0 votes

Hello Adaxes Support,

I'm using this Skript for creating a Userfolder on a Server including ACLs. It works fine.

$strPath="\\%adm-CustomAttributeText16%\d$\Benutzer\%username%"
$Username="%userPrincipalName%"
New-Item -ItemType directory -Path $strPath
        #set acl to folder
        $HomeFolderACL=Get-Acl $strPath
        $ACL=New-Object System.Security.AccessControl.FileSystemAccessRule($Username,"Modify","ContainerInherit,ObjectInherit","None","Allow")
                                $HomeFolderACL.AddAccessRule($ACL)

        Set-Acl -Path $strPath $HomeFolderACL
        $strPath

Now I'm trying to share this Folder but I'm not able.

Can someone help me?

Thanks in advance

by (700 points)

1 Answer

0 votes
by (215k points)

Hello,

As far as we can see, you are trying to create home folders for users with the help of the script. Adaxes already contains the Create the home directory and Share the home directory actions for this purpose that can be used in Business Rules, Custom Commands and Scheduled Tasks. Is there any reason why you don't want to use the built-in actions?

0

Hello Support,
I know this feature. However, we do not used it in our environment. We use a logo script for mapping the user home drive. Therefore I can not use this as feature. Do you still have a other suggestion?

0

OK, we'll ask our script guys to look into this. We'll update this topic as soon as they come up with something.

0

Hello,

Our script guys have come up with the following script that can be used to implement your task. In the script:

  • $homeFolderPath - template path for the home folders created by the script;
  • $fileSystemAccessRights - permissions for the User to access his home folder share;
  • $accessControlType - permission type for the User's home folder: 0 = allow, 1 = deny;
  • $description - home folder share description;
  • $maximumAllowed - the maximum allowed number of simultaneous connections to the home folder share;
  • $shareName - home folder share name.

Modify the script to your requirements.

$homeFolderPath = "\\%adm-CustomAttributeText16%\d$\Benutzer\%username%" # TODO: modify me
$fileSystemAccessRights = 1245631 # TODO: modify me. User permissions for the shared folder ;2032127 = Full Control; 1245631 = Change; 1179817 = Read
$accessControlType = 0 # TODO: modify me. Access Control Type user on a shared folder; 0 = allow, 1 = deny
$description = "User home folder" # TODO: modify me. Text or $NULL
$maximumAllowed = 20 # TODO: modify me. Limit for the number of simultaneous users. Number or $NULL
$shareName = "%username%" # Share Name

Function Create-Share($homeFolderPath, $fileSystemAccessRights, $accessControlType, $description, $maximumAllowed, $shareName)
{
    # Build path
    $uncPath = $homeFolderPath.Replace("\\","")
    $uncParts = $uncPath.Split('\')
    $serverName = $uncParts[0]

    try
    {
        $localPath = (Get-WmiObject -ComputerName $serverName -Class "Win32_Share" -ErrorAction Stop | Where {$_.Name -eq $uncParts[1]}).Path
    }
    catch
    {
        $Context.LogMessage($_.Exception.Message, "Error")
        return
    }

    if ($localPath -eq $NULL)
    {
        $Context.LogMessage("Network folder with name '" + $uncParts[1] + "' was not found on '$serverName'", "Error")
        return
    }

    # Build path for the user folder
    $localPath = $localPath.TrimEnd("\")

    if ($uncParts.Length -gt 2)
    {
        for ($i = 2; $i -le $uncParts.Length -1; $i++)
        {
            $localPath += "\" + $uncParts[$i]
        }
    }

    # Create shared folder and set premissions for the user
    try
    {
        $shares = [WMICLASS]"\\$serverName\root\cimv2:Win32_Share"
    }
    catch
    {
        $Context.LogMessage($_.Exception.Message, "Error")
        return
    }

