function New-HomeFolder { param([string]$Username) $path = "D:\Homes\$Username" if (Test-Path $path) { Write-Host "$path already exists - check ACL manually"; return } New-Item -ItemType Directory -Path $path -Force | Out-Null $acl = New-Object System.Security.AccessControl.DirectorySecurity $acl.SetAccessRuleProtection($true, $false) $acl.AddAccessRule((New-Object System.Security.AccessControl.FileSystemAccessRule("CASCADES\$Username","FullControl","ContainerInherit,ObjectInherit","None","Allow"))) $acl.AddAccessRule((New-Object System.Security.AccessControl.FileSystemAccessRule("SYSTEM","FullControl","ContainerInherit,ObjectInherit","None","Allow"))) $acl.AddAccessRule((New-Object System.Security.AccessControl.FileSystemAccessRule("BUILTIN\Administrators","FullControl","ContainerInherit,ObjectInherit","None","Allow"))) Set-Acl $path $acl Write-Host "$path created with clean ACL" } # Usage: dot-source this file, then call: # New-HomeFolder -Username "lauren.hasselman" # Run on CS-SERVER before adding user to SG-FolderRedirect.