troubleshooting Question

Modifying folder permissions with Powershell.

Avatar of Carlos Sanchez
Carlos Sanchez asked on
PowershellWindows OSWindows NetworkingWindows Server 2008Windows Server 2003
4 Comments1 Solution12 ViewsLast Modified:
Hello everyone,
It has been revealed to us from a vulnerability scan that a program that many people use has an ACE of Everyone, Full Control. I have found that I am able to remove that entry and replace it with Authenticated users, Read and Execute and the program still works. Real dick move from these developers!!!  I am now in the process writing a PowerShell script to accomplish this.  Here is the script that I have so far:

$Acl = Get-Acl "C:\Program Files (x86)\Fakeprogram\subfolder"
$AU = New-Object System.Security.AccessControl.FileSystemAccessRule("Authenticated Users", "ReadAndExecute" , "Allow")
$Everyone = New-Object System.Security.AccessControl.FileSystemAccessRule("Everyone", "FullControl" , "Allow")
$Acl.addAccessRule($AU)
$Acl.RemoveAccessRule($Everyone)
Set-Acl "C:\Program Files (x86)\Fakeprogram\subfolder"  $Acl


The result of this is that it adds the authenticated users group, but on the security tab, it just says, "special permissions," you go to advanced and then you see that Read & Execute and the Everyone group is the same way after this, but it says full control in the Advanced permissions and that is obviously not true because I now get prompted for admin credentials when I go to change the permissions back in the GUI.  I am frustrated with this one, because I read a bunch of things online about this, did what everyone told me and these are the results that I am getting.  Can anyone tell me if  I am doing anything wrong that is causing all this weirdness?  I think that you can all imagine that I am just trying to remove Everyone: Full Control and add Authenticated Users Read and Execute and have look as if I did it through the GUI.  
ASKER CERTIFIED SOLUTION
Join our community to see this answer!
Unlock 1 Answer and 4 Comments.
Start Free Trial
Learn from the best

Network and collaborate with thousands of CTOs, CISOs, and IT Pros rooting for you and your success.

Andrew Hancock - VMware vExpert
See if this solution works for you by signing up for a 7 day free trial.
Unlock 1 Answer and 4 Comments.
Try for 7 days

”The time we save is the biggest benefit of E-E to our team. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange.

-Mike Kapnisakis, Warner Bros