ycku · August 24, 2020 09:48
diff --git a/fix-permissions.ps1 b/fix-permissions.ps1
 $target_dir = "d:\temp"
 # WHERE for safe test
 # Process the whole directories by removing WHERE clause
 $target_list = Get-ChildItem $target_dir | WHERE { $_.name -eq "00123456" }

 foreach ($userdir in $target_list) {
 	$userdir.Fullname
 	$ACL = Get-ACL $userdir.Fullname
 	# Disable inheritance
 	$ACL.SetAccessRuleProtection($True, $False)
 	# Remove all permissions
 	foreach ($access in $ACL.access) {
 			$ACL.RemoveAccessRule($access) | Out-Null
 	}
  # Right owner is the same name as the name of userdir
 	$Owner = New-Object System.Security.Principal.NTAccount("DOMAINXX", $userdir.name)
 	$ACL.SetOwner($Owner)
 	
  # Set "Administrators" for FullControl
 	$fileSystemAccessRuleArgumentList = "Administrators", "FullControl", "Allow"
 	$fileSystemAccessRule = New-Object -TypeName System.Security.AccessControl.FileSystemAccessRule -ArgumentList $fileSystemAccessRuleArgumentList
 	$ACL.SetAccessRule($fileSystemAccessRule)

  # Set "SYSTEM" for FullControl
 	$fileSystemAccessRuleArgumentList = "SYSTEM", "FullControl", "Allow"
 	$fileSystemAccessRule = New-Object -TypeName System.Security.AccessControl.FileSystemAccessRule -ArgumentList $fileSystemAccessRuleArgumentList
 	$ACL.SetAccessRule($fileSystemAccessRule)

  # Set the target domain user for FullControl 
 	$fileSystemAccessRuleArgumentList = ("DOMAINXX\"+$userdir.name), "FullControl", "Allow"
 	$fileSystemAccessRule = New-Object -TypeName System.Security.AccessControl.FileSystemAccessRule -ArgumentList $fileSystemAccessRuleArgumentList
 	$ACL.SetAccessRule($fileSystemAccessRule)
 	
  # Set ACL to the user's directory
 	Set-Acl -Path $userdir.Fullname -AclObject $ACL
  # Set ACL the the sub-directories recursively
 	Get-ChildItem -Path $userdir.Fullname -Recurse -Force | Set-Acl -AclObject $ACL | Out-Null
 }
	$target_dir = "d:\temp"
	# WHERE for safe test
	# Process the whole directories by removing WHERE clause
	$target_list = Get-ChildItem $target_dir \| WHERE { $_.name -eq "00123456" }

	foreach ($userdir in $target_list) {
	$userdir.Fullname
	$ACL = Get-ACL $userdir.Fullname
	# Disable inheritance
	$ACL.SetAccessRuleProtection($True, $False)
	# Remove all permissions
	foreach ($access in $ACL.access) {
	$ACL.RemoveAccessRule($access) \| Out-Null
	}
	# Right owner is the same name as the name of userdir
	$Owner = New-Object System.Security.Principal.NTAccount("DOMAINXX", $userdir.name)
	$ACL.SetOwner($Owner)

	# Set "Administrators" for FullControl
	$fileSystemAccessRuleArgumentList = "Administrators", "FullControl", "Allow"
	$fileSystemAccessRule = New-Object -TypeName System.Security.AccessControl.FileSystemAccessRule -ArgumentList $fileSystemAccessRuleArgumentList
	$ACL.SetAccessRule($fileSystemAccessRule)

	# Set "SYSTEM" for FullControl
	$fileSystemAccessRuleArgumentList = "SYSTEM", "FullControl", "Allow"
	$fileSystemAccessRule = New-Object -TypeName System.Security.AccessControl.FileSystemAccessRule -ArgumentList $fileSystemAccessRuleArgumentList
	$ACL.SetAccessRule($fileSystemAccessRule)

	# Set the target domain user for FullControl
	$fileSystemAccessRuleArgumentList = ("DOMAINXX\"+$userdir.name), "FullControl", "Allow"
	$fileSystemAccessRule = New-Object -TypeName System.Security.AccessControl.FileSystemAccessRule -ArgumentList $fileSystemAccessRuleArgumentList
	$ACL.SetAccessRule($fileSystemAccessRule)

	# Set ACL to the user's directory
	Set-Acl -Path $userdir.Fullname -AclObject $ACL
	# Set ACL the the sub-directories recursively
	Get-ChildItem -Path $userdir.Fullname -Recurse -Force \| Set-Acl -AclObject $ACL \| Out-Null
	}