Can someone please explain what exactly this script does line by line. Thank you.

I found this script that will check the checkbox “Include inheritable permission from this object’s parent” for the folders.
Could you please let me know if this is a good script that we can use for production. Also, it takes very very long time to run on just one share - more than 12 hours. Is it possible to make it faster or, for example, maybe if we already know folders that need to have that checkbox checked, how do we just specify those folders so that script doesn't have to go through everything and find that option. I do have the list of folders that need to be fixed.

thank you very much!

Script is below:
$Path = "\\servername\share01\Public\Finance"

# Get-Acl \\servername\TestShare3 | Set-Acl -path $Path

# Setup new access rule to add to folder ACL
# documentation:
$account     = "amer-ad\svc-admt"
$rights      = [System.Security.AccessControl.FileSystemRights]::FullControl
$inheritance = [System.Security.AccessControl.InheritanceFlags]"ContainerInherit,ObjectInherit"
$propagation = [System.Security.AccessControl.PropagationFlags]::None
$allowdeny   = [System.Security.AccessControl.AccessControlType]::Allow
$dirACE      = New-Object System.Security.AccessControl.FileSystemAccessRule( $account,$rights,$inheritance,$propagation,$allowdeny )

# Get the directories current permissions and add the access rule
$dirACL = Get-Acl $Path
# Add the new AccessRule to the Directory ACL, suppressing errors and trying again until success
$Try = 0
do {
    "Try:  $Try"
    $ACLCheck = $True
    Start-Sleep -Milliseconds 500

    Try { $dirACL.AddAccessRule($dirACE) }
    Catch [System.Exception] { $ACLCheck = $False }
} while( $ACLCheck -eq $False )

# Set (commit changes) the ACL on the folder 
Set-Acl $Path -AclObject $dirACL
"Path:  $Path"

#Search recursivly through location defined;
Get-ChildItem -Recurse -Force $Path | foreach {
     $TempPath = $_.FullName
     "Path:  $TempPath"
     #Get ACL for TempPath
     $acl = Get-Acl $TempPath

     $acl.SetAccessRuleProtection($false, $true)

     #Get SID of explicit ACL
     $acl.Access | where {
          $_.IsInherited -eq $false } | foreach {
          #Foreach SID purge the SID from the ACL
          #Reapply ACL to file or folder without SID

     Set-Acl -AclObject $acl -path $TempPath


Open in new window

Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

David Johnson, CD, MVPOwnerCommented:
the best way is for you to learn powershell
$Path = "\\servername\share01\Public\Finance"
sets the variable $Path to a value of "\\servername\share01\Public\Finance"
powershell has an indepth help structure.
type help or get-help get-acl -examples on a powershell command line and read
same with 'help set-acl -examples'
help start-sleep -examples

$account     = "amer-ad\svc-admt"   #this sets the account that we will be using a domain service acccount. replace with what is appropriate for your domain.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Vaseem MohammedCommented:
As suggested by David, Learn Powershell.
I would say Basics is enough to understand what script is doing.
Basics like:
What is Variable? How you define it? What kind of data it holds?
What is If..Else, Do..While.
What are cmdlets? Module? PSSnapins? PSSession?
What is powershell ISE?

Most important: Get-Help and How to USE Get-Help :-).
Get-Help Get-ADUser
Get-Help Get-ADUser -Full
Get-Help Get-ADUser -Examples
Get-command *ADComputer
creative555Author Commented:
thank you so much!!! Very helpful.

I still have this script running more than 24 hours. Could you please help me to modify it so that I can specify the shares including files there that need that checkbox "Include inheritable permission from this object’s parent" checked.

The $path below specifies the parent from where permissions are pushed to all child directories beneath, which is not really needed. Lets say I just need two directories to fix that I know under finance - subdirectory 1 and subdirectory 2. how would I add those specific subdirectories for the script instead of using re-curse to search all the files....This script is not working for us since it takes forever and we already know directories that need to be fixed.
$Path = "\\servername\share01\Public\Finance"

Thank you very much!
creative555Author Commented:
Thank you very much!
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.