In: Computer Science
Windows PowerShell
Log in as Tawny Madison and create a directory called c:\users\tmadison\research and within it, another directory called departmental meeting minutes. Set the permissions on the departmental meeting minutes directory so that the user tmadison can read and modify it, any other members of the research group can only read it, and no one else can do anything with it. (If someone is listed as belonging to both the research group and another group, they should still be allowed to read it.)
This is what I have so far:
1) New-Item -Path “c:\users\tmadison\research\departmental meeting minutes” -ItemType “directory”
2) Icacls “c:\users\tmadison\research\departmental meeting minutes” /grant “user”:r
I used New-Item to create the directory but I'm having trouble setting up permissions for the directory "departmental meeting minutes".
These are the permissions I need to set up using PowerShell.
"tmadison" Owner = Read & Modify
"research" Group = Read Only
Everyone else = Cannot do anything with it
$folderPath = "c:\users\tmadison\research\departmental meeting
minutes"
$readOnly =
[System.Security.AccessControl.FileSystemRights]"ReadAndExecute"
$readWrite =
[System.Security.AccessControl.FileSystemRights]"Modify"
# Inheritance
$inheritanceFlag =
[System.Security.AccessControl.InheritanceFlags]"ContainerInherit,
ObjectInherit"
# Propagation
$propagationFlag =
[System.Security.AccessControl.PropagationFlags]::None
$type =
[System.Security.AccessControl.AccessControlType]::Allow
$objACL = Get-ACL $folderPath
#Set access for everyone to deny
icacls $folderPath /inheritance:r /deny "*S-1-1-0:(OI)(CI)(F)"
"*S-1-5-7:(OI)(CI)(F)"
$accessControlEntryRW = New-Object
System.Security.AccessControl.FileSystemAccessRule
@("domain\tmadison", $readWrite, $inheritanceFlag,
$propagationFlag, $type)
$accessControlEntryR = New-Object
System.Security.AccessControl.FileSystemAccessRule
@("domain\research", $readOnly, $inheritanceFlag, $propagationFlag,
$type)
#set rules for user and group
$objACL.AddAccessRule($accessControlEntryRW)
$objACL.AddAccessRule($accessControlEntryR)
Set-ACL $folderPath $objACL