Wednesday, March 24, 2021

SET USERS AD HOME DIRECTORIES READ ONLY

 

  SET USERS AD HOME DIRECTORIES READ ONLY

Lets assume you are going to do a migration for users home drives to O365 One Drive for business. Par t of your migration you plan to lift user data to cloud then you need to configure users local network home directorates read only for some time. The idea is to make sure after data migration, users can no longer manipulate their local network home directories. Reason you want to frustrate them to move away using network drives and start using ODFB for day-to-day work load. The script I wrote is just going to do that. While user has read only access to their network drives, they can copy and paste anything they like to their desktop and once this is done they will have full NTFS access.

Use the script as you like and make sure it fits into your needs. You may need to adjust few lines and if you need help drop me a message, will be happy to assist.

 

 

 

 

 

<#   

 

.NOTES

#------------------------------------------------------

# Script      : Set-ADUSER-ACL-READ-ONLY-ACCESS_V1.ps1

# Created     : ISE 3.0

# Author(s)   : (Casey.Dedeal)

# Date        : 03/24/2021 21:25:18

# Org         : CloudSec365

# File Name   : Set-ADUSER-ACL-READ-ONLY-ACCESS_V1.ps1

# Comments    : None

# Assumptions : None

#------------------------------------------------------

 

 

.SYNOPSIS     : Set-ADUSER-ACL-READ-ONLY-ACCESS_V1.ps1

.DESCRIPTION  : Following script,

.License      : Open license

.Limitations  : None

.Known issues : None

.Credits      : (Casey.Dedeal)

.Blog         : https://simplepowershell.blogspot.com

.Blog         : https://msazure365.blogspot.com

.Blog         : https://cloudsec365.blogspot.com

.Twitter      : https://twitter.com/Message_Talk

                         

 

.EXAMPLE

 

  .\Set-ADUSER-ACL-READ-ONLY-ACCESS_V1.ps1

 

 

.MAP:

-----------

 

 #(1)_.Adding log Vars

 #(2)_.Adding Functions

 #(3)_.Create Report Folder

 #(4)-.Get User Name

 #(5)_.Check AD user

 #(6)_.Run ACL Change

 

-----------

 

   #>

 

 

 

#(1)_.Adding log Vars

$repname   = 'ACL-NTFS-RED-ONLY-REPORT'

    if(!($repname)){

 

    $repname    = 'DEFAULT-ACL-REPORT'}

    $ACLRep    = $RepServer+'-ACL-REPORT'

    $RepServer = $env:COMPUTERNAME

    $logname   = $Repname+'-Log.TXT'

    $csvname1  = $Repname+'-Log.CSV'

    $csvname2  = $Repname+'-PROG.CSV'

    $csvname3  = $ACLRep+'-NTFS-Log.CSV'

    $traname   = $Repname+'-Transcript.LOG'

    $pname     = $rname+'-PROCESS-LogFile.CSV'

    $now       = (get-Date -format 'dd-MMM-yyyy-HH-mm-ss-tt-')

    $user      = $env:USERNAME

    $desFol    = ("C:\temp\Reports_\$repname\")

    $logfile   = $desFol+$now+$logname

    $csvfile1  = $desFol+$now+$csvname1

    $csvfile2  = $desFol+$now+$csvname2

    $csvfile3  = $desFol+$now+$csvname3

    $scrfile   = $desFol+$now+$traname

 

#(2)_.Adding Functions

  function Function-create-ReportFolder{

 

  [CmdletBinding()]

 

  param(

 

    [parameter(

 

     Mandatory = $true,

     ValueFromPipeline = $true)]

     [string]$ReportPath)

Try{

 

if (!(Test-Path -Path $ReportPath))

 

{

 

  New-Item -Type Directory -Path $ReportPath -ErrorAction Stop | Out-Null

 

    }

 

}catch{

 

 

    $errormessage = $($PSItem.ToString())

    Write-Warning 'Error has occoured'

    Write-host 'Problem FOUND:' $errormessage -ForegroundColor Red -BackgroundColor Black

 

    }

 

}

  function Write-Log2 {

 

     [CmdletBinding()]

 

     param(

 

         [Parameter()]

 

         [ValidateNotNullOrEmpty()]

 

