Many things can be simplified or scripted with Powershell. If you often need to create new folders or shares, you can use Powershell to create the folder, create the corresponding groups for access and also add the groups to the NTFS permissions.
Here is a small example:
# This script creates a folder in the specified path, creates 3 domain locals
# groups (full access, change, read) and assigns the corresponding authorizations
# to the newly created folder
# Written by Frank Zoechling
write-host „Name des neuen Ordners angeben“
write-host „“
write-host „Beispiel:“
write-host “ -wird nur ein Name angegeben wird der Ordner im aktuellen Pfad erstellt“
write-host “ -Wird ein Pfad angegeben (d:\test\daten\) wird ein neuer Ordner „Daten“ unter d:\Test“
write-host “ erstellt“
write-host „“
$path = read-host „Pfad“
md $path
$GNlesen = „dl_“+$path+“_LE“
$GNvollzugriff = „dl_“+$path+“_VZ“
$GNaendern = „dl_“+$path+“_AE“
new-adgroup $GNlesen -groupscope 0 -Description „Leserechte auf $path“
new-adgroup $GNvollzugriff -groupscope 0 -Description „Vollzugriff auf $path“
new-adgroup $GNaendern -groupscope 0 -Description „Aendernrechte auf $path“
$aclLE = get-acl $path
$arLE = new-object system.security.accesscontrol.filesystemaccessrule(„$GNlesen“,“ReadandExecute“,“Allow“)
$aclLE.SetAccessRule($arLE)
set-acl $path $aclLE
$aclVZ = get-acl $path
$arVZ = new-object system.security.accesscontrol.filesystemaccessrule(„$GNVollzugriff“,“FullControl“,“Allow“)
$aclVZ.SetAccessRule($arVZ)
set-acl $path $aclVZ
$aclAE = get-acl $path
$arAE = new-object system.security.accesscontrol.filesystemaccessrule(„$GNaendern“,“Modify“,“Allow“)
$aclAE.SetAccessRule($arAE)
set-acl $path $aclAE
Den Text oben kann man nun einfach in eine Powershell Script Datei kopieren, zum Beispiel „create-folder.ps1“.
The script then does the following, it creates the specified folder and creates 3 domain local groups in the Active Directory (read, change, full access). Then these 3 groups are attached to the ACL of the folder with the corresponding permissions.
The script can of course be further customized and should only serve as an example.
Before you can execute Powershell scripts you have to execute the following command on the Powershell:
set-executionpolicy remotesigned
Here you can find further information and authorizations and the Powershell: