pipe get-acl to set-acl without copying the owner

I was just wondering if anyone has tried piping get-acl to set-acl without copying the owner. I tried this without success:

PS C:\users\superuser> get-acl c:\users\user1\foo.txt | select * -exclude owner | 
  set-acl c:\users\user2\foo.txt

set-acl : AclObject
At line:1 char:63
+ ... o.txt | select * -exclude owner | set-acl c:\users\user2\foo.txt
+                                       ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidArgument: (@{PSPath=Micros...Canonical=True}:PSObject) [Set-Acl], ArgumentException
    + FullyQualifiedErrorId : SetAcl_AclObject,Microsoft.PowerShell.Commands.SetAclCommand

What exactly are you trying to do? The file has to have an owner. You can change or set the owner, but that is not the way to do it. Set-ACL is expecting a PSObject formatted with required information and you are removing it. I would recommend reading the help files on Set-ACL for examples and researching the internet for examples.

I just want to change the acl, while keeping the owner the same. I was wondering what property in the acl contains the owner.

Btw, the submit button looks like it’s grayed out.

All ACL properties are not settable, you have to cherry pick the objects required to set.

Yep. You’ll want to do something like this:

$ACL = Get-Acl -Path $Path
$AccessRights = $ACL.Access

# make changes to $accessrights by adding, removing, or altering the FileSystemAccessRules

Set-Acl -Path $Path -AclObject $AccessRights

I found this way. Joel, I got an invalid argument error. I think you mean “-aclobject $acl”.

# this works

# path, owner, and group properties are null
$acl = (Get-Item c:\users\user1\foo.txt).GetAccessControl('Access')

$acl | set-acl c:\users\user2\foo.txt

I tried “$acl.owner = $null”, but the property is ReadOnly. I think the input object has to be a certain type.

While it isn’t a one liner, would this work? Or does that blow up some sort of auditing for you?

# get the original owner
$originalOwner = (Get-Acl -Path .\file2.txt | Select-Object -ExpandProperty Owner) -split '\\'
$OwnerPrincipal = New-Object System.Security.Principal.NTAccount($originalOwner[0], $originalOwner[1])
# set the ACL
Get-ACL -Path .\file.txt | Set-Acl -Path .\file2.txt
# update the owner information
$acl = Get-ACL -Path .\file2.txt
$acl.SetOwner($OwnerPrincipal)
Set-ACL -Path .\file2.txt -AclObject $acl 


What I posted works fine, but that is perfectly valid, Stephen, even as the System user.