         [string]$Count,

 

         [string]$User,

 

         [string]$Message,

 

         [String]$Progress,

 

         [String]$FailedUSER,

 

 

 

         [Parameter()]

 

         [ValidateNotNullOrEmpty()]

 

         [ValidateSet('Information','Warning','Error','Progress','Completed','Failed','FailedUSER','DoesNotExist','Progress')]

 

         [string]$Severity = 'Information'

 

     )

 

   

 

       [pscustomobject]@{

 

         Time     = (Get-Date -f g)

 

         Progress = $Progress

 

         Count  = $Count

 

         User = $User

 

         Message  = $Message

 

         Severity = $Severity

 

         FailedUSER = $FailedUSER

 

     

 

     } | Export-Csv -Path $csvfile3 -Append -NoTypeInformation

 

}

  function Set-ADUSER-ACL-READ-ONLY-ACCESS {

 

param (

 

[parameter(Mandatory=$true)]

[ValidateNotNullOrEmpty()]$UserName

 

)

 

try {

 

#(2)_.Add Access control vars

$Rights   = 'Read,ReadAndExecute,ListDirectory'          

$InhSets  = 'Containerinherit,ObjectInherit'

$ProtSets = 'None'

$RuleType = 'Allow'

 

#(13.1)_.Start constructing/combining access control vars

 

$domain   = "$env:USERDNSDOMAIN\"

$AddUser  = $domain+$userName

$path     = $user.homeDirectory

 

 

#(13.2)_.Start constructing system messages

 

$message1 = "(-)_.SCANNING:($userName)"

$message2 = "(a)_.Applying ACL-NTFS FULL Rights"

$message3 = "(b)_.Permissions modified:($Rights)"

$message4 = "(c)_.File Share:($UserDIRECTORY)"

$message5 = "(e)_.VERIFYING ACL changes"

$message6 = "(f)_.ACL has been updated succesfully"

$message7 = "(f)_.ACL updates has failed"

$gmessage = '(d)_.Completed'

 

 

 

#(13.3)_.Start getting ADUser data here

$userInfo = Get-ADUser -Identity $UserName -Properties * -ErrorAction Stop | `

            Select  SamAccountName,mail,HomeDirectory,HomeDrive

 

   

 

#(13.4)_.Construct User HomeDirectory into new var

    $UserDIRECTORY = ($userInfo).HomeDirectory

    $mess1 = "$userName Home Directory is NOT Configured"

    if ( $UserDIRECTORY -like $null ){

     write-host $mess1

     Write-Log2 -Message $mess1 -Severity Warning

 

     }

 

#(13.5)_.Capture existing NTFS rights

 

$acl  = Get-Acl $UserDIRECTORY -ErrorAction Stop

$perm = $AddUser,$Rights,$InhSets,$ProtSets,$RuleType

$rule = New-Object -TypeName System.Security.AccessControl.FileSystemAccessRule -ArgumentList $perm

$acl.SetAccessRule($rule)

 

 

#(13.6)_.Construct system messages

write-host '----------------------------------------------------------------' -ForegroundColor white

write-host 'Start Time:' -NoNewline;Function-Get-TimeStamp

write-Host "($i)_.Processing:$UserName"  -ForegroundColor DarkYellow

Write-Host 'ACL Permissions Summary:User home directory will be SET READ ONLY ACCESS' -ForegroundColor White

Write-host "`t(1)_.User Name      :$addUser"

Write-host "`t(2)_.Permissions    :$Rights"

Write-host "`t(3)_.HomeDirectory  :$UserDIRECTORY"

 

 

#(13.8)_.Perform ACL change and write to logs

Write-Host  $message1  -ForegroundColor Cyan

Write-Host "`t$message2" -ForegroundColor White

Write-Host "`t$message3" -ForegroundColor White

Write-Host "`t$message4" -ForegroundColor White

 

Write-Log2 -Message $message1 -Severity Information

Write-Log2 -Message $message2 -Severity Information

Write-Log2 -Message $message3 -Severity Information

Write-Log2 -Message $message4 -Severity Information

 

 

