I’ve read countless different ‘solutions’ for this over the years.. none of them really worked or made sense. I’ve found that this works for me.
We all have that network share that has a certain structure.. for us it’s a folder with letters A through Z as folders to file certain records.. And if you’ve been sysadmin for more than a few months, you’ve gotten the call of “OMG THE G FOLDER IS GONE!!!” of course it’s not gone, someone just accidenti-dragged it into the H folder or something.. such an annoyance.
So you need to lock the folder structure, while still allowing them to write files and delete files and sub folders off of the main structure. This little powershell should do it for you. It’s working in my environment on a network share running on server 2008R2. I specifiy that because in testing, on my local windows 7 workstation, it takes the permissions but it doesnt seem to respect them. Be that as it may that I’m an administrator, I”m logged on locally, or what, I’m not sure.. but I can say that it works on shared network folders.
Of course this uses a DENY on the EVERYONE account, so spare me your warnings of about how the Microsoft book swears that you should never do anything like that because DENY is super evil.. ok Microsoft.. you want me to not use that, come up with your own way to lock the folder structure.. anyway.. sorry for the vinegar spitting, as you can tell I’m a bit bitter about this.
Here it is:
PARAM ( [string]$path ) ##needs NTFSSecurity Module https://gallery.technet.microsoft.com/scriptcenter/1abd77a5-9c0b-4a2b-acef-90dbb2b84e85 Import-Module NTFSSecurity foreach ($file in (Get-ChildItem $path)) { if ($file.PSIsContainer -eq $true) { Add-NTFSAccess $($file.fullname) -AccessRights Delete -Appliesto ThisFolderOnly -accesstype Deny -account everyone get-ntfsaccess $($file.fullname) } } submitted by /u/FJCruisin
[link] [comments]
The post Lock folder structure for network shares appeared first on How to Code .NET.