Take Ownership of Folders

Please, could anyone let me know how I can change a folders ownership in Powershell ? I have tried the following :

$FTPPath = "c:\test"
$NewFTPUser = 'TESTFTP'
Get-Acl $FTPPath | Format-List
$ACL = Get-Acl $FTPPath
$Rule = New-Object System.Security.AccessControl.FileSystemAccessRule("TESTFTP","FullControl")
$ACL.AddAccessRule($Rule)
Set-Acl $FTPPath $ACL

The above works for adding permissions to a folder but need to know how to take ownership.

Thanks
CaussyRAsked:
Who is Participating?
 
CaussyRConnect With a Mentor Author Commented:
After a lo9t of research I found this page : http://gallery.technet.microsoft.com/scriptcenter/1abd77a5-9c0b-4a2b-acef-90dbb2b84e85

File System Security PowerShell Module 2.3 from Microsoft.

Thanks for all you assistance.
0
 
Patrick BogersDatacenter platform engineer LindowsCommented:
Hi,

This peace of code should do some magic.

$acl = (Get-Item $path).GetAccessControl("Access")

# Setup the access rule.
$allInherit = [System.Security.AccessControl.InheritanceFlags]"ContainerInherit", "ObjectInherit"
$allPropagation = [System.Security.AccessControl.PropagationFlags]"None"
$AR = New-Object System.Security.AccessControl.FileSystemAccessRule $user, $permissions, $allInherit, $allPropagation, "Allow"

# Check if Access already exists.
if ($acl.Access | Where { $_.IdentityReference -eq $User})
{
    $accessModification = New-Object System.Security.AccessControl.AccessControlModification
    $accessModification.value__ = 2
    $modification = $false
    $acl.ModifyAccessRule($accessModification, $AR, [ref]$modification) | Out-Null
}
else
{
    $acl.AddAccessRule($AR)
}

Set-Acl -AclObject $acl -Path $Path
0
 
CaussyRAuthor Commented:
Could you let me know what the following variables should be set to :

$user, $permissions, $allInherit, $allPropagation

I am also seeing the following error :

Get-Acl : A positional parameter cannot be found that accepts argument 'System.Security.AccessControl.DirectorySecurity'.
At line:3 char:1
+ acl = (Get-Item $path).GetAccessControl("Access")
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidArgument: (:) [Get-Acl], ParameterBindingException
    + FullyQualifiedErrorId : PositionalParameterNotFound,Microsoft.PowerShell.Commands.GetAclCommand
 
New-Object : Cannot find an overload for "FileSystemAccessRule" and the argument count: "5".
At line:8 char:7
+ $AR = New-Object System.Security.AccessControl.FileSystemAccessRule $user, $perm ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidOperation: (:) [New-Object], MethodException
    + FullyQualifiedErrorId : ConstructorInvokedThrowException,Microsoft.PowerShell.Commands.NewObjectCommand
 
Exception calling "AddAccessRule" with "1" argument(s): "Value cannot be null.
Parameter name: rule"
At line:20 char:5
+     $acl.AddAccessRule($AR)
+     ~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (:) [], MethodInvocationException
    + FullyQualifiedErrorId : ArgumentNullException
 
Set-Acl : The security identifier is not allowed to be the owner of this object.
At line:23 char:1
+ Set-Acl -AclObject $acl -Path $Path
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidOperation: (C:\Temp\Test:String) [Set-Acl], InvalidOperationException
    + FullyQualifiedErrorId : System.InvalidOperationException,Microsoft.PowerShell.Commands.SetAclCommand
 


Do I need any particular module loaded in Powershell ?
0
Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

 
SubsunCommented:
If you just want to set the owner then the following code should work..

$acl = Get-Acl $FTPPath
$acl.SetOwner([System.Security.Principal.NTAccount] “subsun“)
Set-Acl $FTPPath $ACl

Open in new window

0
 
CaussyRAuthor Commented:
From your advise, I did the following :

$FTPPath = 'c:\temp\test'
$acl = get-acl $FTPPath
$acl.SetOwner([System.Security.Principal.NTAccount] "domain\Caussyr")
set-acl $FTPPath $acl

But the error I get now is,

set-acl : The security identifier is not allowed to be the owner of this object.
At line:4 char:1
+ set-acl $FTPPath $acl
+ ~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidOperation: (C:\temp\test:String) [Set-Acl], InvalidOperationException
    + FullyQualifiedErrorId : System.InvalidOperationException,Microsoft.PowerShell.Commands.SetAclCommand
0
 
SubsunConnect With a Mentor Commented:
It looks like a bug in Get-acl...

You can use the module which you found the TechNet script gallery or you can use the function from following article..

http://cosmoskey.blogspot.in/2010/07/setting-owner-on-acl-in-powershell.html
0
 
CaussyRAuthor Commented:
Through searching I found out that Microsoft have a simple module that can be imported for ACL.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.