Home folders created in powershell won't work: Access Denied

0
votes

I'm having some trouble creating home folders with powershell, I create the folder 

New-Item -Path "C:\Homes\" -name $username -ItemType Directory

Then I copy the ACL and disable the inheritance and add the new permissions

$Rights = [System.Security.AccessControl.FileSystemRights]"FullControl"

$Inheritance = [System.Security.AccessControl.InheritanceFlags]::"ContainerInherit", "ObjectInherit"  

$Propagation = [System.Security.AccessControl.PropagationFlags]::None

$AC =[System.Security.AccessControl.AccessControlType]::Allow

$NewACL = New-Object System.Security.AccessControl.FileSystemAccessRule ($username, $Rights, $Inheritance, $Propagation, $AC)

$ACL = Get-Acl -Path "C:\Homes\$username"
$ACL.SetAccessRuleProtection($True, $False)

$ACL.SetAccessRule($NewACL)

$NewACL = New-Object System.Security.AccessControl.FileSystemAccessRule ("SYSTEM", $Rights, $Inheritance, $Propagation, $AC)
$ACL.SetAccessRule($NewACL)

$NewACL = New-Object System.Security.AccessControl.FileSystemAccessRule ("Administrators", $Rights, $Inheritance, $Propagation, $AC)
$ACL.SetAccessRule($NewACL)

Set-Acl -Path "C:\Homes\$username" -AclObject $ACL

Finally I mount the folders as H: and set it as home dir

Set-ADUser -Identity $username -Replace @{HomeDirectory=$homeDir}
Set-ADUser -Identity $username -Replace @{HomeDrive=$homeDrive}

When I login to a user and try to add a file/folder I recieve permission denied. The Root Folder (C:\Homes) is shared and has configured permissions

1
windowspowershellactive-directory

1 Answers

0
votes

@Louis J. Are you sure permissions have been set properly? I mean you should try to get ACL of the created folder using command like :

(Get-Acl H:...).Access

Then check user's rights over this directory.

By the way, do you execute your script with elevated rights?