Hello,
Our script guys have come up with the following script that can be used to implement your task. In the script:
- $homeFolderPath - template path for the home folders created by the script;
- $fileSystemAccessRights - permissions for the User to access his home folder share;
- $accessControlType - permission type for the User's home folder: 0 = allow, 1 = deny;
- $description - home folder share description;
- $maximumAllowed - the maximum allowed number of simultaneous connections to the home folder share;
- $shareName - home folder share name.
Modify the script to your requirements.
$homeFolderPath = "\\%adm-CustomAttributeText16%\d$\Benutzer\%username%" # TODO: modify me
$fileSystemAccessRights = 1245631 # TODO: modify me. User permissions for the shared folder ;2032127 = Full Control; 1245631 = Change; 1179817 = Read
$accessControlType = 0 # TODO: modify me. Access Control Type user on a shared folder; 0 = allow, 1 = deny
$description = "User home folder" # TODO: modify me. Text or $NULL
$maximumAllowed = 20 # TODO: modify me. Limit for the number of simultaneous users. Number or $NULL
$shareName = "%username%" # Share Name
Function Create-Share($homeFolderPath, $fileSystemAccessRights, $accessControlType, $description, $maximumAllowed, $shareName)
{
# Build path
$uncPath = $homeFolderPath.Replace("\\","")
$uncParts = $uncPath.Split('\')
$serverName = $uncParts[0]
try
{
$localPath = (Get-WmiObject -ComputerName $serverName -Class "Win32_Share" -ErrorAction Stop | Where {$_.Name -eq $uncParts[1]}).Path
}
catch
{
$Context.LogMessage($_.Exception.Message, "Error")
return
}
if ($localPath -eq $NULL)
{
$Context.LogMessage("Network folder with name '" + $uncParts[1] + "' was not found on '$serverName'", "Error")
return
}
# Build path for the user folder
$localPath = $localPath.TrimEnd("\")
if ($uncParts.Length -gt 2)
{
for ($i = 2; $i -le $uncParts.Length -1; $i++)
{
$localPath += "\" + $uncParts[$i]
}
}
# Create shared folder and set premissions for the user
try
{
$shares = [WMICLASS]"\\$serverName\root\cimv2:Win32_Share"
}
catch
{
$Context.LogMessage($_.Exception.Message, "Error")
return
}
# Create Security Descriptor Instance
$sd = ([WMIClass]"Win32_SecurityDescriptor").CreateInstance()
# Set premissions for user
$ACE = ([WMIClass]"Win32_ACE").CreateInstance()
$Trustee = ([WMIClass]"Win32_Trustee").CreateInstance()
$Trustee.Name = "%username%"
$Trustee.Domain = $Null
$ace.AccessMask = $fileSystemAccessRights
$ace.AceFlags = 3
$ace.AceType = $accessControlType
$ACE.Trustee = $Trustee
$sd.DACL += $ACE.psObject.baseobject
# Try share home folder
$result = ($shares.Create($localPath, $shareName, 0, $maximumAllowed, $description, $NULL, $sd)).ReturnValue
return $result
}
if (Test-Path -Path $homeFolderPath)
{
$Context.LogMessage("Folder '$homeFolderPath' already exists", "Error")
return
}
try
{
$userFolder = New-Item -ItemType directory -Path $homeFolderPath -ErrorAction Stop
}
catch
{
$Context.LogMessage($_.Exception.Message, "Error")
return
}
# Set permissions for the shared folder
$homeFolderACL = Get-Acl $homeFolderPath
$acl = New-Object System.Security.AccessControl.FileSystemAccessRule("%username%","Modify","ContainerInherit,ObjectInherit","None","Allow")
$homeFolderACL.AddAccessRule($acl)
Set-Acl -path $homeFolderPath $homeFolderACL
$result = Create-Share $homeFolderPath $fileSystemAccessRights $accessControlType $description $maximumAllowed $shareName
$erroMSG = New-Object "System.ComponentModel.Win32Exception"
switch ($result)
{
0 {$Context.LogMessage("User folder shared successfully", "Information")}
2 {$Context.LogMessage("User folder not shared: Access Denied", "Warning")}
8 {$Context.LogMessage("User folder not shared: Unknown Error", "Warning")}
9 {$Context.LogMessage("User folder not shared: Invalid Share Name", "Warning")}
10 {$Context.LogMessage("User folder not shared: Invalid Level", "Warning")}
21 {$Context.LogMessage("User folder not shared: Invalid Parameter", "Warning")}
22 {$Context.LogMessage("User folder not shared: Duplicate Share", "Warning")}
23 {$Context.LogMessage("User folder not shared: Redirected Path", "Warning")}
24 {$Context.LogMessage("User folder not shared: Unknown Device or Directory", "Warning")}
25 {$Context.LogMessage("User folder not shared: Network Name Not Found", "Warning")}
default {$Context.LogMessage("User folder not shared: Unknown Error", "Warning")}
}