Wednesday, March 24, 2021

SET USERS AD HOME DIRECTORIES READ ONLY

 

  SET USERS AD HOME DIRECTORIES READ ONLY

Lets assume you are going to do a migration for users home drives to O365 One Drive for business. Par t of your migration you plan to lift user data to cloud then you need to configure users local network home directorates read only for some time. The idea is to make sure after data migration, users can no longer manipulate their local network home directories. Reason you want to frustrate them to move away using network drives and start using ODFB for day-to-day work load. The script I wrote is just going to do that. While user has read only access to their network drives, they can copy and paste anything they like to their desktop and once this is done they will have full NTFS access.

Use the script as you like and make sure it fits into your needs. You may need to adjust few lines and if you need help drop me a message, will be happy to assist.

 

 

 

 

 

<#   

 

.NOTES

#------------------------------------------------------

# Script      : Set-ADUSER-ACL-READ-ONLY-ACCESS_V1.ps1

# Created     : ISE 3.0

# Author(s)   : (Casey.Dedeal)

# Date        : 03/24/2021 21:25:18

# Org         : CloudSec365

# File Name   : Set-ADUSER-ACL-READ-ONLY-ACCESS_V1.ps1

# Comments    : None

# Assumptions : None

#------------------------------------------------------

 

 

.SYNOPSIS     : Set-ADUSER-ACL-READ-ONLY-ACCESS_V1.ps1

.DESCRIPTION  : Following script,

.License      : Open license

.Limitations  : None

.Known issues : None

.Credits      : (Casey.Dedeal)

.Blog         : https://simplepowershell.blogspot.com

.Blog         : https://msazure365.blogspot.com

.Blog         : https://cloudsec365.blogspot.com

.Twitter      : https://twitter.com/Message_Talk

                         

 

.EXAMPLE

 

  .\Set-ADUSER-ACL-READ-ONLY-ACCESS_V1.ps1

 

 

.MAP:

-----------

 

 #(1)_.Adding log Vars

 #(2)_.Adding Functions

 #(3)_.Create Report Folder

 #(4)-.Get User Name

 #(5)_.Check AD user

 #(6)_.Run ACL Change

 

-----------

 

   #>

 

 

 

#(1)_.Adding log Vars

$repname   = 'ACL-NTFS-RED-ONLY-REPORT'

    if(!($repname)){

 

    $repname    = 'DEFAULT-ACL-REPORT'}

    $ACLRep    = $RepServer+'-ACL-REPORT'

    $RepServer = $env:COMPUTERNAME

    $logname   = $Repname+'-Log.TXT'

    $csvname1  = $Repname+'-Log.CSV'

    $csvname2  = $Repname+'-PROG.CSV'

    $csvname3  = $ACLRep+'-NTFS-Log.CSV'

    $traname   = $Repname+'-Transcript.LOG'

    $pname     = $rname+'-PROCESS-LogFile.CSV'

    $now       = (get-Date -format 'dd-MMM-yyyy-HH-mm-ss-tt-')

    $user      = $env:USERNAME

    $desFol    = ("C:\temp\Reports_\$repname\")

    $logfile   = $desFol+$now+$logname

    $csvfile1  = $desFol+$now+$csvname1

    $csvfile2  = $desFol+$now+$csvname2

    $csvfile3  = $desFol+$now+$csvname3

    $scrfile   = $desFol+$now+$traname

 

#(2)_.Adding Functions

  function Function-create-ReportFolder{

 

  [CmdletBinding()]

 

  param(

 

    [parameter(

 

     Mandatory = $true,

     ValueFromPipeline = $true)]

     [string]$ReportPath)

Try{

 

if (!(Test-Path -Path $ReportPath))

 

{

 

  New-Item -Type Directory -Path $ReportPath -ErrorAction Stop | Out-Null

 

    }

 

}catch{

 

 

    $errormessage = $($PSItem.ToString())

    Write-Warning 'Error has occoured'

    Write-host 'Problem FOUND:' $errormessage -ForegroundColor Red -BackgroundColor Black

 

    }

 

}

  function Write-Log2 {

 

     [CmdletBinding()]

 

     param(

 

         [Parameter()]

 

         [ValidateNotNullOrEmpty()]

 

         [string]$Count,

 

         [string]$User,

 

         [string]$Message,

 

         [String]$Progress,

 

         [String]$FailedUSER,

 

 

 

         [Parameter()]

 

         [ValidateNotNullOrEmpty()]

 

         [ValidateSet('Information','Warning','Error','Progress','Completed','Failed','FailedUSER','DoesNotExist','Progress')]

 

         [string]$Severity = 'Information'

 

     )

 

   

 

       [pscustomobject]@{

 