    # Create Security Descriptor Instance
    $sd = ([WMIClass]"Win32_SecurityDescriptor").CreateInstance()

    # Set premissions for user
    $ACE = ([WMIClass]"Win32_ACE").CreateInstance()
    $Trustee = ([WMIClass]"Win32_Trustee").CreateInstance()
    $Trustee.Name = "%username%"
    $Trustee.Domain = $Null
    $ace.AccessMask = $fileSystemAccessRights 
    $ace.AceFlags = 3 
    $ace.AceType = $accessControlType
    $ACE.Trustee = $Trustee
    $sd.DACL += $ACE.psObject.baseobject

    # Try share home folder
    $result = ($shares.Create($localPath, $shareName, 0, $maximumAllowed, $description, $NULL, $sd)).ReturnValue
    return $result
}

if (Test-Path -Path $homeFolderPath)
{
    $Context.LogMessage("Folder '$homeFolderPath' already exists", "Error")
    return
}

try
{
    $userFolder = New-Item -ItemType directory -Path $homeFolderPath -ErrorAction Stop
}
catch
{
    $Context.LogMessage($_.Exception.Message, "Error")
    return
}

# Set permissions for the shared folder
$homeFolderACL = Get-Acl $homeFolderPath
$acl = New-Object System.Security.AccessControl.FileSystemAccessRule("%username%","Modify","ContainerInherit,ObjectInherit","None","Allow")
$homeFolderACL.AddAccessRule($acl)

Set-Acl -path $homeFolderPath $homeFolderACL

$result = Create-Share $homeFolderPath $fileSystemAccessRights $accessControlType $description $maximumAllowed $shareName

$erroMSG = New-Object "System.ComponentModel.Win32Exception"

switch ($result)
 {
      0 {$Context.LogMessage("User folder shared successfully", "Information")}
      2 {$Context.LogMessage("User folder not shared: Access Denied", "Warning")}
      8 {$Context.LogMessage("User folder not shared: Unknown Error", "Warning")}
      9 {$Context.LogMessage("User folder not shared: Invalid Share Name", "Warning")}
      10 {$Context.LogMessage("User folder not shared: Invalid Level", "Warning")}
      21 {$Context.LogMessage("User folder not shared: Invalid Parameter", "Warning")}
      22 {$Context.LogMessage("User folder not shared: Duplicate Share", "Warning")}
      23 {$Context.LogMessage("User folder not shared: Redirected Path", "Warning")}
      24 {$Context.LogMessage("User folder not shared: Unknown Device or Directory", "Warning")}
      25 {$Context.LogMessage("User folder not shared: Network Name Not Found", "Warning")}
      default {$Context.LogMessage("User folder not shared: Unknown Error", "Warning")}
 }
0

Thanks very much! Worked like a charm! ;)

Related questions

0 votes
0 answers

We are trying to create a custom command to create a new network share folder and offline PST file for new users. Do you have any documentation to start our process with>

asked Jan 10, 2017 by willy-wally (3.2k points)
0 votes
1 answer

Good Morning, I've been working through some of my processes and I'm not looking to make sure the deletion of Home directories (both remote and standard) as well as ... for user deletion. If there are any questions or clarification needed, please let me know.

asked Oct 16, 2015 by jtop (680 points)
0 votes
1 answer

Hallo Everyone I've seen the Report for Exchange Mailboxes with OU, Send on Behalf, Full Rights and Send As Rights: https://www.adaxes.com/questions/ ... . Example: User: Peter.Steinmann Identity: Which Mailboxes AccessRights: FullAccess Kind regards,

asked Jul 6 by Sandberg94 (320 points)
0 votes
1 answer

We'll be updating over 14K accounts with data (adding data to a virtual attribute) using a scheduled task but I don't want the updates to trigger Business Rules and flood the Adaxes log with entries. Is there an easy way to prevent this?

asked Apr 12 by sandramnc (820 points)
0 votes
1 answer

Currently we have to create lots of new NTFS shared folders for projects and manage the addition and removal of access for users on an ongoing basis. We would like to delegate ... interested to know if it will meet our needs before I install a demo to test.

asked Dec 21, 2021 by darrenbrown (20 points)
2,779 questions
2,512 answers
6,576 comments
26,871 users