PowerShell - Change homedirectory permissions in bulk

Recently I was asked to change the homedirectory permissions for >4000 users from Full Control, to ready only.

I’ve used below powershell commands to achieve this.

Firstly we need to get all SamAccountName’s in a .csv list. (Change the searchbase).

Get-ADUser -Filter * -SearchBase "OU=www,DC=iterrors,DC=com" | Where { $_.Enabled -eq $True} | select SamAccountName | export-csv c:\temp\iterrors.com

Afer we created the .csv file we need to run below script, this will query all users for their homedirectory path and change the permissions.

Import-Module 'ActiveDirectory' import-csv c:\temp\iterrors.csv | foreach-object{ $homeDrive = (Get-ADUser -Identity $_.SamAccountName -Properties homedirectory).homedirectory #Query AD for the HomeDrive attribute $user = (Get-ADUser -Identity $_.SamAccountName -Properties SamAccountName).SamAccountName #Query AD for the SamAccountName attribute $ACL = Get-Acl $homeDrive $ACL.setAccessRule((New-Object System.Security.AccessControl.FileSystemAccessRule($_.SamAccountName, "ReadAndExecute", "ContainerInherit,ObjectInherit", "none", "allow"))) Write-Host "Changing permissions on $homeDrive for user $user" -ForegroundColor Magenta Set-Acl $homeDrive $ACL }

1 thought on “PowerShell – Change homedirectory permissions in bulk.”

Is there a way to limit this change to JUST the “My Documents” directory, within the HomeDrive?.

TIA.

Ian

ITerrors.com

PowerShell – Change homedirectory permissions in bulk.

1 thought on “PowerShell – Change homedirectory permissions in bulk.”

Leave a Reply Cancel reply

Can’t take ownership of folder as DomainAdmin – Access denied.

DeploymentSettings or RDS arguments empty for (new) remote desktop collection