<#====================================================================

Copyright © 2015, September. Michael Pomfret

Creates the Machine Translation Service

The following updates the administrators file permissions.

====================================================================#>

Write-Host “”

Write-Host “==============================================================================”

Write-Host “SharePoint 2013 – Updating file permissions for the local Administors group…”

Write-Host “==============================================================================”

Write-Host “”

$ProgramFiles = ${env:ProgramFiles}

$CommonProgramFiles = ${env:COMMONPROGRAMFILES}

$Windir = ${env:windir}

$Systemdrive = ${env:systemdrive}

$AllUsersProfile = ${env:AllUsersProfile}

#%AllUsersProfile%\ Microsoft\SharePoint

#Full control No

#This directory contains the file-system-backed cache of the farm configuration. Processes might fail to start and administrative actions might fail if this directory is altered or deleted.

$FolderPath = $AllUsersProfile + “\Microsoft\SharePoint”

#Get NTFS permissiongs

$Acl = Get-Acl $FolderPath

#Disable inheritance and clear permissions

$Acl.SetAccessRuleProtection($True, $False)

$Acl = (Get-Item $FolderPath).GetAccessControl(‘Access’)

$rule = New-Object System.Security.AccessControl.FileSystemAccessRule(“Administrators”, ‘FullControl’,’ContainerInherit,ObjectInherit’, ‘None’, ‘Allow’)

$Acl.SetAccessRule($rule)

Set-Acl -path $FolderPath -AclObject $Acl

#C:\Inetpub\wwwroot\wss

#Full Control No

#This directory (or the corresponding directory under the Inetpub root on the server) is used as the default location for IIS Web sites. SharePoint sites will be unavailable and administrative actions might fail if this directory is altered or deleted, unless custom IIS web site paths are provided for all IIS web sites that are extended with SharePoint 2013.

$FolderPath = “C:\Inetpub\wwwroot\wss”

#Get NTFS permissiongs

$Acl = Get-Acl $FolderPath

#Disable inheritance and clear permissions

$Acl.SetAccessRuleProtection($True, $False)

$Acl = (Get-Item $FolderPath).GetAccessControl(‘Access’)

$rule = New-Object System.Security.AccessControl.FileSystemAccessRule(“Administrators”, ‘FullControl’,’ContainerInherit,ObjectInherit’, ‘None’, ‘Allow’)

$Acl.SetAccessRule($rule)

Set-Acl -path $FolderPath -AclObject $Acl

#%COMMONPROGRAMFILES%\Microsoft Shared\Web Server Extensions\15\ADMISAPI

#Full control Yes

#This directory contains the SOAP services for Central Administration. If this directory is altered, remote site creation and other methods exposed in the service will not function correctly.

$FolderPath = $CommonProgramFiles + “\microsoft shared\Web Server Extensions\15\ADMISAPI”

#Get NTFS permissiongs

$Acl = Get-Acl $FolderPath

#Disable inheritance and clear permissions

$Acl.SetAccessRuleProtection($True, $False)

$Acl = (Get-Item $FolderPath).GetAccessControl(‘Access’)

$rule = New-Object System.Security.AccessControl.FileSystemAccessRule(“Administrators”, ‘FullControl’,’ContainerInherit,ObjectInherit’, ‘None’, ‘Allow’)

$Acl.SetAccessRule($rule)

Set-Acl -path $FolderPath -AclObject $Acl

#%COMMONPROGRAMFILES%\Microsoft Shared\Web Server Extensions\15\CONFIG

#Full control Yes

#If this directory or its contents are altered, web application provisioning will not function correctly.

$FolderPath = $CommonProgramFiles +”\microsoft shared\Web Server Extensions\15\CONFIG”

#Get NTFS permissiongs

$Acl = Get-Acl $FolderPath

#Disable inheritance and clear permissions

$Acl.SetAccessRuleProtection($True, $False)

$Acl = (Get-Item $FolderPath).GetAccessControl(‘Access’)

$rule = New-Object System.Security.AccessControl.FileSystemAccessRule(“Administrators”, ‘FullControl’,’ContainerInherit,ObjectInherit’, ‘InheritOnly’, ‘Allow’)

$Acl.SetAccessRule($rule)

Set-Acl -path $FolderPath -AclObject $Acl

#%COMMONPROGRAMFILES%\Microsoft Shared\Web Server Extensions\15\LOGS

#Full control No

#This directory contains setup and runtime tracing logs. If the directory is altered, diagnostic logging will not function correctly.

$FolderPath = $CommonProgramFiles +”\microsoft shared\Web Server Extensions\15\LOGS”

#Get NTFS permissiongs

$Acl = Get-Acl $FolderPath

#Disable inheritance and clear permissions

$Acl.SetAccessRuleProtection($True, $False)

$Acl = (Get-Item $FolderPath).GetAccessControl(‘Access’)

$rule = New-Object System.Security.AccessControl.FileSystemAccessRule(“Administrators”, ‘FullControl’,’ContainerInherit,ObjectInherit’, ‘None’, ‘Allow’)

$Acl.SetAccessRule($rule)

Set-Acl -path $FolderPath -AclObject $Acl

#%windir%\temp

# Full control Yes

#This directory is used by platform components on which SharePoint 2013 depends. If the ACL is modified, Web Part rendering, and other deserialization operations might fail.

$FolderPath = $windir + “\temp”

#Get NTFS permissiongs

$Acl = Get-Acl $FolderPath

#Disable inheritance and clear permissions

$Acl.SetAccessRuleProtection($True, $False)

$Acl = (Get-Item $FolderPath).GetAccessControl(‘Access’)

$rule = New-Object System.Security.AccessControl.FileSystemAccessRule(“Administrators”, ‘FullControl’,’ContainerInherit,ObjectInherit’, ‘InheritOnly’, ‘Allow’)

$Acl.SetAccessRule($rule)

Set-Acl -path $FolderPath -AclObject $Acl

#%windir%\System32\logfiles\SharePoint

# Full control No

#This directory is used by SharePoint Server for usage logging. If this directory is modified, usage logging will not function correctly.

#This registry key applies only to SharePoint Server.

mkdir ($windir + “\System32\logfiles\SharePoint” ) -force

$FolderPath = $windir + “\System32\logfiles\SharePoint”

#Get NTFS permissiongs

$Acl = Get-Acl $FolderPath

#Disable inheritance and clear permissions

$Acl.SetAccessRuleProtection($True, $False)

$Acl = (Get-Item $FolderPath).GetAccessControl(‘Access’)

$rule = New-Object System.Security.AccessControl.FileSystemAccessRule(“Administrators”,’FullControl’,’ContainerInherit,ObjectInherit’, ‘None’, ‘Allow’)

$Acl.SetAccessRule($rule)

Set-Acl -path $FolderPath -AclObject $Acl