Hello,
I have been using the following method for some time to set some NTFS permissions on a folder using powershell. However recently - possibly a patch, It has stopped working and now flags up an error for me.
My main question is - what is the best way for doing NTFS permissions so this includes things like… adding groups with certain rights, removing inheritance and removing groups.
Is this method the best way and i simply need to iron out this bug? Or is there another method without having to tap into .NET
#setting permission level
$objModify = [System.Security.AccessControl.FileSystemRights]::Modify
$objList = [System.Security.AccessControl.FileSystemRights]::ListDirectory
$objFull = [System.Security.AccessControl.FileSystemRights]::FullControl
#Define inheritance
$InheritanceFlag = [System.Security.AccessControl.InheritanceFlags]“ContainerInherit, ObjectInherit”
$PropagationFlag = [System.Security.AccessControl.PropagationFlags]::None
#Define if we are going to allow or deny access to an object
$objType =[System.Security.AccessControl.AccessControlType]::Allow
#Create a new object representing the user to be assigned these rights
$objAdministrator = New-Object System.Security.Principal.NTAccount(“Domain\Administrator”)
$objDomainAdmin = New-Object System.Security.Principal.NTAccount(“domain\Domain Admins”)
$objEveryone = New-Object System.Security.Principal.NTAccount(“Everyone”)
$objProject = New-Object System.Security.Principal.NTAccount(“Domain\Project_$($project)”)
#Create above
$objAdministrator = New-Object System.Security.AccessControl.FileSystemAccessRule ($objAdministrator, $objFull, $InheritanceFlag, $PropagationFlag, $objType)
$objDomainAdmin = New-Object System.Security.AccessControl.FileSystemAccessRule ($objDomainAdmin, $objFull, $InheritanceFlag, $PropagationFlag, $objType)
$objEveryone = New-Object System.Security.AccessControl.FileSystemAccessRule ($objEveryone, $objList, $InheritanceFlag, $PropagationFlag, $objType)
$objEveryoneFull = New-Object System.Security.AccessControl.FileSystemAccessRule ($objEveryone, $objFull, $InheritanceFlag, $PropagationFlag, $objType)
$objACE = New-Object System.Security.AccessControl.FileSystemAccessRule ($objProject, $objModify, $InheritanceFlag, $PropagationFlag, $objType)
$objACL.AddAccessRule($objvnxDomainAdmin)
$objACL.AddAccessRule($objvnxAdministrator)
$objACL.AddAccessRule($objACE)
$objACL.RemoveAccessRuleAll($objvnxEveryoneFull)
$objACL.AddAccessRule($objvnxEveryone)
Thanks!
Adnan