Set windows folder permission/security via script

Zman771
Zman771 used Ask the Experts™
on
I'm running windows home server and want to set up custom folder security/permissions (give a user read access to a folder).  I can do this via the normal windows security dialogue, but unfortunately WHS seems to overwrite my custom permissions after a certain amount of time.  

is there a way to set this permission via a script or command line so that I can run it as a scheduled task?
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Most Valuable Expert 2011
Top Expert 2011

Commented:

xcacls should be able to do this.....
How to use Xcacls.exe to modify NTFS permissions
http://support.microsoft.com/kb/318754
Please advise if you need help with the syntax of the script/command....
Commented:
Hello,

With PowerShell, this is really simple : just use get-acl and set-acl cmdlet. You have a quick introduction here :http://chrisfederico.wordpress.com/2008/02/01/setting-acl-on-a-file-or-directory-in-powershell/

Note that this works on registry too. You can also use cacls.exe with a vbscript. If you prefer vbs I can give you a script sample using this tool.

Author

Commented:
I was able to use PowerShell to modify the permissions but I can't seem to figure out how to save the script so I can schedule it via windows Scheduled Tasks.  
11/26 Forrester Webinar: Savings for Enterprise

How can your organization benefit from savings just by replacing your legacy backup solutions with Acronis' #CyberProtection? Join Forrester's Joe Branca and Ryan Davis from Acronis live as they explain how you can too.

Commented:
Save your script in a .ps1 file, then follow instruction in this post : http://www.searchmarked.com/windows/how-to-schedule-a-windows-powershell-script.php

Author

Commented:
worked like a charm, except for one small issue.  the post says to run the following command:
powershell -command "& 'MyScript.ps1' "
but if the file is in the same directory you have to run
powershell -command "& '.\MyScript.ps1' "

other than that this is perfect.  thanks!

Commented:
You're Welcome. Glad this workeD for you.

Author

Commented:
i came across one issue.  when i run the script, the user's permissions come as "Special Permissions" instead of "Full Control" or "Read & Execute".  i've tried several different $permission settings but it doesn't seem to work.  any suggestions?


$acl = Get-Acl d:\shares\Videos
$permission = "USERNAME","FullControl","Allow"
$accessRule = New-Object System.Security.AccessControl.FileSystemAccessRule $permission
$acl.SetAccessRule($accessRule)
$acl | Set-Acl d:\shares\Videos

Open in new window

Author

Commented:
I fixed it.  turns out the permissions were only being applied to the folder and not the subfolders and files.  
$directory = "d:\shares\Videos"
$inherit = [system.security.accesscontrol.InheritanceFlags]"ContainerInherit, ObjectInherit"
$propagation = [system.security.accesscontrol.PropagationFlags]"None"
$acl = Get-Acl $directory
$accessrule = New-Object system.security.AccessControl.FileSystemAccessRule("USERNAME", "Read", $inherit, $propagation, "Allow")
$acl.AddAccessRule($accessrule)
set-acl -aclobject $acl $directory

Open in new window

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial