<#====================================================================

Copyright © 2015, September. Michael Pomfret

Creates the Machine Translation Service

The following updates the Users Group file permissions.

====================================================================#>

Write-Host “”

Write-Host “==================================================================”

Write-Host “SharePoint 2013 – Updating file permissions for the Users Group…”

Write-Host “==================================================================”

Write-Host “”

$ProgramFiles = ${env:ProgramFiles}

$CommonProgramFiles = ${env:COMMONPROGRAMFILES}

$Windir = ${env:windir}

$Systemdrive = ${env:systemdrive}

$AllUsersProfile = ${env:AllUsersProfile}

$Computername = ${env:computername}

$localUsers = “BUILTIN\Users”

#%ProgramFiles%\Microsoft Office Servers\15.0

#Read, execute No

#This directory is the installation location for SharePoint 2013 binaries and data. It can be changed during installation. All SharePoint 2013 functionality will fail if this directory is removed, altered, or moved after installation.

$FolderPath = $ProgramFiles + “\Microsoft Office Servers\15.0”

#Get NTFS permissiongs

$Acl = Get-Acl $FolderPath

#Disable inheritance and clear permissions

$Acl.SetAccessRuleProtection($True, $False)

$Acl = (Get-Item $FolderPath).GetAccessControl(‘Access’)

$rule = New-Object System.Security.AccessControl.FileSystemAccessRule($localUsers, ‘ReadAndExecute’,’ContainerInherit,ObjectInherit’, ‘None’, ‘Allow’)

$Acl.SetAccessRule($rule)

Set-Acl -path $FolderPath -AclObject $Acl

exit

#%ProgramFiles%\Microsoft Office Servers\15.0\WebServices\Root

#Read, execute No

#This directory is the root directory where back-end root Web services are hosted. The only service initially installed on this directory is a search global administration service. Some search administration functionality that uses the server-specific Central Administration Settings page will not work if this directory is removed or altered.

$FolderPath = $ProgramFiles + “\Microsoft Office Servers\15.0\WebServices\Root”

#Get NTFS permissiongs

$Acl = Get-Acl $FolderPath

#Disable inheritance and clear permissions

$Acl.SetAccessRuleProtection($True, $False)

$Acl = (Get-Item $FolderPath).GetAccessControl(‘Access’)

$rule = New-Object System.Security.AccessControl.FileSystemAccessRule($localUsers, ‘ReadAndExecute’,’ContainerInherit,ObjectInherit’, ‘None’, ‘Allow’)

$Acl.SetAccessRule($rule)

Set-Acl -path $FolderPath -AclObject $Acl

#%ProgramFiles%\Microsoft Office Servers\15.0\Logs

#Read, write Yes

#This directory is the location where the run-time diagnostic logging is generated. Logging will not function properly if this directory is removed or altered.

$FolderPath = $ProgramFiles + “\Microsoft Office Servers\15.0\Logs”

#Get NTFS permissiongs

$Acl = Get-Acl $FolderPath

#Disable inheritance and clear permissions

$Acl.SetAccessRuleProtection($True, $False)

$Acl = (Get-Item $FolderPath).GetAccessControl(‘Access’)

$rule = New-Object System.Security.AccessControl.FileSystemAccessRule($localUsers, ‘Read, Write’,’ContainerInherit,ObjectInherit’, ‘None’, ‘Allow’)

$Acl.SetAccessRule($rule)

Set-Acl -path $FolderPath -AclObject $Acl

#%ProgramFiles%\Microsoft Office Servers\15.0\Bin

#Read, execute No

#This directory is the installed location of SharePoint 2013 binaries. All of the SharePoint 2013 functionality will fail if this directory is removed or altered.

$FolderPath = $ProgramFiles + “\Microsoft Office Servers\15.0\Bin”

#Get NTFS permissiongs

$Acl = Get-Acl $FolderPath

#Disable inheritance and clear permissions

$Acl.SetAccessRuleProtection($True, $False)

$Acl = (Get-Item $FolderPath).GetAccessControl(‘Access’)

$rule = New-Object System.Security.AccessControl.FileSystemAccessRule($localUsers, ‘ReadAndExecute’,’ContainerInherit,ObjectInherit’, ‘None’, ‘Allow’)

$Acl.SetAccessRule($rule)

Set-Acl -path $FolderPath -AclObject $Acl