Jump to content

Recommended Posts

I have a script that resets all permissions on a set of folders and then applies custom permissions. I have another one that set's up auditing on selected folders. For some reason when I run the script that set's up auditing after running the script setting up permissions the permissions on audited folders are set back to default.

To audit I run

$user = "Everyone"

$rules = "Delete,CreateFiles,AppendData"

$Inheritance = "ContainerInherit,ObjectInherit"

$type = "Success"

$ACL = New-Object System.Security.AccessControl.DirectorySecurity

$rule = New-Object System.Security.AccessControl.FileSystemAuditRule($user,$rules,$inheritance,"None",$type)

$acl.AddAuditRule($rule)

foreach($folder in $folders){ $ACL | Set-Acl $folder}

auditpol /set /subcategory:"File Share" /success:enable

 

in the script for permissions I have

takeown /F c:\test /A /R /D Y

icacls c:\test /reset /t /c

icacls c:\test /grant:r "NT Authority\Authenticated Users":(CI) (OI) R

icacls c:\test\item1 /inheritance:r /grant:r "admin group": (CI) (OI) RWD /grant:r "read group": (CI) (OI) R /grant:r "builtin\Administrators": (OI) (CI) F  .....

and more lines in pretty much the same manner for diferent subfolders.

Can someone spot where it goes wrong?

Link to post
Share on other sites
Posted (edited)
On 7/14/2021 at 3:10 AM, mrstarc said:

I have a script that resets all permissions on a set of folders and then applies custom permissions. I have another one that set's up auditing on selected folders. For some reason when I run the script that set's up auditing after running the script setting up permissions the permissions on audited folders are set back to default.

To audit I run

$user = "Everyone"

$rules = "Delete,CreateFiles,AppendData"

$Inheritance = "ContainerInherit,ObjectInherit"

$type = "Success"

$ACL = New-Object System.Security.AccessControl.DirectorySecurity

$rule = New-Object System.Security.AccessControl.FileSystemAuditRule($user,$rules,$inheritance,"None",$type)

$acl.AddAuditRule($rule)

foreach($folder in $folders){ $ACL | Set-Acl $folder}

auditpol /set /subcategory:"File Share" /success:enable

use icacls to master ntfs permissions management

in the script for permissions I have

takeown /F c:\test /A /R /D Y

icacls c:\test /reset /t /c

icacls c:\test /grant:r "NT Authority\Authenticated Users":(CI) (OI) R

icacls c:\test\item1 /inheritance:r /grant:r "admin group": (CI) (OI) RWD /grant:r "read group": (CI) (OI) R /grant:r "builtin\Administrators": (OI) (CI) F  .....

and more lines in pretty much the same manner for diferent subfolders.

Can someone spot where it goes wrong?

best spin bikes under $500

no response from anyone

Edited by mrstarc
spell missing
Link to post
Share on other sites
  • Moderators
Posted (edited)

@mrstarc You post a PowerShell script, in the Windows Server section of an AutoIt forum, and wonder why you're not getting flooded with responses? Have you tried, oh, I don't know, a PowerShell forum?

That said, perhaps it would be easier for you to spot your own issue if you weren't doing absolutely zero error checking.  How are you confirming that your objects are created? What feedback are you gathering from each pass through your For Loop?

Edited by JLogan3o13

"Profanity is the last vestige of the feeble mind. For the man who cannot express himself forcibly through intellect must do so through shock and awe" - Spencer W. Kimball

How to get your question answered on this forum!

Link to post
Share on other sites
4 hours ago, mrstarc said:

no response from anyone

Here is an abbreviated example (quick & dirty), which I copied from one of my scripts. It may or may not give you an impression regarding the AutoIt syntax.

; Just a code fragment to illustrate the syntax :

; [...]

Func _WINSrvcUserAddACL($sWINSrvcUser, $sDataDir)
    Local $bAddACLOk = False
    Local $iRetValue = 0      ; Returnvalue RunWait

    ; Grants a Windows-Service-User (here : $sWINSrvcUser) Full access to the directory
    ; $sDataDir with inheritance to the subdirectories :
    $iRetValue = RunWait(@COMSPEC & ' /c ' & 'ICACLS "' & $sDataDir & '"' & _
                        ' /T /C' & _
                        ' /grant:r "' & $sWINSrvcUser & '"' & _
                        ':(OI)(CI)(F)', "", @SW_HIDE)
    If @error Then
        $bAddACLOk = False
        ConsoleWrite("! ERROR calling ICACLS" & @CRLF)
    Else
        Switch $iRetValue
            Case 0
                $bAddACLOk = True
                ConsoleWrite("ICACLS successful" & @CRLF)
            Case Else
                $bAddACLOk = False
                ConsoleWrite("ICACLS failed - ExitCode = " & $iRetValue & @CRLF)
        EndSwitch
    EndIf

    Return $bAddACLOk
EndFunc ;==>_WINSrvcUserAddACL

By the way : AutoIt can also run PowerShell scripts - just do a Google search for it.

Musashi-C64.png

"In the beginning the Universe was created. This has made a lot of people very angry and been widely regarded as a bad move."

Link to post
Share on other sites
On 7/14/2021 at 9:03 PM, Musashi said:

Here is an abbreviated example (quick & dirty), which I copied from one of my scripts. It may or may not give you an impression regarding the AutoIt syntax.

; Just a code fragment to illustrate the syntax :

; [...]

Func _WINSrvcUserAddACL($sWINSrvcUser, $sDataDir)
    Local $bAddACLOk = False
    Local $iRetValue = 0      ; Returnvalue RunWait

    ; Grants a Windows-Service-User (here : $sWINSrvcUser) Full access to the directory
    ; $sDataDir with inheritance to the subdirectories :
    $iRetValue = RunWait(@COMSPEC & ' /c ' & 'ICACLS "' & $sDataDir & '"' & _
                        ' /T /C' & _
                        ' /grant:r "' & $sWINSrvcUser & '"' & _
                        ':(OI)(CI)(F)', "", @SW_HIDE)
    If @error Then
        $bAddACLOk = False
        ConsoleWrite("! ERROR calling ICACLS" & @CRLF)
    Else
        Switch $iRetValue
            Case 0
                $bAddACLOk = True
                ConsoleWrite("ICACLS successful" & @CRLF)
            Case Else
                $bAddACLOk = False
                ConsoleWrite("ICACLS failed - ExitCode = " & $iRetValue & @CRLF)
        EndSwitch
    EndIf [url=https://yourexercisebike.com/]best spin bike reviews[/url]

    Return $bAddACLOk
EndFunc ;==>_WINSrvcUserAddACL

By the way : AutoIt can also run PowerShell scripts - just do a Google search for it.

thanks now i get my solution

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...