0 votes

Hello Adaxes Support,

I'm using this Skript for creating a Userfolder on a Server including ACLs. It works fine.

$strPath="\\%adm-CustomAttributeText16%\d$\Benutzer\%username%"
$Username="%userPrincipalName%"
New-Item -ItemType directory -Path $strPath
        #set acl to folder
        $HomeFolderACL=Get-Acl $strPath
        $ACL=New-Object System.Security.AccessControl.FileSystemAccessRule($Username,"Modify","ContainerInherit,ObjectInherit","None","Allow")
                                $HomeFolderACL.AddAccessRule($ACL)

        Set-Acl -Path $strPath $HomeFolderACL
        $strPath

Now I'm trying to share this Folder but I'm not able.

Can someone help me?

Thanks in advance

by (700 points)

1 Answer

0 votes
by (216k points)

Hello,

As far as we can see, you are trying to create home folders for users with the help of the script. Adaxes already contains the Create the home directory and Share the home directory actions for this purpose that can be used in Business Rules, Custom Commands and Scheduled Tasks. Is there any reason why you don't want to use the built-in actions?

0

Hello Support,
I know this feature. However, we do not used it in our environment. We use a logo script for mapping the user home drive. Therefore I can not use this as feature. Do you still have a other suggestion?

0

OK, we'll ask our script guys to look into this. We'll update this topic as soon as they come up with something.

0

Hello,

Our script guys have come up with the following script that can be used to implement your task. In the script:

  • $homeFolderPath - template path for the home folders created by the script;
  • $fileSystemAccessRights - permissions for the User to access his home folder share;
  • $accessControlType - permission type for the User's home folder: 0 = allow, 1 = deny;
  • $description - home folder share description;
  • $maximumAllowed - the maximum allowed number of simultaneous connections to the home folder share;
  • $shareName - home folder share name.

Modify the script to your requirements.

$homeFolderPath = "\\%adm-CustomAttributeText16%\d$\Benutzer\%username%" # TODO: modify me
$fileSystemAccessRights = 1245631 # TODO: modify me. User permissions for the shared folder ;2032127 = Full Control; 1245631 = Change; 1179817 = Read
$accessControlType = 0 # TODO: modify me. Access Control Type user on a shared folder; 0 = allow, 1 = deny
$description = "User home folder" # TODO: modify me. Text or $NULL
$maximumAllowed = 20 # TODO: modify me. Limit for the number of simultaneous users. Number or $NULL
$shareName = "%username%" # Share Name

Function Create-Share($homeFolderPath, $fileSystemAccessRights, $accessControlType, $description, $maximumAllowed, $shareName)
{
    # Build path
    $uncPath = $homeFolderPath.Replace("\\","")
    $uncParts = $uncPath.Split('\')
    $serverName = $uncParts[0]

    try
    {
        $localPath = (Get-WmiObject -ComputerName $serverName -Class "Win32_Share" -ErrorAction Stop | Where {$_.Name -eq $uncParts[1]}).Path
    }
    catch
    {
        $Context.LogMessage($_.Exception.Message, "Error")
        return
    }

    if ($localPath -eq $NULL)
    {
        $Context.LogMessage("Network folder with name '" + $uncParts[1] + "' was not found on '$serverName'", "Error")
        return
    }

    # Build path for the user folder
    $localPath = $localPath.TrimEnd("\")

    if ($uncParts.Length -gt 2)
    {
        for ($i = 2; $i -le $uncParts.Length -1; $i++)
        {
            $localPath += "\" + $uncParts[$i]
        }
    }

    # Create shared folder and set premissions for the user
    try
    {
        $shares = [WMICLASS]"\\$serverName\root\cimv2:Win32_Share"
    }
    catch
    {
        $Context.LogMessage($_.Exception.Message, "Error")
        return
    }

