Event-Triggered PowerShell reset file permissions

Problem

Recently, the company moved the file server to a cloud service provider, Nasuni. The platform's initial use of feedback can also, performance Ah, automatic backup and so on are also good, but in the last two weeks, there has been a bug, when the OSX user creates a new folder, he will occasionally automatically create new permissions, causing users to not access the contents of the folder.

For example, a newly created folder inherits the permissions that are automatically tampered with and is automatically added with the special limit

OS X system and SMB compatibility estimation is a reason, the platform's own design estimation is also a problem. But whatever the culprit is, it is not a short-term solution, so the beans must be given a temporary solution.

Solution Solutions

Discussed with colleagues, you can reset the permissions of the new folder through a script. In short, this requires real-time monitoring of the entire file system (or a folder), and once a new folder or file is created below, the permissions for that file or folder are reset.

How is this thing to be achieved? We can consider the event-based PowerShell script. Event-based scripting, unlike traditional process-based approaches, can be understood as a traditional way of writing, and we need to tell the system to do things, and the event-based approach is that the event occurs, and he triggers a callback function to execute a behavior.

This event-based approach mainly involves 3 concepts subscriptions (subscriptions), registrations (registration), and actions (behaviors). We can subscribe to an event and get notified when he happens, and this event needs to be registered in the specified source identifier (sources identifier), and then for each event, when he happens, we can bind a behavior.

For example, first create a file system operation object

$fw=New-Object IO.FileSystemwatcher

Notice the events, methods, and properties of the object he has.

We can manually specify the events and properties we intend to observe

Like what

$fw.Filter=‘*‘

Or a more straightforward approach is to specify all when created

$folder = ‘c:\temp‘  $filter = ‘*.*‘  

The above-mentioned attributes are more important than the following:

• Filter: Specify which types of files or folders to focus on

• IncludeSubdirectories: Whether to recursively query all subfolders

• NotifyFilter: Specifies which types of attributes to focus on, including the following

Then we can register the event and specify the corresponding behavior.

Register-ObjectEvent -inputObject  $fsw -EventName created -SourceIdentifier FileCreated -Action {     ...        

When we register an event, he creates a background job by default, and when the job captures the first result, he executes the corresponding behavior.

Test scripts

The following is a demo script

# Specify Directory $folder = ' C:\Temp ' # wildcard, indicating that all item needs attention. $filter = ' *. * ' #初始化对象, specify properties, paths, etc. $fsw = New-object IO. FileSystemWatcher $folder, $filter-property @{includesubdirectories = $true; NotifyFilter = [IO. Notifyfilters] ' directoryname,filename, Lastwrite '} # cancels an existing registration Unregister-event filecreated # Register event, Binding behavior Register-objectevent-inputobject $FSW-eventname created-sourceidentifier filecreated-action {$Event | ou  T-host $name = $Event. Sourceeventargs.name $folderpath = $Event. Sourceeventargs.fullpath $changeType = $Event. Sourceeventargs.changetype $actionby = (Get-item $folderpath). GetAccessControl ().  Owner $timeStamp = $Event. timegenerated write-host "The file ' $folderpath ' was $changeType at $timeStamp by $actionby "-fore Green write-host" resetting Permission "Icacls $folderpath. ToString ()/reset/t write-host "Finish resetting" Out-file-filepath C:\Utils\filechange-outlog.txt-Appen D-inputobject "The file' $folderpath ' was $changeType in $timeStamp by $actionby "}  

You can see him create a job in the background, the current state is not executed, once he captures the first result, the state becomes running

When I create a new file, he detects it and then automatically executes the corresponding script action, as shown below

Disadvantages of this method:
Background job if executed too long, sometimes will not work or consume too much memory?! This time it may be necessary to manually intervene to restart the program.

Event-Triggered PowerShell reset file permissions