by lamotta79 at 2012-09-12 04:22:07
Hi - i’m afraid I have very little Powershell experience and so am after a bit of help in setting up a script with will hopefully save me a weekend of work.by coderaven at 2012-09-12 05:12:21
Basically I need to alter multiple security groups on around 2000 folders. The groups all need to have the same permissions which are ‘Traverse, List Folder, Read Attributes, Read extended attributes and Read permissions’ the permissions also also need to be set only to the folder on which they are applied. So in the GUI I would set Apply To: This folder only. Whilst all groups are named differently, they all have a constant which is that they end with ‘-T’.
So for example on a directory f:\Projects, I would need to identify all subfolders containing groups ending with ‘-T’ and modify the permissions on these groups as stated above.
Do you think this is possible? Or am I being overly optimistic? Any help would be greatly appreciated as it would potentially save me many hours.
Thanks Shayne
In the list of permissions you are trying to set it sounds like "ReadAndExecute"by lamotta79 at 2012-09-13 04:51:04
This should get you close, it is ad-hoc so please test!$Folders = (Get-ChildItem -Path F:\Projects -Recurse | Where-Object {$.Mode -like "d*"})
Foreach ($Folder in $Folders)
{
$acl = Get-Acl -Path $Folder.FullName
foreach ($Access in $acl.Access)
{
if ($.IdentityReference -like "*-T")
{
$acl.RemoveAccessRule($Access)
$rule = New-Object System.Security.AccessControl.FileSystemAccessRule($Access.IdentityReference,"ReadAndExecute", "None", "None", "Allow")
$acl.AddAccessRule($rule)
}}
Set-Acl -Path $Folder.FullName -AclObject $acl
}
If you are doing 2000 folders I suggest you add in a write-progress in the Foreach Folder loop so see how you are doing.
Hi thanks for this, it really is very much appreciated.by coderaven at 2012-09-13 09:50:42
Just trying to run the script on a test folder but I am receiving the following error even though I have ownership and full control over the folder.
Set-Acl : Attempted to perform an unauthorized operation.
At C:\pstest.ps1:13 char:8
+ Set-Acl <<<< -Path $Folder.FullName -AclObject $acl
+ CategoryInfo : PermissionDenied: (C:\PSTEST\Roche:String) [Set-Acl], UnauthorizedAccessException
+ FullyQualifiedErrorId : System.UnauthorizedAccessException,Microsoft.PowerShell.Commands.SetAclCommand
Any Ideas?
Many Thanks
Shayne
It looks like this is a reported bug. Does it happen for all folders or just certain ones?by DonJ at 2012-09-13 10:34:15
Note that there’s also a WMI-based workaround posted on that bug report page.