I've run into an issue where users scan PDFs via the copy machine into their personal user folder on a file server. (The copier has a domain user account that owns a subfolder within each users' personal folder (D:\FileShare\Users\JohnSmith\Scans) that it drops the PDFs into.) The PDFs gain the permissions of that folder. (Only the user, scanner and admins have access) The scanner retains ownership of the PDF. The user moves that PDF to another location on the server and no one but the original user can see the file exists because they don't have permission.
We have a workaround for new files. Rather than move or cut/paste a file within the server, the user can copy/paste it or move it first to their local computer before putting it back on the server. This effectively creates a new file that inherits permissions from the folder it's created in. Unfortunately, this doesn't help for those files that were already moved.
Hard mode: I'm looking for a way to iterate through the server's directories (D:\FileShare) and have each file that is still owned by the scanner but isn't in a user directory (D:\FileShare\Users\JohnSmith) to have it's permissions replaced by those of the parent directory.
Psudo-code: For each file If owner == Scanners, replace current permissions with that of parent directory next
Easy mode: Iterate through all folders and set all files' permissions to that of their parent folder. Make no changes to folders themselves.
Psudo-code: For each file, replace permissions with that of parent directory.
I'm not a powershell guy so the syntax scares me a bit.
If i'm interpreting correctly the below code should work. This essentially: Creates an array of PDF filepaths where the owner of the PDF is $scannerOwner Loops through each PDF filepath, if it is in a user directory do nothing else apply the ACL from the parent folder to the file.