#(13.9)_.Setting ACL now

$acl | Set-Acl -Path $UserDIRECTORY -verbose -ErrorAction Stop

Write-Host  "`t$gmessage"  -ForegroundColor White

Write-Log2 -Message $gmessage -Severity Information

Write-Log2 -Message $UserName -Severity Completed

 

 

#(13.10)_.Start collecting changed ACL, perform verification

 

Write-Host  "`t$message5"  -ForegroundColor White

Write-Log2 -Message $message5 -Severity Information

 

$acl   = Get-Acl $UserDIRECTORY -ErrorAction Stop

$rules = $acl.Access |  ? IsInherited -eq $false          

$check = ($rules.IdentityReference).Value

 

 

#(13.11)_.VERIFY the ACL changes now; errors will be captured PSitem object if they accour , write results to log

 

if($check -contains $AddUser){

 

  #(13.12)_.Provide Verify work status/Success

  write-host "`t$message6" -ForegroundColor White

  Write-host 'END Time:' -NoNewlineFunction-Get-TimeStamp

  Write-Log2 -Message $message6 -Severity Information

 

}else{

 

 

#(13.13)_.Failed to complete ACl update,write results/log

Write-host "`t$message7" -ForegroundColor DarkYellow

Write-host 'END Time:' -NoNewlineFunction-Get-TimeStamp

Write-Log2 -Message $message7 -Severity Error

      }

 

   }

 

catch { 

 

  $Error1 = $($PSItem.ToString())

  $Error2 = $($PSItem.Exception.Message)

  Write-Warning 'ERROR has occoured'

  Write-host 'PROBLEM FOUND'  $Error1 -ForegroundColor red -BackgroundColor Black

  Write-Log2 -Message $Error1 -Severity Error

  Write-Log2 -Message $Error2 -Severity Error

 

      }

}

  function Function-Check-AD-User {

 

    [CmdletBinding()]

    Param(

        [Parameter(ValueFromPipeline=$true)]

        [String]$UserName

    )

 

   $User = $(try {Get-ADUser $UserNamecatch {$null})

If ($User -ne $Null){

 

 write-host "Located USER:$UserName" -ForegroundColor Green

 

Else {

 

Write-host "NOT FOUND USER:$UserName" -ForegroundColor Cyan

Write-host 'Script will STOP'

break;

 

    }

 

}

 

#(3)_.Create Report Folder

function-create-ReportFolder -ReportPath $desFol

 

#(4)-.Get User Name

$userName = Read-host 'Provide User Name'

 

#(5)_.Check AD user

Function-Check-AD-User -UserName $userName

 

#(6)_.Run ACL Change

Set-ADUSER-ACL-READ-ONLY-ACCESS -UserName $userName 

 

 

Azure Solutions Architect
AWS Certified Cloud Practitioner
Azure Certified Security Engineer Associate
https://simplepowershell.blogspot.com
https://cloudsec365.blogspot.com
https://msazure365.blogspot.com
https://twitter.com/Message_Talk



58 comments:

David said...

It a quite an in-depth article, really helpful. For your section "TROUBLESHOOTING LINKS."
During my search here, I found another tool.
Here is the link
dnschecker.org/smtp-test-tool
The best part of that tool is the links to the SMTP configuration instructions of different top Email service providers. On that website, you will also get links to the tools related to DNS, IP, Email, and much more.
I think that will be pretty helpful for your readers.

ipsteel said...

Nice article thanks for sharing.

cloudminister said...

Wow what a great blog, i really enjoyed reading this, good luck in your work. Data Center In Jaipur

Charlie Oscar said...

Için buraya tiklayin - Evden Eve Nakliyat

rajani kota said...

This is a good post. Keep posting.
DevOps Training
DevOps Online Training

cloudminister said...
This comment has been removed by the author.
rent a trailer Dubai said...

Are you looking for a Trailers rental in Dubai, UAE? We provide the best trailers to transport heavy construction materials anywhere in the UAE. Get Heavy Trailer Truck for Rent in UAE, Trailer Rental Dubai, Trailer for Rent in Sharjah, Trailer Truck for Rent.

Trailer for rent in Sharjah said...

Trailer for rent in Sharjah . We are providing Transportation services with (40ft) Flatbed Trailers and Trucks throughout the UAE, 24/7 hours. We are a Trailers rental companies in Sharjah. Get comfortable trucks and trailers for cheap rental service.

