►
Description
Dan Greenhaus shows us how his IT department automates fileshare permissions across 250 plus sites through the use of Quest AD cmdlets and PowerShell scripts that act as templates.
Dan is a sysadmin for a large financial institution and relies on the Quest ActiveRoles AD Management PSSnapin, Active Directory module, and NTFSSecurity module to dynamically create groups and apply standardized permissions and ownership for his organization. He demonstrates how he uses the above listed modules with basic PowerShell commands and error checking to automate file permissions.
A
A
little
bit
different:
what's
my
job
involved,
small
structures,
we
are
a
financial
institution,
we
have
like
students
if
you
location
all
which
have
their
own
individual
at
the
store
location.
So
one
thing
I
want
to
cover
to
start
is
women.
We
want
it
as
much
uniform
as
possible,
so
we
make
sure
all
of
our
objects
are
set
up
any,
and
this
is
not
my
work
laptop,
but
just
to
deny
want
to
cover
is
our
over.
Here
you
take
ownership
and
change
permissions.
A
We
try
and
keep
people
a
little
pup
little
tower
as
possible,
because
otherwise
they
very
bad
have
a
getting
some
self
in
trouble,
and
then
we
better
jump
through
hoops
to
get
them
out
of
trouble.
So
we
spend
make
sure
that
we,
not
our
users,
don't
have
access
to
take
ownership
about
folders
or
change
a
permissions
because
they've
a
very
bad
habit
of
locking
us
out
and
get
into
problems.
So
what
we've
done
is
four
over
locations.
A
So
we
have
our
own
old
bridge's
over
here.
The
new
number,
the
new
location
over
full
structure,
is
based
on
also
and
for
each
of
our
branches,
each
location.
We
have
manager
and
an
admin
group
and
another
admin
group
of
old-school
dissolving,
and
we
try
to
give
them
each
year
from
different
rights.
Different
folders,
despite
back
10,
different
folders
in
each
location,
subfolder
and
again,
because
we're
trying
to
improve
consistency,
you
wanna,
make
sure
they're
all
set
the
same
way.
So
if
we
have
a
new
branch,
this
is
just
a
couple
of
private
caches
stay.
A
A
We
will
set
it
up
where
we
don't
want
our
admins
be
handling.
Most
of
this,
we
want
our
level
most
Forstner
to
actually
empower
to
do
a
lot
exchange.
We
actually
had
them
set
up
the
manager
of
a
lot
of
these
groups.
So
if
there
is
a
change,
then
I'm
going
to
need
to
contact
us
our
low
moan
people's
and
just
make
the
case
on
their
own
next.
What
deadlines
for
for
managed
by
say
what?
A
B
B
A
A
B
A
That's
why
especial
for
repetitive
traffic,
this
device-
it
is
five
more
locations.
I
can
do
that
I'm
pretty
instantaneously
of
it,
takes
me
about
20
seconds
per
time,
most
of
point
seconds
away
everything
this
thing
so
live
it
further
down.
So
this
is
all
the
ad
stuff
ad
groups
for
the
managers
admins
and
the
actual
location
themselves,
many
of
our
folders
and
a
folders
pretty
much
the
same
setup.
We
just
pull
the
pass
from
what.
B
A
Setup
district
88
testing,
that's
our
dark
district.
We
have
all
our
tempest
in
there
and
as
well
as
other
paths,
we
pretty
much
just
rate
them
on
fly
based
on
what
sample
sets
change
all
of
our
numbers
and
then
we're
going
to
apply,
make
sure
that
we're
set
at
the
end.
So
again,
should
there
be
an
issue
we
can
ask
the
and
in
theory
nobody
else
can
and
we
try
to
disable
inheritance,
because
at
this
level,
because
we
have
because
we
have
different
rights
in
the
route
to
each
individual
folder,
we
don't
want
everybody.
A
I've
asked
the
cinnamon.
We
try
to
individual
status
and
the
reason
we
set
that
is
further
down,
which
is
a
freelancer,
our
Access
Controller
Sandoval
right.
So
even
over
here
you
sit
here.
We
have
our
with
our
owner,
which
man
has
full
rights.
But
what
gives
you
this
commandment?
That
is,
that
the
quest
stuff?
This
is
the
quest
when
the
8030
tools.
B
A
B
A
B
A
Avoid
it,
but,
and
even
in
when
I
can
always
use
going
to
get
Guinea
sales,
it's
still
just
taking
what
we
have
for
a
pet
isness,
so
we
just
change
our
group
me
from
the
generic
test
to
that's
specific
and
that's
that's
the
big
goal
of
our
repeat
minimize,
our
pickups
and
our.
What
also,
why
is
this
person
attacked
to
certain
things?
In
again,
we
still
have
a
couple
that
out
of
our
security
location,
some
it's
just
had
about.
Why
do
we
not
have
acted
this
anymore
responses?
Well,
you
were
supposed
to
that.
A
We're
still
finding
stuff
and
car
make
repairs,
but
now
that
we
have
all
scripted,
it's
a
lot
easier
to
ensure
standardization
rain
right
or
wrong
at
least
all
set
the
same
way
so,
regardless
of
where
you
go
or
what
you
do,
except
the
same
exact
way.
If
we
do
need
to
make
a
change,
we
will
simply
change
into
everything
and
pray.
We
don't
break.