Group Policy Logon Script to create folder based on username, run as admin

Hello,

I'm at a loss as to how to make this work.  I wrote the following PowerShell script that will check to see if the currently logged in user has a folder on a share, and if not it will create the folder and set appropriate permissions.  I want to run it as a Group Policy Logon Script, however I need to run this script as an administrator because users don't have any write/create access at the folder level of the file share.  The problem with that then becomes $ENV:Username resolves to the admin account the script is running under.

Any ideas?

Thanks!

Ryan

# Declare Variables
$strName = $env:USERNAME
$strDomain = $env:USERDOMAIN

If ($strDomain -eq "domain.org") {
	# Split Username into 2 variables
	$data = $strName.Split("_")
	$fname = $data[0]
	$lname = $data[1]

	#Find first character of last name
	$firstcharacter = $lname[0]

	# Figure out if last name begins with A-M or N-Z
	$A_M=$firstcharacter -match "[a-m]"
	$N_Z=$firstcharacter -match "[n-z]"

	# Checks to see if folder exists
	If ($A_M -eq $true){$FolderExists = Test-Path "\\staff-files\staff\Last Name A-M\$strName"}
	elseif ($N_Z -eq $true){$FolderExists = Test-Path "\\staff-files\staff\Last Name N-Z\$strName"}

	# Creates folder if it doesn't exist
	If (($FolderExists -eq $false) -and ($A_M -eq $true)){
	New-Item "\\staff-files.domain.org\Staff\Last Name A-M\$strName" -type directory
	$DirPath = "\\staff-files.domain.org\Staff\Last Name A-M\$strName"
}
	elseif (($FolderExists -eq $false) -and ($N_Z -eq $true)){
	New-Item "\\staff-files.domain.org\Staff\Last Name N-Z\$strName" -type directory
	$DirPath = "\\staff-files.domain.org\Staff\Last Name N-Z\$strName"
}
}
ElseIf ($strDomain -eq "students.domain.org") {
	# Pull 2 digit year from username and make 4 digit year
	$4digityear = "20" + $strName.Substring(0,2)
	# Checks to see if folder exists
	$FolderExists = Test-Path "\\files.domain.org\students\$4digityear\$strName"

	# Creates folder if it doesn't exist
	If ($FolderExists -eq $false) {
	New-Item "\\files.domain.org\students\$4digityear\$strName" -type directory
	$DirPath = "\\files.domain.org\students\$4digityear\$strName"
}
}
# Assign Permissions
If ($FolderExists -eq $false){
$target = $DirPath
$acl = Get-Acl $target
$inherit = [system.security.accesscontrol.InheritanceFlags]"ContainerInherit, ObjectInherit"
$propagation = [system.security.accesscontrol.PropagationFlags]"None"

$accessrule = new-object system.security.AccessControl.FileSystemAccessRule ("CREATOR OWNER","Modify",$inherit,$propagation,"Allow")
	 $acl.AddAccessRule($accessrule)
$accessrule = new-object system.security.AccessControl.FileSystemAccessRule ("NT AUTHORITY\SYSTEM","FullControl",$inherit,$propagation,"Allow")
	 $acl.AddAccessRule($accessrule)
$accessrule = new-object system.security.AccessControl.FileSystemAccessRule ("administrators","FullControl",$inherit,$propagation,"Allow")
     $acl.AddAccessRule($accessrule)
	 If ($strDomain -eq "students.hempfieldsd.org"){
		 $accessrule = new-object system.security.AccessControl.FileSystemAccessRule ("DOMAIN\Domain Users","Modify",$inherit,$propagation,"Allow")
     	 $acl.AddAccessRule($accessrule)
	 }
$accessrule = new-object system.security.AccessControl.FileSystemAccessRule ("DOMAIN\Staff_Tech","FullControl",$inherit,$propagation,"Allow")
     $acl.AddAccessRule($accessrule)
$accessrule = new-object system.security.AccessControl.FileSystemAccessRule ("DOMAIN\Enterprise Admins","FullControl",$inherit,$propagation,"Allow")
     $acl.AddAccessRule($accessrule)
$accessrule = new-object system.security.AccessControl.FileSystemAccessRule ($strName,"FullControl",$inherit,$propagation,"Allow")
     $acl.AddAccessRule($accessrule)

$acl.SetAccessRuleProtection($true,$false)

$acl.SetOwner([System.Security.Principal.NTAccount]$strName)

Set-Acl -AclObject $acl $target
}

Ryan Breneman - Systems Administrator - Hempfield School District