Villa movers and Packers in Dubai said...

Villa Movers and Packers Dubai Our team can help you with packing, unpacking, loading, and unloading of your belongings. We are Best Movers and Packers in Dubai, Moving Companies, Villa Movers in Dubai, Local Movers in Dubai. Best Dubai movers and packers for office, house, villa shifting and storage in Dubai. As a leading packers and movers in Dubai, we are a 'one-stop-shop' for all your office relocation needs.

DevOps said...

Thanks for sharing.Very interesting blog.
DevOps Training
DevOps Online Training

Ranjith said...

Great Content. It will useful for knowledge seekers. Keep sharing your knowledge through this kind of article.
Azure Training in Chennai
Microsoft Azure Training in Chennai

Packing and Moving Company said...

This is what I get on that page, Nice Post and Appreciated your support. Thank you so much for sharing such a detailed information. We are proud that clients hold against using our moving company.
Furniture Movers and packers like www.servicebasketuae.com/movers-and-packers-in-dubai.html ​make their best handling to secure the goods from all the possible effects.
www.allieddubaimovers.com

Unknown said...


Perfect Blog. More informative I love it. Readable and valueable. keep up the good stuff like this.
Thank You.
If any one need Website hosting services

then contact us

Dubai Movers and Packers Best Moving Company LLC said...

Thanks you so much Experts blog writer I like it and same as one of our blog like Movers and Packers in Dubai

Movers and Packers in Dubai

House Movers and Packers in Dubai
Movers and Packers in Dubai

ol said...

Nice post. I was checking this blog and I'm impressed! Extremely useful information. Thank you and keep up the good work. I recommend online dissertation writing services I think you do not regret visiting and using this service!

Packers and Movers in Hyderabad said...

Thanks for sharing this useful information! This is really interesting information to read. Best high-quality Packing And Moving services at affordable prices within your budget.
@ Movers and Packers Bangalore
@ Movers and Packers Hyderabad
@ Packers and Movers
@ MovingNow Packers and Movers Blog

christopher hale said...

Verified and Secured Service Provider. Get Free ###Packers and Movers Jaipur Price Quotation instantly and Save Cost and Time online dissertation writing services
We have been supporting our pupils by providing them dissertation help UK at an affordable price. It is not an easy task for beginners to

Animal Zone said...

lanlords insurance
lanlords insurance
lanlords insurance
lanlords insurance
lanlords insurance
lanlords insurance
lanlords insurance
lanlords insurance
lanlords insurance
lanlords insurance
lanlords insurance
lanlords insurance
lanlords insurance
lanlords insurance
lanlords insurance
lanlords insurance
lanlords insurance
lanlords insurance

Animal Zone said...

lanlords insurance
lanlords insurance
lanlords insurance
lanlords insurance
lanlords insurance
lanlords insurance
lanlords insurance
lanlords insurance
lanlords insurance
lanlords insurance
lanlords insurance
lanlords insurance
lanlords insurance
lanlords insurance
lanlords insurance

Anonymous said...

Your post was very nicely written, Thank you!!
do my assignment UK

Restart Branding Solutions said...

This is very useful for SEO persons and as well will be helpful for me. Keep sharing such type of stuff. pickup for moving in Dubai

Renjith said...

Hi there,
Such a good and timely post about building relationships! and I apperciate this.
I have been putting on my blog and other social media as well.
Glass Company in Dubai
More-then 5 years of experience with an valuable reputation and reliability. We offer highest quality services as shower enclosure, shower scree installation, glass works in Dubai. Contact us for sandblasting planted glass with edge polishing and mirror Works in Dubai. IST Work LLC standing at the highest level of Dubai with professional glass supply and installation services.

Kamalesh said...

Excellent data with lots of information. I have bookmarked this page for my future reference. Do share more updates.
Uses Of Tally ERP 9
Basic Knowledge Of Tally ERP 9

Mahagamer said...

blogger is amazing see this new Fate SenkiFuture Codes free

Mahagamer said...

Get here all game codes all about gaming is on MahaGamer

Mir4 Coupon Codes said...

This is great post. I also written very nice information about mir4 coupon codes in you want to get rewards in your game then please visit my blog.

