Tag Archives: Permissions

I am currently working on a script similar to the Mass import of users in Active Direcory post I published earlier (as promised 🙂 ). In the new script I wanted to only use powershell, so I had to find a way to set ntfs permissions using powershell. After all, the cacls way is pretty outdated. After some googling I came up with a rather extensive script, it is a little more complicated than I wanted but here goes: $acl = Get-Acl c:test $acl.SetAccessRuleProtection($True, $False) $rule = New-Object System.Security.AccessControl.FileSystemAccessRule(“Administrators”,”FullControl”, “ContainerInherit, ObjectInherit”, “None”, “Allow”) $acl.AddAccessRule($rule) (“SYSTEM”,”FullControl”, “ContainerInherit, ObjectInherit”, “None”, “Allow”) $acl.AddAccessRule($rule) $rule = New-Object System.Security.AccessControl.FileSystemAccessRule(“testuser”,”FullControl”, “ContainerInherit, ObjectInherit”, “None”, “Allow”) $acl.AddAccessRule($rule) $rule = New-Object System.Security.AccessControl.FileSystemAccessRule(“Users”,”Read”, “ContainerInherit, ObjectInherit”, “None”, “Allow”) $acl.AddAccessRule($rule) Set-Acl c:test $acl Get-Acl c:test | format-list What it does it set the default permissions (in win7) that are inherited, in addition to full controll for “testuser”, on the folder c:test. You…

Read more

If you have some sort of 3rd-party application that needs access to all of your mailboxes, it can be a pain to set the permissions on all of your mailboxes. Except if you use this nice little powershell command: Get-Mailbox -ResultSize unlimited | Add-MailboxPermission -User admin -AccessRights FullAccess -InheritanceType all What this command will do is to add Full mailbox access to every mailbox in your Exchange organization for the user admin. You can of course change the -AccessRights  setting to your liking, e.g. SendAs. You can also narrow down the number of mailboxes affected by changing the search parameter after Get-Mailbox For example if you only want to set SendAs permission on a mailboxes in a specific OU for the user admin: get-mailbox -OrganizationalUnit domain.local/ou/Users/ | Add-MailboxPermission -User admin -AccessRights SendAs -InheritanceType all