Setting Folder ACL

I just kept working on the paring until it did what I wanted it to do.

the whole $($variable) is just a way to force it to expand it before it executes the line.

Putting the parentheses in quotes let them pass through as proper string, without powershell mucking with them.

I’m actually a little surprised it let the colon go in there without being in quotes but it just got stranger the more I played with it. You might find that in a script it parses slightly different and might need more tweaking, I’ve had occasional issues like that.

For whatever reason, the first $($Name) in the filename isn’t necessary, just the second one in the username. That apparent inconsistency mystifies the living crud out of me.

And this was easier than Get-ACL / Set-ACL? Gods. I’m going to lunch before I get any more discouraged.

Thanks to all.

Honestly, anything involving ACLs is a shit-show. And Microsoft knows it. That’s why there’s such a press for role-based authorization (e.g., DAC), and to move away from ACLs over time. Maintaining ACLs is impossible.

Totally agree with Don, ACL management is a cluster.

Just for reference the powershell ACL method would be more like :

$TargetPath = "e:\users\$Name"
$FolderACL = Get-Acl -Path $TargetPath
$ACLRule = New-Object -TypeName System.Security.AccessControl.FileSystemAccessRule("\$($Name)", "Modify", "ContainerInherit, ObjectInherit", "None", "Allow")
Set-Acl -Path $TargetPath -AclObject $FolderACL

Now that you have a better understanding of the icacls, you should see the main similarities, just in this one you are also explicitly listing propagation type, and if it is an Allow or Deny ACL type.

Okay, now everything looks better after a chicken salsa wrap and house-made chips. Glad to hear the issues aren’t just with this newbie.

It could be worse for me. I long ago mandated that there would only be two global groups in an ACL - one for read, one for write. If a user wants something else in a subfolder, we’ll create a new top-level directory. At least I don’t have to deal with those nested nightmares.

Thanks. I’ll take a break from attempting a real-world application and dive into Don’s chapter on the Help system.