I have a script to modify permissions on all sub-folders and files of any folder i point it too. For example, I can point the script at a folder I want to modify say: "Z:\data_folder".
So this script works great if I want to modify permissions on all files and folders below "Z:\data_folder" but it doesn't touch the "z:\data_folder" itself. I've been scratching my head but I can't work out the best to get the script to modify permissions on "Z:\data_folder" as well as modifying permissions on the sub-folders and files, and I can't simply change the path to "Z:" as there are other folders on "Z:" I don't want touched.
Basic script is below:
$rights = [System.Security.AccessControl.FileSystemRights]::FullControl
$inheritance = [System.Security.AccessControl.InheritanceFlags]"ContainerInherit,ObjectInherit"
$propagation = [System.Security.AccessControl.PropagationFlags]::None
$allowdeny = [System.Security.AccessControl.AccessControlType]::Allow
# Customize the domain name
$myDomain = "Domain"
$adminUserName = "AD_Group"
[string]$ErrorLog = 'c:\temp\Permission_Errors.txt'
$foldernames=cmd /c 'dir \\?\Z:\data_folder\ /s /ad /b| findstr "\\\\?\\"'
$foldernames.substring(4) | ForEach `
$folder = $_
$Account = [System.Security.Principal.NTAccount]"$myDomain\$adminUserName"
$Acl = Get-Acl $folder
$newAcl = @((Get-Acl $folder).Access | Select-Object -ExpandProperty IdentityReference)
If ($newAcl -Contains $Account)
Write-Host "Skipping folder. This user account already has permission: " $Account
Write-Host "To the folder: $($folder)"
$Ace = New-Object System.Security.AccessControl.FileSystemAccessRule ($Account,$rights,$inheritance,$propagation,$allowdeny)
Write-Host "Setting permission for folder: $($folder)" -ForegroundColor Yellow
Set-Acl $folder -AclObject $Acl `
Write-Warning "Problem setting permission to folder: $($folder)"
Write-Warning "The following error occurred: $error "
"Problem setting permission to folder: '$($folder)'. The Error encountered was: '$error'" | Out-File $ErrorLog -Append