Fix Users Homefolder Permissions
Author: @ January 15, 2013 | Tags: , , ,

A step in making sure my customers AD and file server is safe and working (and is getting backed up properly) I designed a small Powershell-script. The script will look through the a selected Organization Unit and verify that all users have a Home Directory set, and that it has the appropriate NTFS permissions.

Previously all users had Full-permissions on their home folder, which led to the users resetting permissions and removing unwanted permissions (Backup or Admin accounts) to their “private” stuff.

This script will set Modify-permissions for the user. I know it’s not the most well-written script out there, but it works! :)

#	User Home Directory Permissions - heineborn.com 2013-01-15
#
#	Creates a HomeDirectory for users who are missing one.
#	Verifies they have Modify permissions, if they have Full it replaces with Modify.

# Loading modules
Import-Module ActiveDirectory

$DC = "DC01.HEINEBORN.LOCAL"
$OU = "OU=Users,DC=heineborn,DC=local"

$Content = (Get-ADUser -server $Dc -filter * -Properties * -SearchBase $OU | select SamAccountName, HomeDirectory)

FOREACH ($ID in $Content) {
    $User = $ID.SamAccountName
    $Folder = $ID.HomeDirectory
    # If the user does not have a value for HomeDirectory it skips.
    If ($Folder) { 
        # If the HomeDirectory does not exist its created.
        If ((Test-Path $Folder) -ne $true) {
            New-Item -ItemType directory -Path $Folder
            icacls $Folder /grant $User`:`(OI`)`(CI`)M
            }
        # Checking if user has Full permissions on their folder.
        $Icacls = icacls $Folder 
        $Match = "*" + $User + ":(F)*"
        $IcaclsResult = $Icacls -like $Match
        If ($IcaclsResult) {
            Write-Host $User " HomeDirectory has incorrect permissions. Resetting..."
            icacls $Folder /remove:g $User
            icacls $Folder /grant $User`:`(OI`)`(CI`)M
        }
    }    
}

Advanced Security Settings

Let me know if anything is not working for you and I’ll do my best to help you out.

Share this!

Related posts

  1. Forgot Password Resetting Password for Specific OU
  2. Home Folder Verifying User Home Directory
  3. Set UDA as Local adminstrator via Task Sequence Make Primary User Local Admin in Task Sequence
  4. Password Password Generator

Comments

  • z

    Great Script!!

    I have used it to correct my homefolder permisison issues. now i m working to add a poriton to create and set the home folder from a seond file that lists of severs names. This way the script continues through the OU.

    Thanks again

    March 25, 2013 — 6:55
  • Joakim

    Thanks for stopping by, and glad to hear it helped you.
    I slightly updated the script and removed the need for a CSV-file.

    March 26, 2013 — 9:25

    • Leave a Reply

    Your email address will not be published.