Hallo Zusammen
Ich sollte auf div. Systeme neue Folder Berechtigungen setzen und diesen Folder sharen und Berechtigen. Und irgend wie kappt das nicht so.
Das erste Problem ist die $AdminGroup. Da es mehere Systeme sind, kann die Berechtigung so gesetzt werden?
Auch mit dem erstellen des share klappt es nicht. Desweiteren sollte ich nachdem der share erstellt worden ist diese share Berechtigen mit div. Groupen.
Wie kann ich das machne.
Hier mein Code:
cls
Function errMsg($intErr)
{
Switch($intErr)
{
0 { "Success - Share deleted" }
2 { "Access denied - Permission?" }
8 { "Unknown failure" }
9 { "Invalid name" }
10 { "Invalid level" }
21 { "Invalid parameter" }
22 { "Duplicate share - Already created" }
23 { "Redirected path" }
24 { "Unknown device or directory" }
25 { "Net name not found" }
DEFAULT { "$intErr has an Unknown value" }
}
}
$Date = get-date
$computers = Get-Content c:\Systems\Server.txt
$ComputerDate = $Computer + "_" + $Date
# Read the Scriptname
$myfile = Split-Path -leaf -resolve $MyInvocation.MyCommand.Path;
# Transfer 1 Arguments
if($args.length -ne 1)
{
Write-Warning "Aufruf mit .\$myfile add"
exit
}
foreach ($Computer in $computers)
{
$Path = "\\$Computer\c$\Windows\System32\spool\driver"
$AddRemove = $args
# If Variable ADD permission
If($AddRemove -eq "Add")
{
$Groups = "Test1\DOMAIN USERS" , "Test2\DOMAIN USERS" , "Test3\DOMAIN USERS" , "Test3\DOMAIN USERS" , "Test4\DOMAIN USERS" , "Test5\DOMAIN USERS"
foreach($Group in $Groups)
{
$DirectoryPath = $Path
$IdentityRef = $Group
$FileSystemRights = [System.Security.AccessControl.FileSystemRights]::Read
$InheritanceFlag1 = [System.Security.AccessControl.InheritanceFlags]::ObjectInherit
$InheritanceFlag2 = [System.Security.AccessControl.InheritanceFlags]::ContainerInherit
$InheritanceFlag = $InheritanceFlag1 -bor $InheritanceFlag2
$PropagationFlag = [System.Security.AccessControl.PropagationFlags]::InheritOnly
$AccessControlType =[System.Security.AccessControl.AccessControlType]::Allow
$User = New-Object System.Security.Principal.NTAccount($Group)
$ACE = New-Object System.Security.AccessControl.FileSystemAccessRule($User, $FileSystemRights,$InheritanceFlag, $PropagationFlag, $AccessControlType)
$ACL = Get-ACL $Path
$ACL.AddAccessRule($ACE)
Set-ACL $Path $ACL
Write-Host "Folder Berechtigung gesetzt $Computer $Group"
}
$AdminGroup = "$Computer\ADMINISTRATORS"
$DirectoryPath = $Path
$IdentityRef = $AdminGroup
$FileSystemRights = [System.Security.AccessControl.FileSystemRights]"Write,Read,Modify"
$InheritanceFlag1 = [System.Security.AccessControl.InheritanceFlags]::ObjectInherit
$InheritanceFlag2 = [System.Security.AccessControl.InheritanceFlags]::ContainerInherit
$InheritanceFlag = $InheritanceFlag1 -bor $InheritanceFlag2
$PropagationFlag = [System.Security.AccessControl.PropagationFlags]::InheritOnly
$AccessControlType =[System.Security.AccessControl.AccessControlType]::Allow
$User = New-Object System.Security.Principal.NTAccount($AdminGroup)
$ACE = New-Object System.Security.AccessControl.FileSystemAccessRule($User, $FileSystemRights,$InheritanceFlag, $PropagationFlag, $AccessControlType)
$ACL = Get-ACL $Path
$ACL.AddAccessRule($ACE)
Set-ACL $Path $ACL
Write-Host "Folder Berechtigung gesetzt $Computer $AdminGroup"
# Check Printer Share
$share = Get-WMIObject -Class Win32_Share -Computer $Computer -Filter "Name='print$'"
if($share)
{
write-host -ForegroundColor Green "$Computer Share exists "
Write-Host -ForegroundColor White "Delete Temp Share $server"
$share = get-wmiobject -computer $Computer -class win32_share | where-object { $_.name -eq "print$" } | foreach-object { $_.delete() }
errMsg($share.returnValue)
write-host -ForegroundColor Green "Create print$ share folder $Computer"
$share.create("\\$Computer\c$\Windows\System32\spool\driver", "print$", 0)
}
else
{
write-host -ForegroundColor Red "$Computer Share not found"
write-host -ForegroundColor Green "Create print share folder $Computer"
$share.create("\\$Computer\c$\Windows\System32\spool\driver", "print$", 0)
}
}
}Vielen dank für eure Hilfe
Grüsse