I’m using the following to set user rights on a folder:
$acl = Get-Acl $folder
$AccessRule = New-Object System.Security.AccessControl.FileSystemAccessRule(“mydomain\joeuser”,“FullControl”,“Allow”)
$acl | Set-Acl $folder
This works fine, however I don’t want to grant joeuser full control, only standard read/execute rights. The following should be checked in the Properties for the folder: Read & execute, List folder contents, and Read.
If I change “FullControl” to “Read” in the above code, I end up with Special permissions where Read is the only checked item.
Any suggestions greatly appreciated.