Arashi Adventure Codes said...

Thanks for this great article. I really thankful to you for such a nice post.

Cre8tivebot said...

Good Job! You have Shared your well knowledge... I will refer the people to the best IT Solutions providers click the below link:

IT Company
seo packages
ppc company australia
content marketing agency dubai
social media marketing company
web development australia
app development melbourne

Sapphire Solutions said...

SET USERS AD HOME DIRECTORIES READ ONLY

Very interesting post...

5 Must-Know Benefits of Front End Development Services for Businesses

front end development services

Cyber Security said...

I read your whole content it’s really interesting and attracting for new reader.
Thanks for sharing the information with us. Please visit...

industrial pc
aesni
aes-ni
pico pc ram
opnsense compatible

thesttl said...

Interested in digital transformation services and software development company then we at silvertouch provide all kind of It services for your business

amazingwebdeveloper said...

How much time does it take to update the Current PHP version?
Although in some cases, it is automatically updated. But, in many cases, updating a Current PHP version can cause downtime to your WordPress site because the updating takes at least 2-4 hours.

Get Repaired HERE said...

Thank you for providing such nice article. It's very helpful for the users.
We are a Digital Repair Company

GetrepairedHERE
We provide several services like-
Remote Computer Repair
Remote server maintenance

Spotify Plaque said...
This comment has been removed by the author.
Ahana Sharma said...

Thanks for providing very useful information with code! Visit the Best Data Science training institute in Delhi to learn Data Science from certified experts.

Digisol Hub said...

DigisolHub
Digisol Hub is a Digital Marketing & Tech. Company, that provides solutions regarding website development, SEO, Social Media Marketing, Google Ads, and Graphics designing, App development, Software development, Website Development. We just want to solve the problems of the people by using the right digital marketing strategy and give them Value so that they can build their business in the Online world.

APTRON said...

Exchange Server Interview Questions and Answers

techomsystem said...

The information you've shared on Azure Migration has really pleased me. It's a fascinating article, both for me and for others. Thank you for bringing such interesting topics to our attention.

steveandy said...

P3 works with clinicians to get them paid as soon as they render services as part of the ongoing telehealth services happening across the country.
In Medicare, telehealth is where we address your financial independence in order to increase collections and ensure the survival of your practise.
A distinguished billing service that does everything possible to improve provider experience, practise management,
and staff burden consistently accelerates the healing process.medical billing service
The COVID-19 pandemic is a time of great need, and we'd like to relieve physicians and specialty clinicians of their revenue cycle management responsibilities.
In this way, they not only serve the population with the best possible care, but they also get America out of this disaster unscathed

steveandy said...

"I'd be a millionaire if I had a nickel for every missed appointment," most doctors say.
Computerized patient scheduling systems are intended to help reduce the burden of no-shows and last-minute rescheduling calls.
These systems aid practises in managing the process of scheduling appointments and follow-ups with patients.
Book an Appointment with best medical billing company.
Individually, systems assist schedulers in entering patient contact and demographic information, appointment times,
reasons for visits and chief complaints, and billing or insurance information. The primary objectives are to assist
practises in automating the appointment process, increasing the number of patient visits, and decreasing no-shows and cancellations.

SPK Systems said...

Thanks for sharing your experience.!

web design in india
web development in india
web design and development in india

especia associate said...

Nice Blog. Thanks For Sharing. Especia Associates is one of the leading Financial Advisors & Consultants company In India. We provide CA Services, CFO Services, Company Secretary Services and ESOP Services. The ESOP is commonly designed to gain employees who remain with the business enterprise the longest and make contributions most to the organization's success. ESOPs facilitate creating proper non-public financial wealth for personnel. if you need ESOP Benefits employees call at 9310165114 or visit us How does an ESOP Benefit Employees

Roger Kin said...

If you want to ensure your success in Microsoft AI-102 Exam, then you should definitely consider using Exams4sure. This is one of the most popular and trusted study materials available for this exam, and it can definitely help you Ace the exam and get the score you need to pass. The material is comprehensive and up-to-date, and it will definitely help you prepare for the exam in the best way possible. There is no doubt that Exams4sure is the best way to go when it comes to preparing for Microsoft AI-102 Exam.

infrassist said...

