Hi,
with the code below I can set the acls of an directory with an sddl string:
$theSddl = "O:S-1-5-21-......-......-.......-1000G:S-1-5-21-.....-.......-........- 513D:AI(A;CI;0x1200a9;;;NU)(A;ID;FA;;;BA)(A;OICIIOID;GA;;;BA) (A;ID;FA;;;SY)(A;OICIIOID;GA;;;SY(A;OICIID;0x1200a9;;;BU (A;ID;0x1301bf;;;AU)(A;OICIIOID;SDGXGWGR;;;AU)" $SD = New-AdaptedSecurityDescriptor -Sddl $theSddl -Path $thePath -AccessMaskEnumeration ([PowerShellAccessControl.WmiNamespaceRights]) Set-SecurityDescriptor -SDObject $SD -Path $thePath -Force
but the problem is the rights are not set correctly as they were at the source folder.
The network user has special rights after setting the sddl instead of the only right to execute the folder.
Module: PowerShellAccessControl
With the this method
$aclObj = Get-Acl $thePath $aclObj.SetSecurityDescriptorSddlForm($theSddl); Set-Acl -Path $thePath -AclObject $aclObj
it works correctly, but this is not compatible with path name lengths longer than 260.