40 lines
1.7 KiB
PowerShell
40 lines
1.7 KiB
PowerShell
|
function Set-AppTierFolderAndFilePermissions {
|
|||
|
<#
|
|||
|
.SYNOPSIS
|
|||
|
This function sets folder and file permissions on the App Tier for App Tier Services, Hosts File, Log Files, etc
|
|||
|
#>
|
|||
|
|
|||
|
[CmdletBinding()]
|
|||
|
Param()
|
|||
|
$logLead = (Get-LogLeadName);
|
|||
|
|
|||
|
$modifyRight = [System.Security.AccessControl.FileSystemRights]::Modify
|
|||
|
$fullControlRight = [System.Security.AccessControl.FileSystemRights]::FullControl
|
|||
|
|
|||
|
if (!(Test-Path $logsPath)) {
|
|||
|
Write-Output ("$logLead : Could not find log path {0}. Creating it." -f $logsPath)
|
|||
|
[System.IO.Directory]::CreateDirectory($logsPath) | Out-Null
|
|||
|
}
|
|||
|
|
|||
|
Write-Output ("$logLead : Setting Rights Users : Modify" -f $logsPath)
|
|||
|
Grant-RightsToFolderOrFile -account "BUILTIN\Users" -path $logsPath -rights $modifyRight
|
|||
|
|
|||
|
$hostsFile = "C:\Windows\System32\Drivers\etc\hosts"
|
|||
|
Write-Output ("$logLead : Setting Rights Users : Modify" -f $hostsFile)
|
|||
|
Grant-RightsToFolderOrFile -account "BUILTIN\Users" -path $hostsFile -rights $modifyRight
|
|||
|
|
|||
|
$usersToGrantRightsFor = @()
|
|||
|
$usersToGrantRightsFor += "BUILTIN\IIS_IUSRS"
|
|||
|
(Get-AppTierServices) | Where-Object {$_.User -ne "REPLACEME"} | ForEach-Object {$_.User} | Sort-Object | Get-Unique -AsString | ForEach-Object { $usersToGrantRightsFor += $_ }
|
|||
|
|
|||
|
$usersToGrantRightsFor | Sort-Object | Get-Unique | Where-Object {(!([String]::IsNullOrEmpty($_)))} | ForEach-Object {
|
|||
|
|
|||
|
Write-Output ("$logLead : Setting Rights for {1} : Modify" -f $basePath, $_.ToString())
|
|||
|
Grant-RightsToFolderOrFile -account $_ -path $basePath -rights $modifyRight
|
|||
|
}
|
|||
|
|
|||
|
Write-Output ("$logLead : Setting Rights Administrators : FullControl" -f $logsPath)
|
|||
|
Grant-RightsToFolderOrFile -account "BUILTIN\Administrators" -path $basePath -rights $fullControlRight
|
|||
|
}
|
|||
|
|