CaussyR
asked on
Take Ownership of Folders
Please, could anyone let me know how I can change a folders ownership in Powershell ? I have tried the following :
$FTPPath = "c:\test"
$NewFTPUser = 'TESTFTP'
Get-Acl $FTPPath | Format-List
$ACL = Get-Acl $FTPPath
$Rule = New-Object System.Security.AccessCont rol.FileSy stemAccess Rule("TEST FTP","Full Control")
$ACL.AddAccessRule($Rule)
Set-Acl $FTPPath $ACL
The above works for adding permissions to a folder but need to know how to take ownership.
Thanks
$FTPPath = "c:\test"
$NewFTPUser = 'TESTFTP'
Get-Acl $FTPPath | Format-List
$ACL = Get-Acl $FTPPath
$Rule = New-Object System.Security.AccessCont
$ACL.AddAccessRule($Rule)
Set-Acl $FTPPath $ACL
The above works for adding permissions to a folder but need to know how to take ownership.
Thanks
ASKER
Could you let me know what the following variables should be set to :
$user, $permissions, $allInherit, $allPropagation
I am also seeing the following error :
Get-Acl : A positional parameter cannot be found that accepts argument 'System.Security.AccessCon trol.Direc torySecuri ty'.
At line:3 char:1
+ acl = (Get-Item $path).GetAccessControl("A ccess")
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~ ~~~~~~~~~~ ~~~
+ CategoryInfo : InvalidArgument: (:) [Get-Acl], ParameterBindingException
+ FullyQualifiedErrorId : PositionalParameterNotFoun d,Microsof t.PowerShe ll.Command s.GetAclCo mmand
New-Object : Cannot find an overload for "FileSystemAccessRule" and the argument count: "5".
At line:8 char:7
+ $AR = New-Object System.Security.AccessCont rol.FileSy stemAccess Rule $user, $perm ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~ ~~~~~~~~~~ ~~~~~~~~~~ ~~~~~~~~~~ ~~~~~~~~~~ ~~~~
+ CategoryInfo : InvalidOperation: (:) [New-Object], MethodException
+ FullyQualifiedErrorId : ConstructorInvokedThrowExc eption,Mic rosoft.Pow erShell.Co mmands.New ObjectComm and
Exception calling "AddAccessRule" with "1" argument(s): "Value cannot be null.
Parameter name: rule"
At line:20 char:5
+ $acl.AddAccessRule($AR)
+ ~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [], MethodInvocationException
+ FullyQualifiedErrorId : ArgumentNullException
Set-Acl : The security identifier is not allowed to be the owner of this object.
At line:23 char:1
+ Set-Acl -AclObject $acl -Path $Path
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~
+ CategoryInfo : InvalidOperation: (C:\Temp\Test:String) [Set-Acl], InvalidOperationException
+ FullyQualifiedErrorId : System.InvalidOperationExc eption,Mic rosoft.Pow erShell.Co mmands.Set AclCommand
Do I need any particular module loaded in Powershell ?
$user, $permissions, $allInherit, $allPropagation
I am also seeing the following error :
Get-Acl : A positional parameter cannot be found that accepts argument 'System.Security.AccessCon
At line:3 char:1
+ acl = (Get-Item $path).GetAccessControl("A
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidArgument: (:) [Get-Acl], ParameterBindingException
+ FullyQualifiedErrorId : PositionalParameterNotFoun
New-Object : Cannot find an overload for "FileSystemAccessRule" and the argument count: "5".
At line:8 char:7
+ $AR = New-Object System.Security.AccessCont
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (:) [New-Object], MethodException
+ FullyQualifiedErrorId : ConstructorInvokedThrowExc
Exception calling "AddAccessRule" with "1" argument(s): "Value cannot be null.
Parameter name: rule"
At line:20 char:5
+ $acl.AddAccessRule($AR)
+ ~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [], MethodInvocationException
+ FullyQualifiedErrorId : ArgumentNullException
Set-Acl : The security identifier is not allowed to be the owner of this object.
At line:23 char:1
+ Set-Acl -AclObject $acl -Path $Path
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (C:\Temp\Test:String) [Set-Acl], InvalidOperationException
+ FullyQualifiedErrorId : System.InvalidOperationExc
Do I need any particular module loaded in Powershell ?
If you just want to set the owner then the following code should work..
$acl = Get-Acl $FTPPath
$acl.SetOwner([System.Security.Principal.NTAccount] “subsun“)
Set-Acl $FTPPath $ACl
ASKER
From your advise, I did the following :
$FTPPath = 'c:\temp\test'
$acl = get-acl $FTPPath
$acl.SetOwner([System.Secu rity.Princ ipal.NTAcc ount] "domain\Caussyr")
set-acl $FTPPath $acl
But the error I get now is,
set-acl : The security identifier is not allowed to be the owner of this object.
At line:4 char:1
+ set-acl $FTPPath $acl
+ ~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (C:\temp\test:String) [Set-Acl], InvalidOperationException
+ FullyQualifiedErrorId : System.InvalidOperationExc eption,Mic rosoft.Pow erShell.Co mmands.Set AclCommand
$FTPPath = 'c:\temp\test'
$acl = get-acl $FTPPath
$acl.SetOwner([System.Secu
set-acl $FTPPath $acl
But the error I get now is,
set-acl : The security identifier is not allowed to be the owner of this object.
At line:4 char:1
+ set-acl $FTPPath $acl
+ ~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (C:\temp\test:String) [Set-Acl], InvalidOperationException
+ FullyQualifiedErrorId : System.InvalidOperationExc
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Through searching I found out that Microsoft have a simple module that can be imported for ACL.
This peace of code should do some magic.
$acl = (Get-Item $path).GetAccessControl("A
# Setup the access rule.
$allInherit = [System.Security.AccessCon
$allPropagation = [System.Security.AccessCon
$AR = New-Object System.Security.AccessCont
# Check if Access already exists.
if ($acl.Access | Where { $_.IdentityReference -eq $User})
{
$accessModification = New-Object System.Security.AccessCont
$accessModification.value_
$modification = $false
$acl.ModifyAccessRule($acc
}
else
{
$acl.AddAccessRule($AR)
}
Set-Acl -AclObject $acl -Path $Path