         Time     = (Get-Date -f g)

 

         Progress = $Progress

 

         Count  = $Count

 

         User = $User

 

         Message  = $Message

 

         Severity = $Severity

 

         FailedUSER = $FailedUSER

 

     

 

     } | Export-Csv -Path $csvfile3 -Append -NoTypeInformation

 

}

  function Set-ADUSER-ACL-READ-ONLY-ACCESS {

 

param (

 

[parameter(Mandatory=$true)]

[ValidateNotNullOrEmpty()]$UserName

 

)

 

try {

 

#(2)_.Add Access control vars

$Rights   = 'Read,ReadAndExecute,ListDirectory'          

$InhSets  = 'Containerinherit,ObjectInherit'

$ProtSets = 'None'

$RuleType = 'Allow'

 

#(13.1)_.Start constructing/combining access control vars

 

$domain   = "$env:USERDNSDOMAIN\"

$AddUser  = $domain+$userName

$path     = $user.homeDirectory

 

 

#(13.2)_.Start constructing system messages

 

$message1 = "(-)_.SCANNING:($userName)"

$message2 = "(a)_.Applying ACL-NTFS FULL Rights"

$message3 = "(b)_.Permissions modified:($Rights)"

$message4 = "(c)_.File Share:($UserDIRECTORY)"

$message5 = "(e)_.VERIFYING ACL changes"

$message6 = "(f)_.ACL has been updated succesfully"

$message7 = "(f)_.ACL updates has failed"

$gmessage = '(d)_.Completed'

 

 

 

#(13.3)_.Start getting ADUser data here

$userInfo = Get-ADUser -Identity $UserName -Properties * -ErrorAction Stop | `

            Select  SamAccountName,mail,HomeDirectory,HomeDrive

 

   

 

#(13.4)_.Construct User HomeDirectory into new var

    $UserDIRECTORY = ($userInfo).HomeDirectory

    $mess1 = "$userName Home Directory is NOT Configured"

    if ( $UserDIRECTORY -like $null ){

     write-host $mess1

     Write-Log2 -Message $mess1 -Severity Warning

 

     }

 

#(13.5)_.Capture existing NTFS rights

 

$acl  = Get-Acl $UserDIRECTORY -ErrorAction Stop

$perm = $AddUser,$Rights,$InhSets,$ProtSets,$RuleType

$rule = New-Object -TypeName System.Security.AccessControl.FileSystemAccessRule -ArgumentList $perm

$acl.SetAccessRule($rule)

 

 

#(13.6)_.Construct system messages

write-host '----------------------------------------------------------------' -ForegroundColor white

write-host 'Start Time:' -NoNewline;Function-Get-TimeStamp

write-Host "($i)_.Processing:$UserName"  -ForegroundColor DarkYellow

Write-Host 'ACL Permissions Summary:User home directory will be SET READ ONLY ACCESS' -ForegroundColor White

Write-host "`t(1)_.User Name      :$addUser"

Write-host "`t(2)_.Permissions    :$Rights"

Write-host "`t(3)_.HomeDirectory  :$UserDIRECTORY"

 

 

#(13.8)_.Perform ACL change and write to logs

Write-Host  $message1  -ForegroundColor Cyan

Write-Host "`t$message2" -ForegroundColor White

Write-Host "`t$message3" -ForegroundColor White

Write-Host "`t$message4" -ForegroundColor White

 

Write-Log2 -Message $message1 -Severity Information

Write-Log2 -Message $message2 -Severity Information

Write-Log2 -Message $message3 -Severity Information

Write-Log2 -Message $message4 -Severity Information

 

 

#(13.9)_.Setting ACL now

$acl | Set-Acl -Path $UserDIRECTORY -verbose -ErrorAction Stop

Write-Host  "`t$gmessage"  -ForegroundColor White

Write-Log2 -Message $gmessage -Severity Information

Write-Log2 -Message $UserName -Severity Completed

 

 

#(13.10)_.Start collecting changed ACL, perform verification

 

Write-Host  "`t$message5"  -ForegroundColor White

Write-Log2 -Message $message5 -Severity Information

 

$acl   = Get-Acl $UserDIRECTORY -ErrorAction Stop

$rules = $acl.Access |  ? IsInherited -eq $false          

$check = ($rules.IdentityReference).Value

 

 

#(13.11)_.VERIFY the ACL changes now; errors will be captured PSitem object if they accour , write results to log

 

if($check -contains $AddUser){

 

  #(13.12)_.Provide Verify work status/Success

  write-host "`t$message6" -ForegroundColor White

  Write-host 'END Time:' -NoNewlineFunction-Get-TimeStamp

  Write-Log2 -Message $message6 -Severity Information

 

