2024-07-14 20:42:01 +02:00
|
|
|
[CmdletBinding()]
|
|
|
|
param (
|
|
|
|
[string]
|
|
|
|
$ProjectName,
|
|
|
|
[string]
|
|
|
|
$Server
|
|
|
|
)
|
|
|
|
|
|
|
|
. .\Variables.ps1
|
|
|
|
|
|
|
|
$ret=$null
|
|
|
|
$acls=$null
|
|
|
|
$rs=$null
|
|
|
|
|
|
|
|
$projPath=$BaseDirectory+$ProjectName
|
|
|
|
Write-Host $projPath
|
|
|
|
$testFolder = Test-Path -Path $projPath -PathType Container
|
|
|
|
|
|
|
|
if($testFolder){
|
|
|
|
throw "Directory already exists. Not creating Folder or Share"
|
|
|
|
}
|
|
|
|
|
|
|
|
if($PSBoundParameters.ContainsKey("ProjectName")){
|
|
|
|
if($PSBoundParameters.ContainsKey("Server")){
|
|
|
|
$ret = New-ADGroup -Path $Projects -Server $Server -Name $ProjectName -GroupCategory Security -GroupScope Global -PassThru
|
|
|
|
#$ret = Get-ADGroup $ProjectName -SearchBase $Projects -Server $Server
|
|
|
|
$acls = . .\AddProjectACL.ps1 -ProjectName $ProjectName -Server $Server
|
|
|
|
$rs = . .\AddProjectRoles.ps1 -ProjectName $ProjectName -Server $Server
|
|
|
|
#$ret | Add-ADGroupMember -Members $acl,$r
|
|
|
|
$acls | ForEach-Object {add-ADGroupMember -Identity $ret -Members $_ -Server $Server}
|
|
|
|
$rs | ForEach-Object {Add-ADGroupMember -Identity $ret -Members $_ -Server $Server}
|
|
|
|
} else {
|
|
|
|
$ret = New-ADGroup -Path $Projects -Name $ProjectName -GroupCategory Security -GroupScope Global -PassThru
|
|
|
|
#$ret = Get-ADGroup $ProjectName -SearchBase $Projects
|
|
|
|
$acls = . .\AddProjectACL.ps1 -ProjectName $ProjectName
|
|
|
|
$rs = . .\AddProjectRoles.ps1 -ProjectName $ProjectName
|
|
|
|
#$ret | Add-ADGroupMember -Members $acl,$r
|
|
|
|
$acls | ForEach-Object {Add-ADGroupMember -Identity $ret -Members $_}
|
|
|
|
$rs | ForEach-Object {Add-ADGroupMember -Identity $ret -Members $_}
|
|
|
|
}
|
|
|
|
|
|
|
|
if($PSBoundParameters.ContainsKey("Server")){
|
|
|
|
$target = $acls | Where-Object Name -Match ".*-RW"
|
|
|
|
$member = $rs | Where-Object Name -Match ".*-RW"
|
|
|
|
Add-ADGroupMember -Identity $target -Members $member -Server $Server
|
|
|
|
$target = $acls | Where-Object Name -Match ".*-RO"
|
|
|
|
$member = $rs | Where-Object Name -Match ".*-RO"
|
|
|
|
Add-ADGroupMember -Identity $target -Members $member -Server $Server
|
|
|
|
} else {
|
|
|
|
$target = $acls | Where-Object Name -Match ".*-RW"
|
|
|
|
$member = $rs | Where-Object Name -Match ".*-RW"
|
|
|
|
Add-ADGroupMember -Identity $target -Members $member
|
|
|
|
$target = $acls | Where-Object Name -Match ".*-RO"
|
|
|
|
$member = $rs | Where-Object Name -Match ".*-RO"
|
|
|
|
Add-ADGroupMember -Identity $target -Members $member
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
$folder = New-Item -Path $projPath -ItemType Directory
|
|
|
|
|
|
|
|
$ReadTarget = $acls | Where-Object Name -Match ".*-RO"
|
|
|
|
$WriteTarget = $acls | Where-Object Name -Match ".*-RW"
|
|
|
|
Write-Host $ReadTarget.Name
|
|
|
|
Write-Host $WriteTarget.Name
|
|
|
|
|
|
|
|
$FolderACL= Get-Acl -Path $folder
|
2024-07-15 20:51:39 +02:00
|
|
|
$FolderACL.SetAccessRuleProtection($true,$false)
|
2024-07-15 20:55:16 +02:00
|
|
|
Set-Acl -Path $folder.FullName -AclObject $FolderACL
|
2024-07-14 20:42:01 +02:00
|
|
|
|
2024-07-14 23:50:35 +02:00
|
|
|
$rid = $ReadTarget.SID
|
|
|
|
$wid = $WriteTarget.SID
|
2024-07-14 23:34:15 +02:00
|
|
|
$fsrr = "ReadAndExecute"
|
2024-07-15 20:58:58 +02:00
|
|
|
$fsrw = "Modify"
|
2024-07-15 20:36:39 +02:00
|
|
|
$fsrad = "CreateDirectories"
|
|
|
|
$fsraf = "CreateFiles "
|
2024-07-14 20:42:01 +02:00
|
|
|
$type = "Allow"
|
|
|
|
|
2024-07-14 23:50:35 +02:00
|
|
|
|
2024-07-15 21:00:52 +02:00
|
|
|
$fileSystemAccessRuleR = New-Object System.Security.AccessControl.FileSystemAccessRule($rid,$fsrr,$type)
|
|
|
|
$fileSystemAccessRuleW = New-Object System.Security.AccessControl.FileSystemAccessRule($wid,$fsrw,$type)
|
2024-07-15 20:55:16 +02:00
|
|
|
|
|
|
|
$FolderACL= Get-Acl -Path $folder
|
2024-07-14 20:42:01 +02:00
|
|
|
$FolderACL.SetAccessRule($fileSystemAccessRuleR)
|
2024-07-15 20:55:16 +02:00
|
|
|
Set-Acl -Path $folder.FullName -AclObject $FolderACL
|
|
|
|
$FolderACL= Get-Acl -Path $folder
|
2024-07-14 20:42:01 +02:00
|
|
|
$FolderACL.SetAccessRule($fileSystemAccessRuleW)
|
2024-07-15 20:55:16 +02:00
|
|
|
Set-Acl -Path $folder.FullName -AclObject $FolderACL
|
2024-07-14 20:42:01 +02:00
|
|
|
|
|
|
|
return $ret
|
|
|
|
}
|
|
|
|
|
|
|
|
throw "ProjectName parameter needs to be set"
|
|
|
|
|