tags:

views:

1470

answers:

2
Q: 

User powershell to get a list of all folders in /downloads/pivots

So I have a boat load of pivot tables that I upload everyday to folders like: Pivot0001 Pivot0002 Pivot0003

and so on.

I also have user groups called Pivot0001 and so on with users that need to access that folder in it. What I now need to do is set the permissions on each folder (I have 400 or so of them). I know I need to do a loop and set permissions. What I dont know how to do is get a list of all the folders and then set permissions to that folder.

EDIT I forgot to say this is for SharePoint...sorry about that

Here is the final code that worked (not really clean but it works)

[Void][System.Diagnostics.Stopwatch] $sw;
$sw = New-Object System.Diagnostics.StopWatch;
$sw.Stop();
$sw.Start();
clear   

$path = "\\path\to\webdav\"
$dirs = Get-ChildItem $path -Recurse | Where-Object { $_.Attributes -band [System.IO.FileAttributes]::Directory }
[Void][System.Reflection.Assembly]::LoadWithPartialName("Microsoft.SharePoint");
$SPSite = New-Object Microsoft.SharePoint.SPSite("http://sharepoint");
$OpenWeb = $SpSite.OpenWeb("/Downloads");
[int]$i = 0;
foreach ($dir in $dirs) {
    $i++
    Write-Host "Setting $dir to $dir" -F Green;
    $path = "http://sharepoint/Downloads/" + $dir;
    $TheNewGroup = $OpenWeb.GetFolder($path);
    [Microsoft.SharePoint.SPFolder]$folder = $OpenWeb.GetFolder($path);
    [Microsoft.SharePoint.SPGroupCollection]$spc = $OpenWeb.SiteGroups;
    [Microsoft.SharePoint.SPGroup]$group = $spc[$dir];
    [Microsoft.SharePoint.SProleAssignment]`
     $roleAssignment = New-Object Microsoft.SharePoint.SPRoleAssignment([Microsoft.SharePoint.SPPrincipal]$group);
    $OpenWeb.GetFolder($path).Item.BreakRoleInheritance("true");
    $roleAssignment.RoleDefinitionBindings.Add($OpenWeb.RoleDefinitions["Read"]);
    $OpenWeb.GetFolder($path).Item.RoleAssignments.Add($roleAssignment);
}
Write-Host "found $i Folders" -F Green
$SPSite.Dispose();
$sw.Stop();
$howlong = $sw.Elapsed.ToString();
write-host "Took: " $howlong -f Green;
A: 

Getting a list of folders isn't exactly straightforward, but easily understandable:

Get-ChildItem \downloads\pivots | Where-Object { $_.PSIsContainer }

You can then pipe that further into the ForEach-Object cmdlet where you can set the permissions:

Get-ChildItem \downloads\pivots |
Where-Object { $_.PSIsContainer } |
ForEach-Object {
    $_.SetAccessControl( ... )
}
Joey  2009-10-10 20:50:52
Your method is cleaner however bobby's was more complete :)
Mitchell Skurnik  2009-10-11 19:06:07
+3  A: 

Something like this should work:

$domain = "YOURDOMAIN"
$path = "C:\Your\Folder\Path"

$dirs = Get-ChildItem $path | Where-Object { $_.Attributes -band [System.IO.FileAttributes]::Directory }
foreach ($dir in $dirs)
{
    $acl = Get-Acl $dir.FullName
    $user = $domain + "\" + $dir.Name
    $permission = $user, "FullControl", "Allow"
    $rule = New-Object System.Security.AccessControl.FileSystemAccessRule $permission
    $acl.SetAccessRule($rule)
    $acl | Set-Acl $dir.FullName
}

The above works for a normal local file system path, but SharePoint has a different folder security model. I found a blog post by Robert Gruen that explains how to programmatically set permissions. He gives this C# code sample:

// get a reference to the folder (this assumes path points to a valid folder)
SPFolder folder = SharePointConfiguration.Site.GetFolder(path);

// get a reference to the Sharepoint group collection
SPGroupCollection spc = SharePointConfiguration.Site.SiteGroups;

// get a reference to the group who’s permissions you want to modify for the folder above
SPGroup group = spc[groupName];

// create a role assignment from the group reference
SPRoleAssignment roleAssignment = new SPRoleAssignment((SPPrincipal)group);

// break role inheritance for folders/files because they will be having permissions separate from their parent file/folder
folder.Item.BreakRoleInheritance(true);