}else{

 

 

#(13.13)_.Failed to complete ACl update,write results/log

Write-host "`t$message7" -ForegroundColor DarkYellow

Write-host 'END Time:' -NoNewlineFunction-Get-TimeStamp

Write-Log2 -Message $message7 -Severity Error

      }

 

   }

 

catch { 

 

  $Error1 = $($PSItem.ToString())

  $Error2 = $($PSItem.Exception.Message)

  Write-Warning 'ERROR has occoured'

  Write-host 'PROBLEM FOUND'  $Error1 -ForegroundColor red -BackgroundColor Black

  Write-Log2 -Message $Error1 -Severity Error

  Write-Log2 -Message $Error2 -Severity Error

 

      }

}

  function Function-Check-AD-User {

 

    [CmdletBinding()]

    Param(

        [Parameter(ValueFromPipeline=$true)]

        [String]$UserName

    )

 

   $User = $(try {Get-ADUser $UserNamecatch {$null})

If ($User -ne $Null){

 

 write-host "Located USER:$UserName" -ForegroundColor Green

 

Else {

 

Write-host "NOT FOUND USER:$UserName" -ForegroundColor Cyan

Write-host 'Script will STOP'

break;

 

    }

 

}

 

#(3)_.Create Report Folder

function-create-ReportFolder -ReportPath $desFol

 

#(4)-.Get User Name

$userName = Read-host 'Provide User Name'

 

#(5)_.Check AD user

Function-Check-AD-User -UserName $userName

 

#(6)_.Run ACL Change

Set-ADUSER-ACL-READ-ONLY-ACCESS -UserName $userName 

 

 

Azure Solutions Architect
AWS Certified Cloud Practitioner
Azure Certified Security Engineer Associate
https://simplepowershell.blogspot.com
https://cloudsec365.blogspot.com
https://msazure365.blogspot.com
https://twitter.com/Message_Talk



30 comments:

David said...

It a quite an in-depth article, really helpful. For your section "TROUBLESHOOTING LINKS."
During my search here, I found another tool.
Here is the link
dnschecker.org/smtp-test-tool
The best part of that tool is the links to the SMTP configuration instructions of different top Email service providers. On that website, you will also get links to the tools related to DNS, IP, Email, and much more.
I think that will be pretty helpful for your readers.

ipsteel said...

Nice article thanks for sharing.

Packers And Movers Delhi said...

Get Shifting/Relocation Quotation from ###Packers and Movers Delhi. Packers and Movers Delhi 100% Affordable and Reliable ***Household Shifting Services. Compare Transportation Charges and Save Time, Verified and Trusted Packers and Movers in Delhi, Cheap and Safe Local, Domestic House Shifting @ Packers And Movers Delhi

Anonymous said...

Thanks for sharing the important and awesome information, Thank you. How To Open Zerodha Account Opening Online , Zerodha Account Opening

Packers And Movers kolkata said...

Packers and Movers Kolkata
Packers And Movers Kolkata to Bangalore
Packers And Movers Kolkata to Ahmedabad
Packers And Movers Kolkata to jaipur
Packers And Movers Kolkata to Lucknow

Anonymous said...

Your post was very nicely written, Thank you. Franchise Opportunities

Packers And Movers Bangalore said...

Packers and Movers Bangalore as a Services providing company can make all the difference to your ###Home Relocation experience. Bangalore based Company which offers versatile solutions, Right team that easily reduce the stress associated with a ✔✔✔Household Shifting, ***Vehicle Transportation. we help things run smoothly and reduce breakages and offer you seamless, Affordable, Reliable Shifting Services, Compare Shifting Charges. @ Packers And Movers Bangalore

Packers And Movers Ahmedabad said...

Packers and Movers Ahmedabad - We Provide ***Best Service Providers, Safe, Reliable, Affordable, Trusted ###Movers and Packers in Ahmedabad List, Household Shifting, Office Relocation: Choose Top Verified Packers and Movers Ahmedabad Compare ✔✔✔Shifting Service Chrages, Price Quotation, Rate List Charts and Save Money and Time @ Packers and Movers Ahmedabad

Packers and Movers Jaipur said...

Get Packers and Movers Jaipur List of Top Reliable, 100% Affordable, Verified and Secured Service Provider. Get Free ###Packers and Movers Jaipur Price Quotation instantly and Save Cost and Time. Packers and Movers Jaipur ✔✔✔Reviews and Compare Charges for household Shifting, Home/Office Relocation, ***Car Transportation, Pet Relocation, Bike SHifting @ Packers And Movers Jaipur

Hussain Ahmad said...

