCRIPTION
Create a folder, share it and set permissions for several users or groups
.NOTES
File Name : Create-Share.ps1
Author : Jan Ryen (jan@janryen.com)
Copyright 2019 - Jan Ryen #>
# Which directory do you want the shared folder to be created in
$pathname = "D:\Shares"
# What is the name of the folder to be created and shared
$foldername = "TestFolder"
# Set path to be used in Set-Acl
$fullpath = "$pathname\$foldername"
# Create folder
New-Item $fullpath –type directory
#Create share and share permissions
New-SmbShare -Name "$foldername" -Path $fullpath -CachingMode None -FullAccess "Everyone"
#remove NTFS ACL inheretance and leave inherited permissions in place
#icacls.exe $fullpath /inheritance:d
$acl = Get-Acl $fullpath
$acl.SetAccessRuleProtection($true,$true)
$acl | Set-Acl $fullpath
#Purge unwanted User Permissions
# usually a good idea to get rid of CREATOR OWNER and BUILTIN\Users
$acl = Get-Acl $fullpath
$usersid = New-Object System.Security.Principal.Ntaccount ("CREATOR OWNER")
$acl.PurgeAccessRules($usersid)
$acl | Set-Acl $fullpath
$acl = Get-Acl $fullpath
$usersid = New-Object System.Security.Principal.Ntaccount ("BUILTIN\Users")
$acl.PurgeAccessRules($usersid)
$acl | Set-Acl $fullpath
#Define inheretance
$InheritanceFlag = [System.Security.AccessControl.InheritanceFlags]::ContainerInherit -bor [System.Security.AccessControl.InheritanceFlags]::ObjectInherit
$PropagationFlag = [System.Security.AccessControl.PropagationFlags]::None
$acType = [System.Security.AccessControl.AccessControlType]::Allow
#foreach
$fullControllUsers = "TEST\user1", "TEST\group1"
$modifyUsers = "TEST\group2", "TEST\group3", "TEST\group4"
foreach ($item in $fullControllUsers) {
# add FullControl users
$acl = Get-Acl $fullpath
$AccessRule = New-Object System.Security.AccessControl.FileSystemAccessRule($item,"FullControl", $InheritanceFlag, $PropagationFlag, $acType)
$acl.SetAccessRule($AccessRule)
$acl | Set-Acl $fullpath
}
foreach ($item in $modifyUsers) {
# add Modify users
$acl = Get-Acl $fullpath
$AccessRule = New-Object System.Security.AccessControl.FileSystemAccessRule($item, "Modify", $InheritanceFlag, $PropagationFlag, $acType)
$acl.SetAccessRule($AccessRule)
$acl | Set-Acl $fullpath
}
#check what we have now
Get-Acl $fullpath | Format-Table -Wrap