Creating Security Groups for File Shares in Bulk using PowerShell

Security Groups are great for managing large groups for permissions.  A client requested that they needed to have Read-Only, Read-Write, and Ready-Modify (allow for deleting) for all their file shares for better management.

Getting the Share Names

In order for me to create the groups I needed the share names. PowerShell to the rescue!

Type the following on the File Server/ Cluster to list all the shares and capture the output in a text file:

On your file-server you may have a lot of share but for example purposes I am showing just one.

Output should be similar to:

Cleaning up the Share Names

Now that we have the Share names we need to do a bit of cleanup to avoid having duplicates.

  • We need to remove all entries for hidden shares “$”
  • We need to remove duplicates
  • We need to change the case of the share names to lower case. ( I prefer lowercase but you can decide to do what best fits your needs)

Follow my guide to removing duplicates in a text file using NotePad++

Once the sharenames are clean save it to a text file.

Client Requirement for the Security Groups:

For each file share there are three security groups needed:

  • <Sharename>_RO : Read-Only
  • <Sharename>_RW : Read & Write
  • <Sharename>_RM : Read & Modify

For PowerShell to do this I needed to create a .CSV file with all the security group entries.  Now, there are many ways this can be done. I will share what I have been doing.

Open up Microsoft Excel and copy the share on a column to the right (lets say K2)

Now on Cell A2 your value should be =CONCATENATE(K2,"_RW") and drag it down.

It should look something like this:

Do the same for RO & RM. Now you have all the security groups names you need to create.

Create a file called  FileShares_Groups.csv  using the following format.

Create the file Create Security Groups for File Shares.ps1

Copy the two files: FileShares_Groups.csv & Create Security Groups for File Shares.ps1  into a folder called C:\scripts  on the Domain Controller.

Run the PowerShell script and see the security groups get created.