Take Ownership of Folders

Please, could anyone let me know how I can change a folders ownership in Powershell ? I have tried the following :

$FTPPath = "c:\test"
Get-Acl $FTPPath | Format-List
$ACL = Get-Acl $FTPPath
$Rule = New-Object System.Security.AccessControl.FileSystemAccessRule("TESTFTP","FullControl")
Set-Acl $FTPPath $ACL

The above works for adding permissions to a folder but need to know how to take ownership.

Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Patrick BogersDatacenter platform engineer LindowsCommented:

This peace of code should do some magic.

$acl = (Get-Item $path).GetAccessControl("Access")

# Setup the access rule.
$allInherit = [System.Security.AccessControl.InheritanceFlags]"ContainerInherit", "ObjectInherit"
$allPropagation = [System.Security.AccessControl.PropagationFlags]"None"
$AR = New-Object System.Security.AccessControl.FileSystemAccessRule $user, $permissions, $allInherit, $allPropagation, "Allow"

# Check if Access already exists.
if ($acl.Access | Where { $_.IdentityReference -eq $User})
    $accessModification = New-Object System.Security.AccessControl.AccessControlModification
    $accessModification.value__ = 2
    $modification = $false
    $acl.ModifyAccessRule($accessModification, $AR, [ref]$modification) | Out-Null

Set-Acl -AclObject $acl -Path $Path
CaussyRAuthor Commented:
Could you let me know what the following variables should be set to :

$user, $permissions, $allInherit, $allPropagation

I am also seeing the following error :

Get-Acl : A positional parameter cannot be found that accepts argument 'System.Security.AccessControl.DirectorySecurity'.
At line:3 char:1
+ acl = (Get-Item $path).GetAccessControl("Access")
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidArgument: (:) [Get-Acl], ParameterBindingException
    + FullyQualifiedErrorId : PositionalParameterNotFound,Microsoft.PowerShell.Commands.GetAclCommand
New-Object : Cannot find an overload for "FileSystemAccessRule" and the argument count: "5".
At line:8 char:7
+ $AR = New-Object System.Security.AccessControl.FileSystemAccessRule $user, $perm ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidOperation: (:) [New-Object], MethodException
    + FullyQualifiedErrorId : ConstructorInvokedThrowException,Microsoft.PowerShell.Commands.NewObjectCommand
Exception calling "AddAccessRule" with "1" argument(s): "Value cannot be null.
Parameter name: rule"
At line:20 char:5
+     $acl.AddAccessRule($AR)
+     ~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (:) [], MethodInvocationException
    + FullyQualifiedErrorId : ArgumentNullException
Set-Acl : The security identifier is not allowed to be the owner of this object.
At line:23 char:1
+ Set-Acl -AclObject $acl -Path $Path
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidOperation: (C:\Temp\Test:String) [Set-Acl], InvalidOperationException
    + FullyQualifiedErrorId : System.InvalidOperationException,Microsoft.PowerShell.Commands.SetAclCommand

Do I need any particular module loaded in Powershell ?
If you just want to set the owner then the following code should work..

$acl = Get-Acl $FTPPath
$acl.SetOwner([System.Security.Principal.NTAccount] “subsun“)
Set-Acl $FTPPath $ACl

Open in new window

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

CaussyRAuthor Commented:
From your advise, I did the following :

$FTPPath = 'c:\temp\test'
$acl = get-acl $FTPPath
$acl.SetOwner([System.Security.Principal.NTAccount] "domain\Caussyr")
set-acl $FTPPath $acl

But the error I get now is,

set-acl : The security identifier is not allowed to be the owner of this object.
At line:4 char:1
+ set-acl $FTPPath $acl
+ ~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidOperation: (C:\temp\test:String) [Set-Acl], InvalidOperationException
    + FullyQualifiedErrorId : System.InvalidOperationException,Microsoft.PowerShell.Commands.SetAclCommand
CaussyRAuthor Commented:
After a lo9t of research I found this page : http://gallery.technet.microsoft.com/scriptcenter/1abd77a5-9c0b-4a2b-acef-90dbb2b84e85

File System Security PowerShell Module 2.3 from Microsoft.

Thanks for all you assistance.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It looks like a bug in Get-acl...

You can use the module which you found the TechNet script gallery or you can use the function from following article..

CaussyRAuthor Commented:
Through searching I found out that Microsoft have a simple module that can be imported for ACL.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.