Set-GPOPermission.ps1

Jan
24
2013

# Set-GPOPermission.ps1
Param($GPOName,
$User,
$Permission,
[switch]$replace,
[switch]$All,
[switch]$verbose)

if($verbose){$verbosepreference = “continue”}
else{$erroractionpreference = “SilentlyContinue”}

if(!($GPOName -or $All))
{
Write-Host “Please supply GPOName or -All to Set Permissions”
return
}
. “$pwd\Set-GPEnvironment.ps1″

switch ($Permission)
{
“Read”  {$Perm = $gpmConstants.permGPORead}
“Apply” {$Perm = $gpmConstants.permGPOApply}
“Edit”  {$Perm = $gpmConstants.permGPOEdit}
“FC”    {$Perm = $gpmConstants.permGPOEditSecurityAndDelete}
“None”  {$Perm = 0}
Default {Write-Host
‘$Permission should be Read,Apply,Edit,FC, or None’
return
}
}

if($perm)
{
$GPMPermission = $GPM.CreatePermission($User,$Perm,$false)
}

Write-Host ” – Getting GPOs”
$GPOs = $gpmDomain.SearchGPOs($gpm.CreateSearchCriteria())

if($GPOName)
{
$GPOs = $GPOs | Where{$_.DisplayName -like $GPOName}
}

foreach($gpo in $GPOs)
{
Write-Host ” + Processing $($Gpo.DisplayName)”
$secInfo = $GPO.GetSecurityInfo()
if($replace -or ($perm -eq 0))
{
Write-Host “   – Removing $User Permissions”
$secInfo.RemoveTrustee($User)
}
if($perm -ne 0)
{
Write-Host “   – Adding Permissions [$Permission]”
$secInfo.Add($GPMPermission)
}
Write-Host “   – Setting info on $($Gpo.DisplayName)”
$GPO.SetSecurityInfo($secInfo)
}

Copyright © GPanswers.com. All rights reserved. GPanswers.com is a service of PolicyPak Software