// update the role assignments for the group by adding the permissionSet "TestPermissionLevel" which is a custom
// permissionset I created manually... you can easily use any of the built-in permission sets
roleAssignment.RoleDefinitionBindings.Add(SharePointConfiguration.Site.RoleDefinitions["Test Permission Level"]);

// apply the new roleassignment to the folder.  You can do this at the listitem level if desired (i.e. this could be SPfile.Item.... instead of SPFolder.Item)
folder.Item.RoleAssignments.Add(roleAssignment);

I'm sure with a bit of translation, this could be adapted to PowerShell.

bobbymcr  2009-10-10 20:56:40
+1. But I like the PSIsContainer property better :-)
Joey  2009-10-10 20:59:51
I forgot to say this is for SharePoint...sorry about that..thought I will try this with UNC to see if that works
Mitchell Skurnik  2009-10-10 21:55:59
It should work as long as the user you run the script as has permission to the remote path.
bobbymcr  2009-10-11 00:24:10
Everything works except the point where it tries to assign the permissions. Sharepoint does it a different way as it is more webdav and usually has its own calls to do that sort of thing
Mitchell Skurnik  2009-10-11 02:30:39
http://msdn.microsoft.com/en-us/library/microsoft.sharepoint.spfolder.aspx I have a bad feeling that there is no way to programaticly set permission on a folder
Mitchell Skurnik  2009-10-11 03:11:38
This might be what you're looking for: http://blogs.msdn.com/robgruen/archive/2007/11/15/how-to-programmatically-set-permissions-on-files-folders-in-a-sharepoint-document-library.aspx
bobbymcr  2009-10-11 06:19:22
bobbymcr - that would work if it was just one or two groups but since that is creating a special level I would need to create special permission groups for everyone
Mitchell Skurnik  2009-10-11 18:58:24
That is very close and I am tearing apart the code to see if I can hack something together
Mitchell Skurnik  2009-10-11 19:02:32
I think I am going to have to ask a few of my co-workers to help me manually assign permissions to these groups.
Mitchell Skurnik  2009-10-11 19:50:46
That blog post should work but now when I get to the part where i need to break role inheritance I get "you cannot call a method on a null-valued expression
Mitchell Skurnik  2009-10-12 01:54:27
Bobby I want to mark this as the correct answer...can you post the code from the blog?
Mitchell Skurnik  2009-10-12 02:00:49
Okay, I added it.
bobbymcr  2009-10-12 02:40:23
So the script I have in my first post is working but only placing users in the /Downloads folder and not going to specific sub folder I want
Mitchell Skurnik  2009-10-12 04:20:54
[Microsoft.SharePoint.SPFolder]$folder = $OpenWeb.GetFolder($path); [Microsoft.SharePoint.SPGroupCollection]$spc = $OpenWeb.SiteGroups; [Microsoft.SharePoint.SPGroup]$group = $spc[$dir]; [Microsoft.SharePoint.SProleAssignment]` $roleAssignment = New-Object Microsoft.SharePoint.SPRoleAssignment([Microsoft.SharePoint.SPPrincipal]$group); $OpenWeb.GetFolder($path).Item.BreakRoleInheritance($true); $roleAssignment.RoleDefinitionBindings.Add($OpenWeb.RoleDefinitions["Read"]); $OpenWeb.GetFolder($path).Item.RoleAssignments.Add($roleAssignment);
Mitchell Skurnik  2009-10-12 04:31:39

related questions

How do I access the non-IPM_SUBTREE Public Folder Tree with WMI?
How do I create a custom type in PowerShell for my scripts to use?
iTunes warning message on quit due to scripting
Creating batch jobs in PowerShell
Troubleshooting a NullReference exception in a service
Windows Powershell book - any good experiences?
Windows 2003 Scheduled Task Cmdlet (v 1.0)
How to get started with PowerShell?
get file version in powershell
Set up PowerShell Script for Automatic Execution
Accessing .NET components from Powershell
PowerShell - How do I pass string parameters correctly?
execute shortcuts like programs in powershell
How do I compare two arrays of DataRow objects in PowerShell?
PowerShell App.Config
PowerShell - how do I do a string replacement in a function?
PowerShell FINDSTR eqivalent?
How do I make Powershell run a batch file and then stay open?
quoting System.DirectoryServices.ResultPropertyCollection
Powershell's Invoke-Expression missing param
How do you impersonate an Active Directory user in Powershell?
Why don't my powershell scripts run?
Can I copy files to a Network Place from a script or the command line?
How do you use PowerShell?
What are your favorite Powershell Cmdlets?