Background
Requirement: To batch add related permissions based on the content of a text file. The actual names of the shared folders differ slightly from those provided in the text. However, the goal is to batch add permissions for such folders based on the text.
Desired Outcome
First, the following Excel spreadsheet, as shown in the image:
Then, copy this content into a text file.
Batch add related permissions based on the content of the text.
Implementation Method
The text content is segmented using spaces, middots, commas, or tab characters as delimiters. Then, based on keyword matching, such as "access" or "edit," different permissions are assigned accordingly.
Source Code and Repository URL:
- https://github.com/Excalibra/scripts/tree/main/d-python-dc
- Batch Add Related Permissions Based on Text Content.ps1
# Define the main directory path
$baseFolderPath = "C:\SharedFolders" # Base path
$userFile = "C:\Users\Administrator\Desktop\PermissionAssignmentList.txt" # Replace with the actual path of the TXT file
# Read each line of the user file
Get-Content $userFile | ForEach-Object {
# Split the content of each line
# $parts = $_ -split '\s+'
$parts = $_ -split '[\s,\t、]+' # Regular expression includes spaces, tabs, commas, and middots
if ($parts.Length -ge 8) {
$username = $parts[0]
$folder2 = $parts[5] # Group folder
$folder3 = $parts[6] # Public directory folder
$permissionType = $parts[7]
# Set NTFS permission type
$ntfsPermission = if ($permissionType -like "*Access*") {
"(OI)(CI)(R)" # Read-only permission
} elseif ($permissionType -like "*Edit*" -or $permissionType -like "*ReadWrite*" -or $permissionType -like "*Save*") {
"(OI)(CI)(M)" # Modify permission
} else {
"(OI)(CI)(R)" # Default to read-only permission
}
# Set share permission type
$sharePermission = if ($permissionType -like "*Access*") {
"Read" # Shared read-only permission
} elseif ($permissionType -like "*Edit*" -or $permissionType -like "*ReadWrite*" -or $permissionType -like "*Save*") {
"Change" # Shared change permission
} else {
"Read" # Default to shared read-only permission
}
# Process folder2 (group folder) path by removing the word "Group"
$folder2WithoutGroup = if ($folder2 -like "*Group") {
$folder2 -replace "Group$", "" # Remove "Group" (at the end)
} else {
$folder2 # Keep it as is if "Group" is not present
}
# Construct the full folder paths
$fullPath1 = Join-Path -Path $baseFolderPath -ChildPath $folder2 # Original group folder path
$fullPath2 = Join-Path -Path $baseFolderPath -ChildPath $folder3 # Public directory folder path
$fullPath3 = Join-Path -Path $baseFolderPath -ChildPath $folder2WithoutGroup # Path without "Group"
# Assign permissions to each folder path
$folders = @($fullPath1, $fullPath2, $fullPath3)
foreach ($folderPath in $folders) {
# Check if the folder path exists
if (-Not (Test-Path $folderPath)) {
Write-Output "Path $folderPath does not exist, skipping this path."
continue
}
# Use icacls to set NTFS permissions
icacls "$folderPath" /grant ${username}:$ntfsPermission /t
Write-Host "Assigned NTFS $ntfsPermission permission to user $username for folder $folderPath." -ForegroundColor Yellow
# Check if the share exists
$netShareName = (Get-Item $folderPath).Name # Use the folder name as the share name
if (Get-SmbShare -Name $netShareName -ErrorAction SilentlyContinue) {
# If the share exists, add share permissions
Grant-SmbShareAccess -Name $netShareName -AccountName "$username" -AccessRight $sharePermission -Force
Write-Host "Assigned shared $sharePermission permission to user $username for share $netShareName." -ForegroundColor Yellow
} else {
Write-Output "Share $netShareName does not exist, skipping share permission assignment."
}
}
}
else {
Write-Output "Line format does not match, skipping: $_"
}
}
Write-Output "All user permissions have been successfully added."
After finishing this script, the main tasks of batch adding permissions are basically complete. There’s not much need to write additional scripts; any future needs would probably just involve simple batch processing.
Top comments (0)