    # Create Security Descriptor Instance
    $sd = ([WMIClass]"Win32_SecurityDescriptor").CreateInstance()

    # Set premissions for user
    $ACE = ([WMIClass]"Win32_ACE").CreateInstance()
    $Trustee = ([WMIClass]"Win32_Trustee").CreateInstance()
    $Trustee.Name = "%username%"
    $Trustee.Domain = $Null
    $ace.AccessMask = $fileSystemAccessRights 
    $ace.AceFlags = 3 
    $ace.AceType = $accessControlType
    $ACE.Trustee = $Trustee
    $sd.DACL += $ACE.psObject.baseobject

    # Try share home folder
    $result = ($shares.Create($localPath, $shareName, 0, $maximumAllowed, $description, $NULL, $sd)).ReturnValue
    return $result
}

if (Test-Path -Path $homeFolderPath)
{
    $Context.LogMessage("Folder '$homeFolderPath' already exists", "Error")
    return
}

try
{
    $userFolder = New-Item -ItemType directory -Path $homeFolderPath -ErrorAction Stop
}
catch
{
    $Context.LogMessage($_.Exception.Message, "Error")
    return
}

# Set permissions for the shared folder
$homeFolderACL = Get-Acl $homeFolderPath
$acl = New-Object System.Security.AccessControl.FileSystemAccessRule("%username%","Modify","ContainerInherit,ObjectInherit","None","Allow")
$homeFolderACL.AddAccessRule($acl)

Set-Acl -path $homeFolderPath $homeFolderACL

$result = Create-Share $homeFolderPath $fileSystemAccessRights $accessControlType $description $maximumAllowed $shareName

$erroMSG = New-Object "System.ComponentModel.Win32Exception"

switch ($result)
 {
      0 {$Context.LogMessage("User folder shared successfully", "Information")}
      2 {$Context.LogMessage("User folder not shared: Access Denied", "Warning")}
      8 {$Context.LogMessage("User folder not shared: Unknown Error", "Warning")}
      9 {$Context.LogMessage("User folder not shared: Invalid Share Name", "Warning")}
      10 {$Context.LogMessage("User folder not shared: Invalid Level", "Warning")}
      21 {$Context.LogMessage("User folder not shared: Invalid Parameter", "Warning")}
      22 {$Context.LogMessage("User folder not shared: Duplicate Share", "Warning")}
      23 {$Context.LogMessage("User folder not shared: Redirected Path", "Warning")}
      24 {$Context.LogMessage("User folder not shared: Unknown Device or Directory", "Warning")}
      25 {$Context.LogMessage("User folder not shared: Network Name Not Found", "Warning")}
      default {$Context.LogMessage("User folder not shared: Unknown Error", "Warning")}
 }
0

Thanks very much! Worked like a charm! ;)

Related questions

0 votes
0 answers

We are trying to create a custom command to create a new network share folder and offline PST file for new users. Do you have any documentation to start our process with>

asked Jan 10, 2017 by willy-wally (3.2k points)
0 votes
1 answer

This is what I am trying to achieve: Gather a list of all shared mailboxes Check if there are any members and if not send an email to me. Loop through each one and ... schedule say every X months for all mailboxes or X months from when the item was created.

asked Sep 13 by MikeBeattie (110 points)
0 votes
1 answer

Good Morning, I've been working through some of my processes and I'm not looking to make sure the deletion of Home directories (both remote and standard) as well as ... for user deletion. If there are any questions or clarification needed, please let me know.

asked Oct 16, 2015 by jtop (700 points)
0 votes
1 answer

I've tried using the business container creation script and looping a foreach and I've been getting errors on the SetInfo part, just wondering what I'm doing wrong.

asked May 29 by ajmilic (100 points)
0 votes
1 answer

Hi, I would like to have a copy of Report "Errors in Adaxes log" and exlcude one or more specific Initiators in this report (cause they are generating a lot of errors ... this easy with default options? Or do I need to create an own report by script?

asked Oct 30, 2023 by wintec01 (1.5k points)
3,588 questions
3,277 answers
8,303 comments
548,097 users