I have noticed that in production, when I give a user Full Control ACL permissions, it shows up as ‘Special Permissions’ from within Windows Properties (Right click folder -> Properties -> Security) as ‘Special Permissions’. ACL output does reflect Fullcontrol. Should I disregard and be confident the user(s) do in fact have Full Control?
Reproduced the issue here:
$permission = "w10-bchome\bri","FullControl", "Allow" $Path = "c:\Utility\test" $acl = get-acl $Path $AccessRule = New-Object System.Security.AccessControl.FileSystemAccessRule $permission $acl.SetAccessRule($AccessRule) $Acl | Set-Acl $Path
Path : Microsoft.PowerShell.Core\FileSystem::C:\Utility\test Owner : W10-BCHOME\bclanton Group : W10-BCHOME\None Access : NT AUTHORITY\SYSTEM Allow FullControl W10-BCHOME\Administrator Allow FullControl W10-BCHOME\bclanton Allow FullControl W10-BCHOME\bri Allow FullControl Audit : Sddl : O:S-1-5-21-1073379331-2122356694-3448876220-1001G:S-1-5-21-1073379331-2122356694-3448876220-513D:PAI(A;OICI;FA;;;SY)(A;OICI;FA;;;LA)(A;OICI;FA;;;S-1-5-21-1073379331-2122356694-3448876220-1 001)(A;;FA;;;S-1-5-21-1073379331-2122356694-3448876220-1002)When I right click the folder, it just shows "Special Permissions".
What I want to do is give them full permissions of the folder and sub folders and files. The special permission only gives them full control of the folder.