Share folder with PowerShell

<# 
.SYNOPSIS
    Create a folder, share it and set permissions for several users or groups 
.DESCRIPTION 
    Create a folder, share it and set permissions for several users or groups
.NOTES 
    File Name : Create-Share.ps1
    Author : Jan Ryen (jan@janryen.com) 
    Copyright 2019 - Jan Ryen #>

# Which directory do you want the shared folder to be created in
$pathname = "D:\Shares"

# What is the name of the folder to be created and shared
$foldername = "TestFolder"

# Set path to be used in Set-Acl
$fullpath = "$pathname\$foldername"

# Create folder
New-Item $fullpath –type directory

#Create share and share permissions
New-SmbShare -Name "$foldername" -Path $fullpath -CachingMode None -FullAccess "Everyone"

#remove NTFS ACL inheretance and leave inherited permissions in place
#icacls.exe $fullpath /inheritance:d
$acl = Get-Acl $fullpath
$acl.SetAccessRuleProtection($true,$true)
$acl | Set-Acl $fullpath

#Purge unwanted User Permissions
# usually a good idea to get rid of CREATOR OWNER and BUILTIN\Users
$acl = Get-Acl $fullpath
$usersid = New-Object System.Security.Principal.Ntaccount ("CREATOR OWNER")
$acl.PurgeAccessRules($usersid)
$acl | Set-Acl $fullpath

$acl = Get-Acl $fullpath
$usersid = New-Object System.Security.Principal.Ntaccount ("BUILTIN\Users")
$acl.PurgeAccessRules($usersid)
$acl | Set-Acl $fullpath

#Define inheretance
$InheritanceFlag = [System.Security.AccessControl.InheritanceFlags]::ContainerInherit -bor [System.Security.AccessControl.InheritanceFlags]::ObjectInherit
$PropagationFlag = [System.Security.AccessControl.PropagationFlags]::None
$acType = [System.Security.AccessControl.AccessControlType]::Allow 

#foreach
$fullControllUsers = "TEST\user1", "TEST\group1"
$modifyUsers = "TEST\group2", "TEST\group3", "TEST\group4"

foreach ($item in $fullControllUsers) {
    # add FullControl users
    $acl = Get-Acl $fullpath
    $AccessRule = New-Object System.Security.AccessControl.FileSystemAccessRule($item,"FullControl", $InheritanceFlag, $PropagationFlag, $acType)
    $acl.SetAccessRule($AccessRule)
    $acl | Set-Acl $fullpath

}

foreach ($item in $modifyUsers) {
    # add Modify users
    $acl = Get-Acl $fullpath
    $AccessRule = New-Object System.Security.AccessControl.FileSystemAccessRule($item, "Modify", $InheritanceFlag, $PropagationFlag, $acType)
    $acl.SetAccessRule($AccessRule)
    $acl | Set-Acl $fullpath

}

#check what we have now
Get-Acl $fullpath | Format-Table -Wrap

.SYNOPSIS

Create a folder, share it and set permissions for several users or groups

.DESCRIPTION

Create a folder, share it and set permissions for several users or groups

.NOTES

File Name : Create-Share.ps1

Author : Jan Ryen (jan@janryen.com)

# Which directory do you want the shared folder to be created in

$pathname = "D:\Shares"

# What is the name of the folder to be created and shared

$foldername = "TestFolder"

# Set path to be used in Set-Acl

$fullpath = "$pathname\$foldername"

# Create folder

New-Item $fullpath –type directory

#Create share and share permissions

New-SmbShare -Name "$foldername" -Path $fullpath -CachingMode None -FullAccess "Everyone"

#remove NTFS ACL inheretance and leave inherited permissions in place

#icacls.exe $fullpath /inheritance:d

$acl = Get-Acl $fullpath

$acl.SetAccessRuleProtection($true,$true)

$acl | Set-Acl $fullpath

#Purge unwanted User Permissions

# usually a good idea to get rid of CREATOR OWNER and BUILTIN\Users

$acl = Get-Acl $fullpath

$usersid = New-Object System.Security.Principal.Ntaccount ("CREATOR OWNER")

$acl.PurgeAccessRules($usersid)

$acl | Set-Acl $fullpath

$acl = Get-Acl $fullpath

$usersid = New-Object System.Security.Principal.Ntaccount ("BUILTIN\Users")

$acl.PurgeAccessRules($usersid)

$acl | Set-Acl $fullpath

#Define inheretance

$InheritanceFlag = [System.Security.AccessControl.InheritanceFlags]::ContainerInherit -bor [System.Security.AccessControl.InheritanceFlags]::ObjectInherit

$PropagationFlag = [System.Security.AccessControl.PropagationFlags]::None

$acType = [System.Security.AccessControl.AccessControlType]::Allow

#foreach

$fullControllUsers = "TEST\user1", "TEST\group1"

$modifyUsers = "TEST\group2", "TEST\group3", "TEST\group4"

foreach ($item in $fullControllUsers) {

# add FullControl users

$acl = Get-Acl $fullpath

$AccessRule = New-Object System.Security.AccessControl.FileSystemAccessRule($item,"FullControl", $InheritanceFlag, $PropagationFlag, $acType)

$acl.SetAccessRule($AccessRule)

$acl | Set-Acl $fullpath

}

foreach ($item in $modifyUsers) {

# add Modify users

$acl = Get-Acl $fullpath

$AccessRule = New-Object System.Security.AccessControl.FileSystemAccessRule($item, "Modify", $InheritanceFlag, $PropagationFlag, $acType)

$acl.SetAccessRule($AccessRule)

$acl | Set-Acl $fullpath

}

#check what we have now

Get-Acl $fullpath | Format-Table -Wrap