$login = $args[0]; $basehomedirectory = "\\paradis\eleves\"; $homedirectory = $basehomedirectory + $login; $domain = "ENSAE\" $user = $domain + $login ; if(!(Test-Path -Path $homedirectory )){ New-Item -Path $homedirectory -ItemType directory | Out-Null #Define FileSystemAccessRights:identifies what type of access we are defining, whether it is Full Access, Read, Write, Modify $FileSystemAccessRights = [System.Security.AccessControl.FileSystemRights]"FullControl" #define InheritanceFlags:defines how the security propagates to child objects by default #Very important - so that users have ability to create or delete files or folders #in their folders $InheritanceFlags = [System.Security.AccessControl.InheritanceFlags]::"ContainerInherit", "ObjectInherit" #Define PropagationFlags: specifies which access rights are inherited from the parent folder (users folder). $PropagationFlags = [System.Security.AccessControl.PropagationFlags]::None #Define AccessControlType:defines if the rule created below will be an 'allow' or 'Deny' rule $AccessControl =[System.Security.AccessControl.AccessControlType]::Allow #define a new access rule to apply to users folfers $acl1 = New-Object System.Security.AccessControl.FileSystemAccessRule ` ("Admins du domaine", $FileSystemAccessRights, $InheritanceFlags, $PropagationFlags, $AccessControl) $acl2 = New-Object System.Security.AccessControl.FileSystemAccessRule ` ("Système", $FileSystemAccessRights, $InheritanceFlags, $PropagationFlags, $AccessControl) $acl3 = New-Object System.Security.AccessControl.FileSystemAccessRule ` ($login, $FileSystemAccessRights, $InheritanceFlags, $PropagationFlags, $AccessControl) $acl4 = New-Object System.Security.AccessControl.FileSystemAccessRule ` ("administrationannuai", $FileSystemAccessRights, $InheritanceFlags, $PropagationFlags, $AccessControl) #ACL Admins du domaine $rule1 = Get-ACL -path $homedirectory #Add this access rule to the ACL $rule1.SetAccessRule($acl1) #Write the changes to the user folder Set-ACL -path $homedirectory -AclObject $rule1 #ACL Systeme $rule2 = Get-ACL -path $homedirectory #Add this access rule to the ACL $rule2.SetAccessRule($acl2) #Write the changes to the user folder Set-ACL -path $homedirectory -AclObject $rule2 #ACL Utilisateur final $rule3 = Get-ACL -path $homedirectory #Add this access rule to the ACL $rule3.SetAccessRule($acl3) #Write the changes to the user folder Set-ACL -path $homedirectory -AclObject $rule3 #On casse l heritage mais on ne supprime pas les acls heritees $acl = Get-ACL -Path $homedirectory $acl.SetAccessRuleProtection($True, $False) Set-Acl -Path $homedirectory -AclObject $acl #On copie le login sur admanager pour gestion des ACLs plus fine $destination = "\\admanager\monitor$\" $pathdestination = $destination + $login try { New-Item $pathdestination -ItemType file | Out-Null Write-host "0" } Catch { Write-Error "1" } } else { Write-host "1" }