by jawhitm at 2012-09-11 00:56:53
Hello everyone,by NachumElla at 2012-09-11 03:31:34
I am trying to modify some folder permissions using powershell and so far I have not found a good way to do this. I would like to use powershell if at all possible to accomplish this.
I tried to use Set-ACL and Get-ACL but that doesn’t appear to work as I would like it to
What i am trying to do:
1. Get a list of users / groups that have access to a folder for this example lets call it C:\Testing and below it has folder Test1
2. Remove all users / groups to the folder UNLESS it is inherited from a folder higher up
3. Grant a particular user account that I specify in the script the following permissions:
- Read & Execute
- List Folder Contents
- Read
From the examples I have seen. It adds in permissions but adds them in as special permissions and for this I want to put it on the "Main permissions" where you see the check boxes next to these.
The Operating System this will be done on is on: Windows 2008 SP2 and Windows 2008 R2
Any assistance is greatly appreciated.
Thank you,
Johnathan
Hello jawhitm!by coderaven at 2012-09-11 05:21:25
About number 1 -Get-ChildItem path -recurse | where {$.psiscontainer} | select -expand fullname | ForEach-Object {Get-Acl -path $} | fl
about number 2 - havnt found a way to do that with Get-ACL…
Working with permissions in PowerShell is pretty straight forward once you learn to work with the ACL object and to create new ACE entries. I think this is pretty close to what you are looking for. The permissions "ReadAndExecute" includes "ListFolderContents" and "Read"by jawhitm at 2012-09-11 21:24:34
Make sure you modify this to fit your needs and test it! This is just an example.#Get the ACL
$acl = Get-Acl -Path C:\Path\To\Folder
#List Users/Groups in ACL with permissions
$acl.Access | Select IdentityReference, FileSystemRights
#Remove All non-inherited Permissions
$acl.Access | ForEach-Object {if ($.IsInherited -eq $False) {$acl.RemoveAccessRule($)}}
#Add ACE to grant Group ReadAndExecute for "This Folder, Subfolders and Files"
$rule = New-Object System.Security.AccessControl.FileSystemAccessRule("DomainName\GroupName","ReadAndExecute", "ContainerInherit, ObjectInherit", "None", "Allow")
$acl.AddAccessRule($rule)
#Set the modified ACL
Set-Acl -Path \Path\To\Folder -AclObject $acl
Oh you are the man Allan (coderaven). Absolutely 100% exactly what I was looking for and have been trying to do for days. Thank you so much.$count = "5"
while ($count -ne "4")
{
write-host "Thank You" -foregroundcolor "Green"
write-host "Thank You" -foregroundcolor "Yellow"
write-host "Thank You" -foregroundcolor "Red"
write-host "Thank You" -foregroundcolor "Cyan"
}