#Used to create multiple individual folders on a shared drive

#Restricts rights to those approved through the $accessCSV (name[account name],access[level of access],type[allow/deny])

#Creates folder for all users in $importfile (displayName,samaccountname)

#Will disable inheritance and remove inherited rights from folder, while applying restrictions based on $accessCSV

#Children of new folder will have rights propagate correctly, while not having the root share's permissions inherit

Param (

[ string ] $username ,

[ string ] $importfile ,

[ string ] $accessCSV ,

[ string ] $folderroot ,

[ string ] $domain

)

#import user list

$folderList = Import-Csv -Path $importfile

#import ACLs

$accessList = Import-Csv -Path $accessCSV

#start folder creation loop

$folderList |

% {

#pull user display name

$folderName = $_ .name

#sets samaccountname for ACL addition

$accountName = $domain + "\" + $_ .samaccountname

#creates folder path

$folderPath = $folderroot + "\" + $folderName

#test if folder exists

$exist = Test-Path -Path $folderPath

#create folder loop

if ( $exist -ne $true )

{

#create folder

New-Item -ItemType "directory" -Path $folderPath

#get current ACL

$acl = Get-Acl $folderPath

#sets inheritance to allow ACL to propigate to children of new folder

$inheritanceFlags = "ContainerInherit, ObjectInherit"

$propagationFlags = "none"

$folderAccess = "Allow"

#populates ACL based on CSV with accounts (administration, administors etc)

$accessList |

% {

$user = $_ .name

$access = $_ .access

$type = $_ . type

#creates ACL rule

$allowAccess = New-Object System.Security.AccessControl.FileSystemAccessRule ( $user , $access , $inheritanceFlags , $propagationFlags , $type )

#applies ACL rule

$acl .SetAccessRule ( $allowAccess )

#saves ACL rule

Set-Acl -Path $folderPath -AclObject $acl

}

#creates ACL for myself *MAY NOT NEED*

$allowAccess = New-Object System.Security.AccessControl.FileSystemAccessRule ( $username , "FullControl" , $inheritanceFlags , $propagationFlags , "Allow" )

#applies ACL rule

$acl .SetAccessRule ( $allowAccess )

#saves new ACL

Set-Acl -Path $folderPath -AclObject $acl

#creates ACL for user

$allowAccess = New-Object System.Security.AccessControl.FileSystemAccessRule ( $accountName , "FullControl" , $inheritanceFlags , $propagationFlags , $folderAccess )

#applies ACL rule

$acl .SetAccessRule ( $allowAccess )

#saves ACL rule

Set-Acl -Path $folderPath -AclObject $acl

#disables inheritance and removes inherited rights

$acl .SetAccessRuleProtection ( 1 , 0 )

#saves inheritance rule

Set-Acl -Path $folderPath -AclObject $acl

If ( $exist -eq $true )

{

Write-Host "Folder already exists for $folderName"

}