In this post, I’m following up on Part 1 and Part 2 of this series where I showed you how to create users (and set a few attributes) with PowerShell. Now that you have your user created and configured, I’m going to show you a bit about Home Folder creation and permission assignment. Remember that all of these basics are leading toward a single, simplified, scripted elements method of managing Home Folders in the Enterprise.
So let’s create a folder. Of course, you know how to do that already, so I won’t belabor the point too much. Picking up where we left off in the last post, you already have a PowerShell session going, with network access to the shares where the folders will be created. And since PowerShell has native access to the filesystem via its own object paths, you can actually skip the fancy stuff and just do a good ol’
…or if you’re using a DFS structure, something like this…
I know, I know. That’s not PowerShell. So if you really want to use the benefit of PowerShell, you would use the
New-Item command like this (sticking with our DFS structure from above):
New-Item -type directory -path \MyCompany.orgDFSPathHomesJPavlov
Okay, great. At this point, we have a folder, but no permissions yet for the person who will use it. In order to set the permissions, we’ll stick with PowerShell and…
1.) Build a variable with the existing permissions with the
$acl = Get-Acl \MyCompany.orgDFSPathHomesJPavlov
2.) Add-on the permission we want (your permissions may vary!):
$rule = New-Object System.Security.AccessControl.FileSystemAccessRule("CoretekServicesJPavlov", "DeleteSubdirectoriesAndFiles, Modify, Synchronize", "ContainerInherit, ObjectInherit", "None", "Allow") $acl.AddAccessRule($rule)
3.) And then stuff it all back on the folder with the
Set-Acl \MyCompany.orgDFSPathHomesJPavlov $acl
There you have it! We’ve created the soon-to-be Home Folder for the user we created previously, and added permission we want. So it’s out there if the user can browse around and find it… But let’s help them out a little bit and deliver it as a mapped drive in the next post.
Next time… Assigning this folder as the user’s Home Folder via the AD attribute. See you then!