Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
Setting folder permissions
1,153 views
Skip to first unread message
NewWorldMan
May 18, 2008, 9:04:37 AM5/18/08
to
I've been experimenting with
a couple of scripts to set folder permissions.
I've tried this from here http://chrisfederico.wordpress.com/2008/02/01/setting-acl-on-a-file-or-directory-in-powershell/:
and this from here http://technet.microsoft.com/en-us/magazine/cc194419.aspx:
#ChangeACL.ps1
$Right="FullControl"
#The possible values for Rights are
# ListDirectory, ReadData, WriteData
# CreateFiles, CreateDirectories, AppendData
# ReadExtendedAttributes, WriteExtendedAttributes, Traverse
# ExecuteFile, DeleteSubdirectoriesAndFiles, ReadAttributes
# WriteAttributes, Write, Delete
# ReadPermissions, Read, ReadAndExecute
# Modify, ChangePermissions, TakeOwnership
# Synchronize, FullControl
$StartingDir=Read-Host "What directory do you want to start at?"
$Principal=Read-Host "What security principal do you want to grant" `
"$Right to? `n Use format domain\username or domain\group"
#define a new access rule.
#note that the $rule line has been artificially broken for print purposes.
#it needs to be one line. the online version of the script is properly
#formatted.
$rule=new-object System.Security.AccessControl.FileSystemAccessRule
($Principal,$Right,"Allow")
foreach ($file in $(Get-ChildItem $StartingDir -recurse)) {
$acl=get-acl $file.FullName
#Add this access rule to the ACL
$acl.SetAccessRule($rule)
#Write the changes to the object
set-acl $File.Fullname $acl
}
For the second one I get this error when trying to apply it to an inetpub folder:
Exception calling "SetAccessRule" with "1" argument(s): "Some or all identity references could not be translated."
At C:\Documents and Settings\kmcfarlane\My Documents\Development\ChangeACL.ps1:29 char:21
+ $acl.SetAccessRule( <<<< $rule)
Set-Acl : The security identifier is not allowed to be the owner of this object.
At C:\Documents and Settings\kmcfarlane\My Documents\Development\ChangeACL.ps1:32 char:10
+ set-acl <<<< $File.Fullname $acl
For the first script I just get the first part of that error. Any ideas?
--
Kevin
I've tried this from here http://chrisfederico.wordpress.com/2008/02/01/setting-acl-on-a-file-or-directory-in-powershell/:
$acl =
Get-Acl c:\temp
$permission =
"domain\user","FullControl","Allow"
$accessRule = New-Object
System.Security.AccessControl.FileSystemAccessRule
$permission
$acl.SetAccessRule($accessRule)
$acl | Set-Acl
c:\tempand this from here http://technet.microsoft.com/en-us/magazine/cc194419.aspx:
#ChangeACL.ps1
$Right="FullControl"
#The possible values for Rights are
# ListDirectory, ReadData, WriteData
# CreateFiles, CreateDirectories, AppendData
# ReadExtendedAttributes, WriteExtendedAttributes, Traverse
# ExecuteFile, DeleteSubdirectoriesAndFiles, ReadAttributes
# WriteAttributes, Write, Delete
# ReadPermissions, Read, ReadAndExecute
# Modify, ChangePermissions, TakeOwnership
# Synchronize, FullControl
$StartingDir=Read-Host "What directory do you want to start at?"
$Principal=Read-Host "What security principal do you want to grant" `
"$Right to? `n Use format domain\username or domain\group"
#define a new access rule.
#note that the $rule line has been artificially broken for print purposes.
#it needs to be one line. the online version of the script is properly
#formatted.
$rule=new-object System.Security.AccessControl.FileSystemAccessRule
($Principal,$Right,"Allow")
foreach ($file in $(Get-ChildItem $StartingDir -recurse)) {
$acl=get-acl $file.FullName
#Add this access rule to the ACL
$acl.SetAccessRule($rule)
#Write the changes to the object
set-acl $File.Fullname $acl
}
For the second one I get this error when trying to apply it to an inetpub folder:
Exception calling "SetAccessRule" with "1" argument(s): "Some or all identity references could not be translated."
At C:\Documents and Settings\kmcfarlane\My Documents\Development\ChangeACL.ps1:29 char:21
+ $acl.SetAccessRule( <<<< $rule)
Set-Acl : The security identifier is not allowed to be the owner of this object.
At C:\Documents and Settings\kmcfarlane\My Documents\Development\ChangeACL.ps1:32 char:10
+ set-acl <<<< $File.Fullname $acl
For the first script I just get the first part of that error. Any ideas?
--
Kevin
![Marco Shaw [MVP]'s profile photo](https://lh3.googleusercontent.com/a/default-user=s40-c)
Marco Shaw [MVP]
May 18, 2008, 9:36:16 PM5/18/08
to
NewWorldMan wrote:
> I've been experimenting with a couple of scripts to set folder permissions.
>
> I've tried this from here
> http://chrisfederico.wordpress.com/2008/02/01/setting-acl-on-a-file-or-directory-in-powershell/:
>
> |$acl = Get-Acl c:\temp
> $permission = "domain\user","FullControl","Allow"
> $accessRule = New-Object
> System.Security.AccessControl.FileSystemAccessRule $permission
> $acl.SetAccessRule($accessRule)
> $acl | Set-Acl c:\temp|
> I've been experimenting with a couple of scripts to set folder permissions.
>
> I've tried this from here
> http://chrisfederico.wordpress.com/2008/02/01/setting-acl-on-a-file-or-directory-in-powershell/:
>
> |$acl = Get-Acl c:\temp
> $permission = "domain\user","FullControl","Allow"
> $accessRule = New-Object
> System.Security.AccessControl.FileSystemAccessRule $permission
> $acl.SetAccessRule($accessRule)
> $acl | Set-Acl c:\temp|
This one is shorter...
Works for me.
So, does "domain\user" exist in your environment? That syntax supposes
that you are adding a *domain* account with that username.
Marco
--
Microsoft MVP - Windows PowerShell
http://www.microsoft.com/mvp
PowerGadgets MVP
http://www.powergadgets.com/mvp
0 new messages