Security Groups are great for managing large groups for permissions. Â A client requested that they needed to have Read-Only, Read-Write, and Ready-Modify (allow for deleting) for all their file shares for better management.
Getting the Share Names
In order for me to create the groups I needed the share names. PowerShell to the rescue!
Type the following on the File Server/ Cluster to list all the shares and capture the output in a text file:
1 |
WmiObject -class Win32_Share -computer <yourfileserver.fqdn) | Out-File c:\scripts\shares.txt |
Output should be similar to:
Cleaning up the Share Names
Now that we have the Share names we need to do a bit of cleanup to avoid having duplicates.
- We need to remove all entries for hidden shares “$”
- We need to remove duplicates
- We need to change the case of the share names to lower case. ( I prefer lowercase but you can decide to do what best fits your needs)
Follow my guide to removing duplicates in a text file using NotePad++
Once the sharenames are clean save it to a text file.
Client Requirement for the Security Groups:
For each file share there are three security groups needed:
- <Sharename>_RO : Read-Only
- <Sharename>_RW : Read & Write
- <Sharename>_RM : Read & Modify
For PowerShell to do this I needed to create a .CSV file with all the security group entries. Now, there are many ways this can be done. I will share what I have been doing.
Open up Microsoft Excel and copy the share on a column to the right (lets say K2)
Now on Cell A2 your value should be =CONCATENATE(K2,"_RW") and drag it down.
It should look something like this:
Do the same for RO & RM. Now you have all the security groups names you need to create.
Create a file called FileShares_Groups.csv using the following format.
Create the file Create Security Groups for File Shares.ps1
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 |
.NOTES File Name: Author: Mohammed Wasay Contact Info: Website:www.mowasay.com Twitter:@wasay Requires: Tested: .PARAMETER None .EXAMPLE .\Create Security Groups for File Shares.ps1 #> #Import Active Directory Module Import-Module ActiveDirectory $csv = Import-Csv -Path "c:\scripts\FileShares_Groups.csv" ForEach ($item In $csv) { $create_group = New-ADGroup -Name $item.GroupName -GroupCategory $item.GroupCategory -groupScope $item.GroupScope -Path $item.OU Write-Host -ForegroundColor Green "Group $($item.GroupName) created!" } |
Copy the two files: FileShares_Groups.csv & Create Security Groups for File Shares.ps1 into a folder called C:\scripts on the Domain Controller.
Run the PowerShell script and see the security groups get created.