Alan's Blog

"Yeah. I wrote a script that will do that."

Fix User’s Home Directory Permissions with Take Ownership

Posted on February 15th, 2017

Fix-HomeDrivePerms.ps1 is a PowerShell script which attempts to reset folder security when the permissions are really hosed.  It uses a take ownership function, Set-Owner, by Boe Prox, instead of takeown.exe, but does shell out to iCacls.exe.  I wrote this to fix home directories where a user might be logged on with files open a the time, and so it doesn’t rip out the old permissions and replace.

This will require a some editing to run, and this code fragment is set up to do one user folder at a time.  But it might get you going in the right direction.

Script Text

Tags: ,
Filed under PowerShell, Scripting, Scriptlets, Security, Windows Administration | No Comments »

Another User Folder Security Reset Script

Posted on February 11th, 2017

This simple batch file resets the inheritance on users folders and then grants them “modify” using the builtin icacls.exe.   This script does not address issues which require you to take ownership — I will post one that does that soon.

I added the “echo” command so you can see what it is doing — remove “echo” when you are ready to run it.

Remember that the variable character for batch files is the percentage sign “%” which must be escaped with a second percentage sign inside a batch file. So if you intend to run this from a command line, you would need to use only a single percentage sign for each variable.

PushD does a temporary drive mapping and changes you to the folder. Popd is the undo for PushD. Both are available inside of PowerShell.

The “FOR” command reads like this: For each directory assign the variable %u.  Run iCacls  to reset security, traversing the folders and continuing  on errors.  The expression %~fu expands %u to a fully qualified path name. The semi-colon allows multiple commands to be stacked. The next iCacls command grants the user modify based on the assumption that the username and folder name are the same.  %~du expands %u to a drive letter only – here, the temporary drive you got from the pushd command.

Variable assignments in the batch for command are case sensitive. If you run “FOR /?” from a command line, you will see a long list of interesting things that the tilde modifier can do with a batch variable.

Tags: , ,
Filed under Batch, Scripting, Security, Windows Administration | No Comments »

Please Note

All the scripts are saved as .txt files. Newer files have a "View Script" button which will let you save or open a script in notepad. For earlier posts, the easiest way to download with IE is to right click on the link and use "Save Target As". Rename file from Name_ext.txt to Name.ext.

To see a full post after searching, please click on the title.

PowerShell Scripts were written with Version 3 or 4.

https connections are supported.

All new users accounts must be approved, as are comments. Please be patient. It is pretty easy to figure out my email address from the scripts, and you are welcome to contact me that way.

Site Search

Categories

Archives

SQL Site

Bad Behavior has blocked 262 access attempts in the last 7 days.