1

I have a persmissions problem, on our Fileserver, where the NTFS Owner was not copied correctly, these are Citrix UPM Profiles, I found a script, for this but it does not work recursivly:

    $Path = "\\fs01\profiles$\"

 cls

 $Log = "C:\setowner.log"
 Add-Content -Value "$(Get-Date): Script begins" -Path $Log
 Add-Content -Value "$(Get-Date): Processing folder: $Path" -Path $Log

 $Dirs = Get-ChildItem -Path "$Path\*" -recurse | Where { $_.PSisContainer }
 $UserError = @()
 ForEach ($Dir in $Dirs) 
 { $User = Split-Path $Dir.Fullname -Leaf 
 Try 
 { Add-Content -Value "$(Get-Date): Testing $($User): $($Dir.Fullname)" -Path $Log 

 $Test = Get-ADUser $User -ErrorAction Stop 
 $ACL = Get-Acl $Dir -ErrorAction Stop 

 #Set owner to user 
 $ACL.SetOwner([System.Security.Principal.NTAccount]$User) 
 Set-Acl -path $Dir -AclObject $ACL -ErrorAction Stop 
 Add-Content -Value "$(Get-Date): Owner $User set successfully" -Path $Log 
 } 
 Catch 
 { Add-Content -Value "$(Get-Date): Unable to process $($Dir.Fullname) because $($Error[0])" -Path $Log 
 }
 } 
 Add-Content -Value "$(Get-Date): Script completed" -Path $Log

I set the "-recurse in Line 9, but of course this does not work, as the script will try to set the owner to the deepest folder, for example: \fs01\profiles$\username\citrix\folderxyz -> The Script will try to set the owner to "folderxyz" but it should set it to "username".

It should be in Lines 12-14:

{ $User = Split-Path $Dir.Fullname -Leaf 
 Try 
 { Add-Content -Value "$(Get-Date): Testing $($User): $($Dir.Fullname)" -Path $Log

I do not know, how I could accomplish my goal, and I didnt find anything about this... I hope someone can help... Thank you!

sn976020
  • 21
  • 1
  • 4

2 Answers2

1

I found a solution for my problem, not really any automation, but it worked...

I used the Software Set-ACL Studio, I could see the owner of the folder with one click and reset the owner for all child items, this worked perfectly, of course it was a lot of clicking around, and took me about ~30 Minutes, but the problem is solved now...

Download Set-Acl Studio: https://helgeklein.com/download/

Documentation Set-Acl Studio: https://helgeklein.com/setacl-studio/

Thank you!

sn976020
  • 21
  • 1
  • 4
0

Why do you get the ADUser and don't use it?

You'll need an enclosing forEach iteratng the the profile folders.

Untested:

$Path = "\\fs01\profiles$\"
$Log  = "C:\setowner.log"

Add-Content -Value "$(Get-Date): Script begins" -Path $Log
Add-Content -Value "$(Get-Date): Processing folder: $Path" -Path $Log


ForEach ($UserProfile in (Get-ChildItem -Path "$Path\*"|Where {$_.PSisContainer })){
    $ADUser = Get-ADUser $UserProfile.Name -ErrorAction Stop 

    ForEach ($Dir in (Get-ChildItem -Path $USerProfile.FullName -recurse|Where {$_.PSisContainer})) { 
        Try { 
            Add-Content -Value "$(Get-Date): Testing $($User): $($Dir.Fullname)" -Path $Log 

            $ACL = Get-Acl $Dir -ErrorAction Stop 

            #Set owner to user 
            $ACL.SetOwner([System.Security.Principal.NTAccount]$ADUser) 
            Set-Acl -path $Dir -AclObject $ACL -ErrorAction Stop 
            Add-Content -Value "$(Get-Date): Owner $User set successfully" -Path $Log 
        } catch { 
            Add-Content -Value "$(Get-Date): Unable to process $($Dir.Fullname) because $($Error[0])" -Path $Log 
        }
    }
}   
Add-Content -Value "$(Get-Date): Script completed" -Path $Log

You may need to add another try catch for getting the ADUser.

LotPings
  • 1,015
  • 7
  • 12
  • Thank you, just for info there was a ) missing in the first foreach (line 8), after I added that, it "worked" but it did nothing, it didnt even change the owner of the "top level" Folder, which the version I posted does... do you know how this could be? I am not a Powershell Pro by any means, I got this Script of some other forum post, and modified it a bit... – sn976020 Aug 13 '18 at 14:25
  • At present not in rerach of an AD, so I can't test. – LotPings Aug 13 '18 at 14:31
  • as posted below, i solved the problem now with a diffrent aproach using the Software Set-Acl Studio, thank you anyways! – sn976020 Aug 14 '18 at 10:55