ptea
asked on
Modify ACL Folder,SubFolders,ACL
Hi there,
I want to add an ACE to an ACL and propagate the new ACE into each ACL of subobjects. Here is my code:
$inherit = [system.security.accesscon trol.Inher itanceFlag s]"Contain erInherit, ObjectInherit"
$propagation = [system.security.accesscon trol.Propa gationFlag s]"None"
$directory = "$ProgramFiles\Test"
$acl = Get-ACL $directory
$accessrule = New-Object system.security.AccessCont rol.FileSy stemAccess Rule("$Set UserName", "Modify", $inherit, $propagation, "Allow")
$acl.AddAccessRule($access rule)
$acl.SetAccessRuleProtecti on($False, $True)
set-acl -aclobject $acl $directory
Sadly the new ACE is not set into all ACLs - someboday know why? Its not a permissions issue as I am running teh Script within the security context of an ADM-Account which has FullControl onto the folder, subfolder, files ....
Thx
I want to add an ACE to an ACL and propagate the new ACE into each ACL of subobjects. Here is my code:
$inherit = [system.security.accesscon
$propagation = [system.security.accesscon
$directory = "$ProgramFiles\Test"
$acl = Get-ACL $directory
$accessrule = New-Object system.security.AccessCont
$acl.AddAccessRule($access
$acl.SetAccessRuleProtecti
set-acl -aclobject $acl $directory
Sadly the new ACE is not set into all ACLs - someboday know why? Its not a permissions issue as I am running teh Script within the security context of an ADM-Account which has FullControl onto the folder, subfolder, files ....
Thx
ASKER
thx for the input - I tried this already and got this error message:
Set-Acl : The security identifier is not allowed to be the owner of this object.
Set-Acl : The security identifier is not allowed to be the owner of this object.
ASKER
sorry the code you provided me doesn't work at all - but I already tried to do this with an foreach loop and got the error message above. I also tried a piece of code from Chris Dent:
Get-ChildItem "C:\Program Files\Splunk" -recurse | %{
$ACL = Get-ACL $_.FullName
# un-protect the ACL and remove explicit rules (replacing with parent ACL)
$ACL.SetAccessRuleProtecti on($False, $False)
Set-ACL $_.FullName -AclObject $ACL
}
Got the same error....
Get-ChildItem "C:\Program Files\Splunk" -recurse | %{
$ACL = Get-ACL $_.FullName
# un-protect the ACL and remove explicit rules (replacing with parent ACL)
$ACL.SetAccessRuleProtecti
Set-ACL $_.FullName -AclObject $ACL
}
Got the same error....
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.
$inherit = [system.security.accesscon
$propagation = [system.security.accesscon
$directories = gci "$ProgramFiles\Test" -recurse
foreach ($directory in $directories){
$acl = Get-ACL $directory
$accessrule = New-Object system.security.AccessCont
$acl.AddAccessRule($access
$acl.SetAccessRuleProtecti
set-acl -aclobject $acl $directory
}
I don't think we have the entire script here, but this shouldn't be too hard to adapt.
HTH,
Dale Harris