We are master managed service provider and we are also provide professional services and noc services 24*7 and outsourced service.
infrassist
Microsoft 365
Noc Services
Helpdesk

MMC996 Online Casino Singapore said...

Here, you will not only learn how to get the most out of your money, but you will also receive other promotions such as loyalty programs, tournaments, VIP clubs, and other offers.

Iqra technology said...

Nice blog.

Amy Jackson said...

Lot of people still did not know how to setup directories at O365 for business. thanks for sharing.
offshore testing company in USA and QA testing companies in USA

steve andy said...


Best medical billing companies
in the United States have previously expressed concerns about the implementation of EHR technology, which was followed by the selection of the best electronic medical record vendor and the attesting for meaningful use/PQRS. They are now required to carry out one of the most significant healthcare reforms in the United States to date – the transition to ICD-10. Even if the transition is delayed, there are enough reforms to physician reimbursements that warrant changes in how you practise medicine. These include higher deductibles, a shift to a pay-for-performance model, and so on. As a result, it is perfectly logical to select a medical billing company as a dependable partner who will help you manage your revenue stream. Simultaneously, it makes perfect financial sense. Moreover, a professional in-house biller will cost you approximately $50,000 per year, whereas a third-party team of billers will only cost you a fraction of this amount. So why not hire top-tier medical billing services

steve andy said...

Revenue Cycle Management (RCM) extends beyond the basic function of billing to include claim processing and denial management, patient payments, medical coding and billing, and revenue generation, according to industry standards. As a result, it would be an understatement to say that RCM is the lifeblood of any physician practise. Regrettably, many healthcare professionals mistake RCM for their practise medical billing company. The increased revenue stream is primarily dependent on time management and the practise workflow, which begins at the time of registration and includes determining patient insurance eligibility and collecting co-pays. It all comes down to correctly coding claims with ICD-10 and sending them out on time. A well-functioning billing system is also an important indicator of successful revenue cycle management. This can be accomplished by implementing the appropriate EHR and Practice Management system or by outsourcing revenue cycle management to a reputable vendor

steve andy said...

Denial management solutions that have the biggest impact on net reimbursement must be given priority by healthcare providers because they are both expensive and time-consuming. You can classify and organise denial code types and categories, such as Soft, Hard, Clinical, and Technical/Administrative denials, using our denial management software. Additionally, providers must be able to define the hierarchy of refusal and justification codes. Your staff will be able to devote more time to appealing denials that stand a good chance of being upheld if medical billing denials are classified, increasing your chance of recovering your costs. Healthcare providers who are having trouble generating steady revenue growth may find that building a foundation of benchmark metrics for evaluating the financial performance of their contract management system makes all the difference to their bottom line.

Electronic Components said...

I check all your posts but this is the best one hobby electronics store

Ahana said...

I like to read your blog, Thank you for sharing with us! Enroll now the best Global IT training institute in India for learning best software testing training course in Delhi, online python training in Indore, data science course in Lucknow, digital marketing training in Pune

Iqra technology said...

Nice blog! Thanks for sharing this blog. Learn about A Fascinating Behind-The-Scenes Look At India Is Best For Software IP Protection

Anonymous said...

This blog will help you to understand a comparison between the Qualities of a FinancialForce
Developer. Hire FinancialForce Developer starting from $1800/ Monthly.

Samreen Jahan said...

Thanks for sharing this blog with us, that is really helpful for fresher, and professionals both. If anyone is interested in software testing, the ssoftware testing training course institute in Ghaziabad is the best platform for you.

Abhishek Sharma said...

Accounting Services Surat-Hisabkitab" is a professional accounting firm in Surat, India, offering customized accounting services to businesses of all sizes. Their experienced team provides bookkeeping, tax preparation, payroll management, financial statements, and consulting services. They are committed to timely, accurate, and cost-effective solutions to help businesses achieve their goals.

Abhishek said...

I like to read your blog,Hisabkitab offers reliablebookkeeping services in Surat, ensuring accurate and timely financial record-keeping for businesses. Their team of experienced professionals uses the latest technology to handle accounting, tax compliance, and financial reporting, providing clients with peace of mind and freeing up time to focus on their core operations.





sajif said...

Click on the link provided to read further posts of this kind.