Powershell Script to Add AD Security Group to Shared Folder with Inheritance/Propogation set to "This Folder, Subfolders & Files"

Wayne Viljoen
Wayne Viljoen used Ask the Experts™
on
I would like to modify the following Powershell script to add an AD Security Group to a shared folder, but I'd like to also like to set the Inheritance and Propagation flags so that the security group is applied to "This Folder, Subfolder & Files":

$acl = Get-Acl \\OFS1\Data\Accounts

$AccessRule = New-Object System.Security.AccessControl.FileSystemAccessRule("OREP\Custom-ADSecurityGroup","FullControl","Allow")

$acl.SetAccessRule($AccessRule)

$acl | Set-Acl \\OFS1\Data\Accounts


I have seen various references to setting the Propagation=none and Inheritance=Container|Object and that it might be represented as so:

InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit
PropagationFlags.None

I have no idea how to incorporate this into the script above...
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Most Valuable Expert 2018
Distinguished Expert 2018
Commented:
Try it like this:
$acl = Get-Acl \\OFS1\Data\Accounts
$AccessRule = New-Object System.Security.AccessControl.FileSystemAccessRule("mr","FullControl", "ContainerInherit, ObjectInherit", "None", "Allow")
$acl.SetAccessRule($AccessRule)
$acl | Set-Acl \\OFS1\Data\Accounts

Open in new window

Author

Commented:
Thanks so much for the clear advice! As usual, the solution was simple!

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial