{"id":3460,"date":"2013-06-06T00:01:00","date_gmt":"2013-06-06T00:01:00","guid":{"rendered":"https:\/\/blogs.technet.microsoft.com\/heyscriptingguy\/2013\/06\/06\/creating-a-home-drive-with-windows-powershell-part-3\/"},"modified":"2013-06-06T00:01:00","modified_gmt":"2013-06-06T00:01:00","slug":"creating-a-home-drive-with-windows-powershell-part-3","status":"publish","type":"post","link":"https:\/\/devblogs.microsoft.com\/scripting\/creating-a-home-drive-with-windows-powershell-part-3\/","title":{"rendered":"Creating a Home Drive with Windows PowerShell: Part 3"},"content":{"rendered":"<p><strong style=\"font-size: 12px\">Summary<\/strong><span style=\"font-size: 12px\">: Microsoft PowerShell MVP, Sean Kearney, concludes his series about creating a home drive with Windows PowerShell.<\/span>\nMicrosoft Scripting Guy, Ed Wilson, is here. If you are a seasoned Hey, Scripting Guy! Blog reader, you know that the most frequent guest blogger is Sean Kearney. If you are new to the blog, I welcome you, and I encourage you to catch up with&nbsp;<a href=\"http:\/\/blogs.technet.com\/b\/heyscriptingguy\/archive\/tags\/sean+kearney\/\" target=\"_blank\">Sean&rsquo;s previous blogs<\/a>.\nSean is a Windows PowerShell MVP and&nbsp;<a href=\"http:\/\/blogs.technet.comhttps:\/\/devblogs.microsoft.com\/scripting\/honorary-scripting-guy-award-recipients-announced\/\" target=\"_blank\">an Honorary Scripting Guy.<\/a>&nbsp;Sean has been selected to present sessions called&nbsp;<a href=\"https:\/\/channel9.msdn.com\/Events\/TechEd\/NorthAmerica\/2013\/MDC-B326#fbid=rHDRO4Syj3v\" target=\"_blank\">Integrating with Microsoft System Center 2012 and Windows PowerShell<\/a>&nbsp;at TechEd NA and TechEd Europe this year. In his free time, Sean has written several blog posts about Hyper-V and some other cool stuff. Sean will be the blogger all week, and today he is writing about home folders.\nBTW, if you are in New Orleans for TechEd this week, be sure to come by the Scripting Guys booth and say hello. The Scripting Wife and I will be there in addition to Chris Duck and <a href=\"http:\/\/blogs.technet.com\/b\/heyscriptingguy\/archive\/tags\/brian+wilhite\/\" target=\"_blank\">Brian Wilhite<\/a>. We also invited <a href=\"http:\/\/www.powershell.org\/\" target=\"_blank\">www.powershell.org<\/a> to share the booth with us, so come by say hello to Don Jones, Jason Helmick, and Mike Robbins. I am also sure Sean will be hanging out at the booth.\nBefore you read this blog post, check out the earlier parts:<\/p>\n<ul>\n<li><a href=\"http:\/\/blogs.technet.com\/b\/heyscriptingguy\/archive\/2013\/06\/04\/creating-a-home-drive-with-windows-powershell-part-1.aspx\" target=\"_blank\">Creating a Home Drive with Windows PowerShell: Part 1<\/a><\/li>\n<li><a href=\"http:\/\/blogs.technet.com\/b\/heyscriptingguy\/archive\/2013\/06\/05\/creating-a-home-drive-with-windows-powershell-part-2.aspx\" target=\"_blank\">Creating a Home Drive with Windows PowerShell: Part 2<\/a><\/li>\n<\/ul>\n<p>With the access rule created, we need only add it in to our list of rules for the users&rsquo; home drive. Remember, because of how we defined the permissions on the root of the home folder structure, the only accounts that will be inherited for permissions will be Domain Admins and local Administrators.\nTo add the rule, we perform the following four steps:<\/p>\n<ul>\n<li>Get the current access control list from the folder in question by using <strong>Get-ACL<\/strong>.<\/li>\n<li>Build a new access rule for our user.<\/li>\n<li>Run the <strong>AddAccessRule<\/strong> method against the current ACL object.<\/li>\n<li>Store the new access control list on the folder with <strong>Set-ACL<\/strong>.<\/li>\n<\/ul>\n<p>As simple as it sounds, use <strong>Get-ACL<\/strong> on the new user home folder to store the object into a Windows Powershell variable for editing and reuse:<strong><\/strong><\/p>\n<p style=\"padding-left: 30px\">$HomeFolderACL=GET-ACL \\CONTOSO-FPSUsers$JohnnyTest\nNext build the access rule. In our case, this is for JohnnyTest in the CONTOSO domain:<\/p>\n<p style=\"padding-left: 30px\">$IdentityReference=&rsquo;CONTOSOJohnnyTest&rsquo;<\/p>\n<p style=\"padding-left: 30px\">$FileSystemAccessRights=[System.Security.AccessControl.FileSystemRights]&rdquo;FullControl&rdquo;<\/p>\n<p style=\"padding-left: 30px\">$InheritanceFlags=[System.Security.AccessControl.InheritanceFlags]&rdquo;ContainerInherit, ObjectInherit&rdquo;<\/p>\n<p style=\"padding-left: 30px\">$PropagationFlags=[System.Security.AccessControl.PropagationFlags]&rdquo;None&rdquo;<\/p>\n<p style=\"padding-left: 30px\">$AccessControl=[System.Security.AccessControl.AccessControlType]&rdquo;Allow&rdquo;<\/p>\n<p style=\"padding-left: 30px\">$AccessRule=NEW-OBJECT [System.Security.AccessControl.FileSystemAccessRule]($IdentityReference,$FileSystemAccessRights,$InheritanceFlags,$PropogationFlags,$AccessControl)\nNow add the rule to the access list that is presently stored in $HomeFolderACL:<\/p>\n<p style=\"padding-left: 30px\">$HomeFolderACL.AddAccessRule($AccessRule)\nThen store the new access rule on the folder with Set-ACL:<\/p>\n<p style=\"padding-left: 30px\">SET-ACL &ndash;path \\CONTOSO-FPSUsers$JohnnyTest -AclObject $HomeFolderACL\nAt this point, we&rsquo;ll take these new changes and build a small script in Windows Powershell to properly do all the work for us&mdash;right down to creating the folder on the remote server. New-Homedrive.ps1 will look like this:\n<strong>New-Homedrive.ps1<\/strong>\n&nbsp;<\/p>\n<p style=\"padding-left: 30px\">PARAM(<\/p>\n<p style=\"padding-left: 30px\"><span style=\"font-size: 12px\">$Alias<\/span><\/p>\n<p style=\"padding-left: 30px\">)<\/p>\n<p style=\"padding-left: 30px\">&nbsp;<\/p>\n<p style=\"padding-left: 30px\"><span style=\"font-size: 12px\"># Assign the Drive letter and Home Drive for<\/span><\/p>\n<p style=\"padding-left: 30px\"># the user in Active Directory<\/p>\n<p style=\"padding-left: 30px\">&nbsp;<\/p>\n<p style=\"padding-left: 30px\">$HomeDrive=&rsquo;Z:&rsquo;<\/p>\n<p style=\"padding-left: 30px\">$UserRoot=&rsquo;\\CONTOSO-FPSUsers$&rsquo;<\/p>\n<p style=\"padding-left: 30px\">$HomeDirectory=$UserRoot+$AccountName<span style=\"font-size: 12px\">&nbsp;<\/span><\/p>\n<p style=\"padding-left: 30px\">SET-ADUSER $Alias &ndash;HomeDrive $HomeDrive &ndash;HomeDirectory $HomeDirectory<span style=\"font-size: 12px\">&nbsp;<\/span><\/p>\n<p style=\"padding-left: 30px\">&nbsp;<\/p>\n<p style=\"padding-left: 30px\"># Create the folder on the root of the common Users Share<\/p>\n<p style=\"padding-left: 30px\">&nbsp;<\/p>\n<p style=\"padding-left: 30px\">NEW-ITEM &ndash;path $HomeDirectory -type directory -force<span style=\"font-size: 12px\">&nbsp;<\/span><\/p>\n<p style=\"padding-left: 30px\">$Domain=&rsquo;CONTOSO&rsquo;<\/p>\n<p style=\"padding-left: 30px\">$IdentityReference=$Domain+&rsquo;&rsquo;+$Accountname<\/p>\n<p style=\"padding-left: 30px\">&nbsp;<\/p>\n<p style=\"padding-left: 30px\"># Set parameters for Access rule<\/p>\n<p style=\"padding-left: 30px\">&nbsp;<\/p>\n<p style=\"padding-left: 30px\">$FileSystemAccessRights=[System.Security.AccessControl.FileSystemRights]&rdquo;FullControl&rdquo;<\/p>\n<p style=\"padding-left: 30px\"><span style=\"font-size: 12px\">$InheritanceFlags=[System.Security.AccessControl.InheritanceFlags]&rdquo;ContainerInherit, ObjectInherit&rdquo;<\/span><\/p>\n<p style=\"padding-left: 30px\"><span style=\"font-size: 12px\">$PropagationFlags=[System.Security.AccessControl.PropagationFlags]&rdquo;None&rdquo;<\/span><\/p>\n<p style=\"padding-left: 30px\"><span style=\"font-size: 12px\">$AccessControl=[System.Security.AccessControl.AccessControlType]&rdquo;Allow&rdquo;<\/span><\/p>\n<p style=\"padding-left: 30px\">&nbsp;<\/p>\n<p style=\"padding-left: 30px\"># Build Access Rule from parameters<\/p>\n<p style=\"padding-left: 30px\">&nbsp;<\/p>\n<p style=\"padding-left: 30px\">$AccessRule=NEW-OBJECT [System.Security.AccessControl.FileSystemAccessRule]($IdentityReference,$FileSystemAccessRights,$InheritanceFlags,$PropogationFlags,$AccessControl)<\/p>\n<p style=\"padding-left: 30px\">&nbsp;<\/p>\n<p style=\"padding-left: 30px\"># Get current Access Rule from Home Folder for User<\/p>\n<p style=\"padding-left: 30px\">&nbsp;<\/p>\n<p style=\"padding-left: 30px\">$HomeFolderACL.AddAccessRule($AccessRule)<\/p>\n<p style=\"padding-left: 30px\">SET-ACL &ndash;path $HomeDirectory -AclObject $HomeFolderACL\nNow, I could have said, &ldquo;Here&rsquo;s a script to do this.&rdquo; But I think knowing some of the deeper pieces of the process should help you understand how to manipulate the data for <strong>Set-ACL<\/strong>.\nAt the end of it all? Take this script, use it, be more efficient and consistent, and get yourself home a lot earlier. That&rsquo;s where it all really matters.\n~Sean\nThank you, Sean, for a great series.\nJoin us tomorrow as Sean continues his Friday Hyper-V series.\nI invite you to follow me on <a href=\"http:\/\/bit.ly\/scriptingguystwitter\" target=\"_blank\">Twitter<\/a> and <a href=\"http:\/\/bit.ly\/scriptingguysfacebook\" target=\"_blank\">Facebook<\/a>. If you have any questions, send email to me at <a href=\"http:\/\/blogs.technet.commailto:scripter@microsoft.com\" target=\"_blank\">scripter@microsoft.com<\/a>, or post your questions on the <a href=\"http:\/\/bit.ly\/scriptingforum\" target=\"_blank\">Official Scripting Guys Forum<\/a>. See you tomorrow. Until then, peace.\n<strong>Ed Wilson, Microsoft Scripting Guy<\/strong><span style=\"font-size: 12px\">&nbsp;<\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Summary: Microsoft PowerShell MVP, Sean Kearney, concludes his series about creating a home drive with Windows PowerShell. Microsoft Scripting Guy, Ed Wilson, is here. If you are a seasoned Hey, Scripting Guy! Blog reader, you know that the most frequent guest blogger is Sean Kearney. If you are new to the blog, I welcome you, [&hellip;]<\/p>\n","protected":false},"author":596,"featured_media":87096,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1],"tags":[16,56,3,154,45],"class_list":["post-3460","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-scripting","tag-desktop-management","tag-guest-blogger","tag-scripting-guy","tag-sean-kearney","tag-windows-powershell"],"acf":[],"blog_post_summary":"<p>Summary: Microsoft PowerShell MVP, Sean Kearney, concludes his series about creating a home drive with Windows PowerShell. Microsoft Scripting Guy, Ed Wilson, is here. If you are a seasoned Hey, Scripting Guy! Blog reader, you know that the most frequent guest blogger is Sean Kearney. If you are new to the blog, I welcome you, [&hellip;]<\/p>\n","_links":{"self":[{"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/posts\/3460","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/users\/596"}],"replies":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/comments?post=3460"}],"version-history":[{"count":0,"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/posts\/3460\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/media\/87096"}],"wp:attachment":[{"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/media?parent=3460"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/categories?post=3460"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/tags?post=3460"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}