I need to set permissions for a bunch of user folders in my home directories. I can get everyone removed, local administrators, user, and system rights just fine. But when i try to add domain admins i cannot get them added. I have written the following. The script works fine until i try to add the domain admins at the bottom of the script. Please help. Thanks in advance
$rootfolder = Get-ChildItem -Path '\\server\folder'
foreach ($userfolder in $rootfolder) {
$userfolder.FullName
If (get-aduser "$userfolder") {
Get-Acl $userfolder.FullName | Format-List
$acl = Get-Acl $userfolder.FullName
$acl.SetAccessRuleProtection($True, $False)
$rule = New-Object System.Security.AccessControl.FileSystemAccessRule("Everyone","FullControl", "ContainerInherit, ObjectInherit", "None", "Allow")
$acl.RemoveAccessRuleAll($rule)
$rule = New-Object System.Security.AccessControl.FileSystemAccessRule("Administrators","FullControl", "ContainerInherit, ObjectInherit", "None","Allow")
$acl.AddAccessRule($rule)
$rule = New-Object System.Security.AccessControl.FileSystemAccessRule($userfolder.Name,"Modify", "ContainerInherit, ObjectInherit", "None", "Allow")
$acl.AddAccessRule($rule)
$acct=New-Object System.Security.Principal.NTAccount("domain",$userfolder.name)
$acl.AddAccessRule($rule)
$acl.SetOwner($acct)
Set-Acl $userfolder.FullName $acl
$rule = New-Object System.Security.AccessControl.FileSystemAccessRule("SYSTEM","FullControl", "ContainerInherit, ObjectInherit", "None", "Allow")
$acl.AddAccessRule($rule)
$acct=New-Object System.Security.Principal.NTAccount("domain\Domain Admins","SYSTEM","FullControl", "ContainerInherit, ObjectInherit", "None", "Allow")
$acl.AddAccessRule($rule)
Get-Acl $userfolder.FullName | Format-List
}
}
Jim Thomas