forked from DSIT/documentation-dsit
85 lines
3.0 KiB
PowerShell
85 lines
3.0 KiB
PowerShell
|
$login = $args[0];
|
|||
|
|
$basehomedirectory = "\\paradis\eleves\";
|
|||
|
|
$homedirectory = $basehomedirectory + $login;
|
|||
|
|
$domain = "ENSAE\"
|
|||
|
|
$user = $domain + $login ;
|
|||
|
|
|
|||
|
|
if(!(Test-Path -Path $homedirectory )){
|
|||
|
|
|
|||
|
|
New-Item -Path $homedirectory -ItemType directory | Out-Null
|
|||
|
|
|
|||
|
|
#Define FileSystemAccessRights:identifies what type of access we are defining, whether it is Full Access, Read, Write, Modify
|
|||
|
|
$FileSystemAccessRights = [System.Security.AccessControl.FileSystemRights]"FullControl"
|
|||
|
|
|
|||
|
|
#define InheritanceFlags:defines how the security propagates to child objects by default
|
|||
|
|
#Very important - so that users have ability to create or delete files or folders
|
|||
|
|
#in their folders
|
|||
|
|
|
|||
|
|
$InheritanceFlags = [System.Security.AccessControl.InheritanceFlags]::"ContainerInherit", "ObjectInherit"
|
|||
|
|
|
|||
|
|
#Define PropagationFlags: specifies which access rights are inherited from the parent folder (users folder).
|
|||
|
|
|
|||
|
|
$PropagationFlags = [System.Security.AccessControl.PropagationFlags]::None
|
|||
|
|
|
|||
|
|
#Define AccessControlType:defines if the rule created below will be an 'allow' or 'Deny' rule
|
|||
|
|
|
|||
|
|
$AccessControl =[System.Security.AccessControl.AccessControlType]::Allow
|
|||
|
|
#define a new access rule to apply to users folfers
|
|||
|
|
|
|||
|
|
$acl1 = New-Object System.Security.AccessControl.FileSystemAccessRule `
|
|||
|
|
("Admins du domaine", $FileSystemAccessRights, $InheritanceFlags, $PropagationFlags, $AccessControl)
|
|||
|
|
|
|||
|
|
$acl2 = New-Object System.Security.AccessControl.FileSystemAccessRule `
|
|||
|
|
("Système", $FileSystemAccessRights, $InheritanceFlags, $PropagationFlags, $AccessControl)
|
|||
|
|
|
|||
|
|
$acl3 = New-Object System.Security.AccessControl.FileSystemAccessRule `
|
|||
|
|
($login, $FileSystemAccessRights, $InheritanceFlags, $PropagationFlags, $AccessControl)
|
|||
|
|
|
|||
|
|
$acl4 = New-Object System.Security.AccessControl.FileSystemAccessRule `
|
|||
|
|
("administrationannuai", $FileSystemAccessRights, $InheritanceFlags, $PropagationFlags, $AccessControl)
|
|||
|
|
|
|||
|
|
#ACL Admins du domaine
|
|||
|
|
$rule1 = Get-ACL -path $homedirectory
|
|||
|
|
#Add this access rule to the ACL
|
|||
|
|
$rule1.SetAccessRule($acl1)
|
|||
|
|
#Write the changes to the user folder
|
|||
|
|
Set-ACL -path $homedirectory -AclObject $rule1
|
|||
|
|
|
|||
|
|
#ACL Systeme
|
|||
|
|
$rule2 = Get-ACL -path $homedirectory
|
|||
|
|
#Add this access rule to the ACL
|
|||
|
|
$rule2.SetAccessRule($acl2)
|
|||
|
|
#Write the changes to the user folder
|
|||
|
|
Set-ACL -path $homedirectory -AclObject $rule2
|
|||
|
|
|
|||
|
|
#ACL Utilisateur final
|
|||
|
|
$rule3 = Get-ACL -path $homedirectory
|
|||
|
|
#Add this access rule to the ACL
|
|||
|
|
$rule3.SetAccessRule($acl3)
|
|||
|
|
#Write the changes to the user folder
|
|||
|
|
Set-ACL -path $homedirectory -AclObject $rule3
|
|||
|
|
|
|||
|
|
#On casse l heritage mais on ne supprime pas les acls heritees
|
|||
|
|
$acl = Get-ACL -Path $homedirectory
|
|||
|
|
$acl.SetAccessRuleProtection($True, $False)
|
|||
|
|
Set-Acl -Path $homedirectory -AclObject $acl
|
|||
|
|
|
|||
|
|
#On copie le login sur admanager pour gestion des ACLs plus fine
|
|||
|
|
$destination = "\\admanager\monitor$\"
|
|||
|
|
$pathdestination = $destination + $login
|
|||
|
|
|
|||
|
|
try
|
|||
|
|
{
|
|||
|
|
New-Item $pathdestination -ItemType file | Out-Null
|
|||
|
|
Write-host "0"
|
|||
|
|
}
|
|||
|
|
|
|||
|
|
Catch {
|
|||
|
|
|
|||
|
|
Write-Error "1"
|
|||
|
|
}
|
|||
|
|
}
|
|||
|
|
else
|
|||
|
|
{
|
|||
|
|
Write-host "1"
|
|||
|
|
}
|