Hello.
I need to add a group to all shares/folders where inheritance is disabled.
First, find folders with no inheritance:
# Start of code flag directories where inheritance is disabled
$folders = gci -recurse \\myNAS\myTopShare
foreach ($path in $folders) {
if ($path.PSIsContainer -eq $false) {
continue
}
if ((get-acl $path.fullname).AreAccessRulesProtected -eq $true) {
$path.fullname
}
}
# End of code flag directories where inheritance is disabled
Above code seems to be working. For example, it returns the following where Sub2 indeed has inheritance disabled.
\\myNAS\myTopShare\Sub1\Sub2
Note that there are additional folders below Sub2 that inherit settings from Sub2.
Next step is to add the AD group to Sub2:
# Start of code add group to group
$path = "\\myNAS\myTopShare\Sub1\Sub2"
$group = "Sample AD Group"
$acl = Get-Acl -Path $path
$grp = New-Object System.Security.AccessControl.FileSystemAccessRule($group,"FullControl,Modify","Allow")
$acl.SetAccessRule($grp)
$acl | Set-Acl $path
# End of code add group to share
However, the added group ends up with “Special Permissions” where security is applied as “This folder only”.
I would like to add the group where security applies to “This folder, subfolder and files”.
Any suggestions greatly appreciated.