dackey
February 8, 2022, 2:42pm
1
Hello Powershell Community,
I’m trying to give ACL to a folder with this script :
# add a new permission
$user = "$HostName\Administrator"
$InheritanceFlags=”ContainerInherit,ObjectInherit”
$FileSystemAccessRights="Traverse,Executefile,ListDirectory,ReadData,ReadAttributes,ReadExtendedAttributes,CreateFiles,WriteData,ReadPermissions"
$PropagationFlags=”None”
$AccessControl=”Allow”
$rule = New-Object System.Security.AccessControl.FileSystemAccessRule(@($user), @($InheritanceFlags), @($PropagationFlags), @($AccessControl), @($FileSystemAccessRights))
#$rule = New-Object System.Security.AccessControl.FileSystemAccessRule("$Hostname\Administrator",$FileSystemAccessRights)
$acl.SetAccessRule($rule)
# set new permissions
$path1.SetAccessControl($acl)
The Only thing i have is an error :
new-object : cannot find an overload for “FileSystemAccessRule” and the argument 4
I’dont know why… thx for help.
You need to create NTAccount
object and pass that instead of “Domain\User” string, and there is no need to convert variables to array, ex:
$NTAccount = New-Object -TypeName System.Security.Principal.NTAccount($Hostname, "Administrator")
$Rule = New-Object System.Security.AccessControl.FileSystemAccessRule($NTAccount, $FileSystemAccessRights, $InheritanceFlags, $PropagationFlags, $AccessControl)
To make these lines shorter at the very top of your script put this line:
# This must first line in your script
using namespace System.Security
Then you can omit namespace and simply write:
$Rule = New-Object AccessControl.FileSystemAccessRule(/*...*/)
For more information about this constructor see:
For more information about FileSystemAccessRule Class see:
dackey
February 9, 2022, 10:11am
3
Hello MetaBlaster ^^
Thx you so much ^^ it’s working fine !
And how to disable Inheritance and replace all Child object permission… ?
I don’t understand very much this part…
I’m not 100% sure but I think it should look like this:
using namespace System.Security
$LiteralPath = "C:\TestFolder"
$AccessControl = "Allow"
[AccessControl.InheritanceFlags] $InheritanceFlags = "ContainerInherit, ObjectInherit"
[AccessControl.PropagationFlags] $PropagationFlags = "NoPropagateInherit"
$NTAccount = New-Object Principal.NTAccount($Hostname, "Administrator")
$Rule = New-Object AccessControl.FileSystemAccessRule($NTAccount, $FileSystemAccessRights, $InheritanceFlags, $PropagationFlags, $AccessControl)
$Acl = Get-Acl -LiteralPath $LiteralPath
$Acl.SetAccessRuleProtection($true, $false)
$Acl.SetAccessRule($rule)
Set-Acl -AclObject $Acl -LiteralPath $LiteralPath -ErrorAction Stop
In any case you’ll need to write for loop if you want to recursively set permissions, the API does not expose recursive functionality.
I suggest that you read MS documentation I gave you, it explains things in details and gives some sample code that you need to convert to PS to learn more.
WARNING
Make sure you do not test your code for real against operating system diretory tree, if something gets wrong in most cases there is no way to recover, always do this againt test folders.
dackey
February 11, 2022, 8:22am
5
Hello MetaBlaster ^^
Thx again for your help !
I will read it
Have nice day !