I was more than happy to uncover this great site. I need to thank you for your time due to this fantastic read!!
I definitely enjoyed every bit of it and I have you bookmarked to see new information on your blog.
WordPress Chat Plugin

Hussain Ahmad said...

I was more than happy to uncover this great site. I need to thank you for your time due to this fantastic read!!
I definitely enjoyed every bit of it and I have you bookmarked to see new information on your blog.
humidifier dehumidifier combo

cloudminister said...

Wow what a great blog, i really enjoyed reading this, good luck in your work. Data Center In Jaipur

Charlie Oscar said...

Için buraya tiklayin - Evden Eve Nakliyat

Raul Sandoval said...


This is awesome!! I’ve always enjoyed reading your blog.

prenuptial and postnuptial agreement in austin, texas
protective Order in austin, texas

Hussain Ahmad said...

I was more than happy to uncover this great site. I need to thank you for your time due to this fantastic read!!
I definitely enjoyed every bit of it and I have you bookmarked to see new information on your blog.
WordPress Chat Plugin

rajani kota said...

This is a good post. Keep posting.
DevOps Training
DevOps Online Training

cloudminister said...
This comment has been removed by the author.
rent a trailer Dubai said...

Are you looking for a Trailers rental in Dubai, UAE? We provide the best trailers to transport heavy construction materials anywhere in the UAE. Get Heavy Trailer Truck for Rent in UAE, Trailer Rental Dubai, Trailer for Rent in Sharjah, Trailer Truck for Rent.

Trailer Rental Abu Dhabi said...

We are a Trailers rental companies in Abu Dhabi. Get comfortable trucks, trailers for cheap rental in Abu Dhabi. We offer private and business clients a scope of top-quality trailers for short or long haul employ. We are Providing Best Trailer Rentals in Abu Dhabi.

Trailer for rent in Sharjah said...

Trailer for rent in Sharjah . We are providing Transportation services with (40ft) Flatbed Trailers and Trucks throughout the UAE, 24/7 hours. We are a Trailers rental companies in Sharjah. Get comfortable trucks and trailers for cheap rental service.

Apartment Painting Services Dubai said...

Apartment Painting Dubai is the best painting company in Dubai. We offer you flawless wall painting services in Dubai. We give a perfect finish to the interior and exterior. Our PROFESSIONAL Painters in Dubai offers home and villa painting services for 10+ years. Affordable Wall Painting Services by Expert Painters in Dubai for house painting solution in Dubai, villa painting Dubai,
apartment painting Dubai.

furniture movers Dubai said...

We are the professional furniture packers furniture packers and movers in Dubai. Providing Cheapest Movers Service, Reliable and Hassle-free Service. We are expert and professional in packing and moving your office furniture in Dubai. Our office move action plans are carefully drawn up to minimize the loss or damages of your office furniture.

Villa movers and Packers in Dubai said...

Villa Movers and Packers Dubai Our team can help you with packing, unpacking, loading, and unloading of your belongings. We are Best Movers and Packers in Dubai, Moving Companies, Villa Movers in Dubai, Local Movers in Dubai. Best Dubai movers and packers for office, house, villa shifting and storage in Dubai. As a leading packers and movers in Dubai, we are a 'one-stop-shop' for all your office relocation needs.

DevOps said...

Thanks for sharing.Very interesting blog.
DevOps Training
DevOps Online Training

Ranjith said...

Great Content. It will useful for knowledge seekers. Keep sharing your knowledge through this kind of article.
Azure Training in Chennai
Microsoft Azure Training in Chennai

Packing and Moving Company said...

This is what I get on that page, Nice Post and Appreciated your support. Thank you so much for sharing such a detailed information. We are proud that clients hold against using our moving company.
Furniture Movers and packers like www.servicebasketuae.com/movers-and-packers-in-dubai.html ​make their best handling to secure the goods from all the possible effects.
www.allieddubaimovers.com

Movers Packers Dubai Sharjah Ajman said...

Thanks you
100% Guaranteed Services
We can provide the Fast and reliable 100% Guaranteed Services within the agreement. Our work will be satisfied to you.Movers and Packers in Dubai Movers and Packers in DubaiMovers and Packers in Dubai

Unknown said...


Perfect Blog. More informative I love it. Readable and valueable. keep up the good stuff like this.
Thank You.
If any one need Website hosting services

then contact us

Dubai Movers and Packers Best Moving Company LLC said...

Thanks you so much Experts blog writer I like it and same as one of our blog like Movers and Packers in Dubai

Movers and Packers in Dubai

House Movers and Packers in Dubai
Movers and Packers in Dubai

ol said...

Nice post. I was checking this blog and I'm impressed! Extremely useful information. Thank you and keep up the good work. I recommend online dissertation writing services I think you do not regret visiting and using this service!