I have been trying to write a script that will allow me to set specific
folder permissions on my profiles folders in my domain. I cannot garauntee
that I am the owner of the folder so the set-acl cmdlt will not work as far
as i understand. I would be open to any option at this point of how to set
permission on many folders with a powershell script.
I have also tried to use cacls, xcacls, and Icacls to no avail. They seem
to work fine if i manually specify the usernames. If I refrence a variable
that holds the username then it craps out on me. I am still open to the
cacls route if someone has had better experience.
At this point I will entertain any solution.
Thanks
Jacob sampson
How can I set folder permission with powershell
- 03 Sep 2009 #1
Jacob Sampson GuestMy System SpecsHow can I set folder permission with powershell
- 03 Sep 2009 #2
Vadims Podans [MVP] GuestMy System SpecsRe: How can I set folder permission with powershell
Have tou read this link: http://support.microsoft.com/kb/274443 - this is
right way.
The wron way is to use WMI:
$path = "C:\Test"
$user = "Administrator"
$path = $path.replace("\", "\\")
$SD = ([WMIClass] "Win32_SecurityDescriptor").CreateInstance()
$ace = ([WMIClass] "Win32_ace").CreateInstance()
$Trustee = ([WMIClass] "Win32_Trustee").CreateInstance()
$SID = (new-object security.principal.ntaccount
$user).translate([security.principal.securityidentifier])
[byte[]] $SIDArray = ,0 * $SID.BinaryLength
$SID.GetBinaryForm($SIDArray,0)
$Trustee.Name = $user
$Trustee.SID = $SIDArray
$ace.AccessMask =
[System.Security.AccessControl.FileSystemRights]"FullControl"
$ace.AceFlags = "0x3"
$ace.AceType = 0
$ace.Trustee = $trustee
# get current ACL from DACL
$oldDACL = (gwmi Win32_LogicalFileSecuritySetting -filter
"path='$path'").GetSecurityDescriptor().Descriptor.DACL
# add current DACL to new DACL object
$SD.DACL = $oldDACL
# and add new ACE to DACL
$SD.DACL += @($ace.psobject.baseobject)
# set SE_DACL_PRESENT flag
$SD.ControlFlags = "0x4"
$folder = gwmi Win32_LogicalFileSecuritySetting -filter "path='$path'"
# write new DACL to object ACL
$folder.setsecuritydescriptor($SD)
perhaps xcacls/icacls will be more simple solution.
--
WBR, Vadims Podans
MVP: PowerShell
PowerShell blog - www.sysadmins.lv
"Jacob Sampson" <JacobSampson@xxxxxx> rakstīja ziņojumā
"news:993FFE58-370C-4092-A782-FA6BA50E51B7@xxxxxx"...
> I have been trying to write a script that will allow me to set specific
> folder permissions on my profiles folders in my domain. I cannot
> garauntee
> that I am the owner of the folder so the set-acl cmdlt will not work as
> far
> as i understand. I would be open to any option at this point of how to
> set
> permission on many folders with a powershell script.
>
> I have also tried to use cacls, xcacls, and Icacls to no avail. They seem
> to work fine if i manually specify the usernames. If I refrence a
> variable
> that holds the username then it craps out on me. I am still open to the
> cacls route if someone has had better experience.
>
> At this point I will entertain any solution.
>
> Thanks
> Jacob sampson
How can I set folder permission with powershell problems?
| Similar Threads | ||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| Folder permission | Scott | Server General | 3 | 02 Oct 2009 |
| Re: Folder Permission Issue | Dave-UK | Vista General | 1 | 26 Aug 2009 |
| Re: Traverse a folder without permission? | byersbw | Server General | 2 | 21 Aug 2009 |
| You do not currently have permission to access this folder | waywardsoul | System Security | 0 | 17 Jan 2008 |
| change permission on all files inside a folder or hundreds of file inside a folder | Anthony B | Vista security | 2 | 28 Dec 2007 |
