none
Unable to set NTFS permissions on share using PowerShell. The user shows up with no rights checked off. RRS feed

  • Question

  • I am having a little problem here with setting NTFS permissions via PowerShell. 

    Basically I am able to make a new directory on the share, and assign a user NTFS permissions however it just assigns the select user without any permissions set.

    $username = "test.user"
    $directory = "\\testlab-sv01\Share\newfolder"
    
    New-Item -Path $directory -ItemType Directory
    
    $colRights = [System.Security.AccessControl.FileSystemRights]"FullControl" 
    
    $InheritanceFlag = [System.Security.AccessControl.InheritanceFlags]::ContainerInherit 
    $PropagationFlag = [System.Security.AccessControl.PropagationFlags]::InheritOnly 
    
    $objType =[System.Security.AccessControl.AccessControlType]::Allow 
    
    $objUser = New-Object System.Security.Principal.NTAccount("$username") 
    
    $objACE = New-Object System.Security.AccessControl.FileSystemAccessRule($objUser, $colRights, $InheritanceFlag, $PropagationFlag, $objType) 
    
    $objACL = Get-ACL $directory 
    $objACL.AddAccessRule($objACE)
    
    Set-ACL $directory $objACL
    

    A side question, why isn't this native in Powershell? Is it for security reasons? I expected there to be a cmdlet for it. 

    Thanks. 


    Kyle

    Tuesday, September 23, 2014 9:16 PM

Answers

  • When you say there are no permissions, do mean that the ACL Editor is showing 'Special permissions' and none of the other boxes are checked?

    Try changing the inheritance and propagation flags to this:

    $InheritanceFlag = [System.Security.AccessControl.InheritanceFlags] "ContainerInherit, ObjectInherit"
    $PropagationFlag = [System.Security.AccessControl.PropagationFlags]::None

    That sets the ACE to apply to the folder (InheritOnly propagation flag isn't set) , subfolders (ContainerInherit inheritance flag is set), and files (ObjectInherit inheritance flag is set), which is necessary for the ACE to not be considered 'special' in the ACL Editor.

    • Marked as answer by leeman2424 Wednesday, September 24, 2014 2:02 PM
    Tuesday, September 23, 2014 9:30 PM

All replies

  • When you say there are no permissions, do mean that the ACL Editor is showing 'Special permissions' and none of the other boxes are checked?

    Try changing the inheritance and propagation flags to this:

    $InheritanceFlag = [System.Security.AccessControl.InheritanceFlags] "ContainerInherit, ObjectInherit"
    $PropagationFlag = [System.Security.AccessControl.PropagationFlags]::None

    That sets the ACE to apply to the folder (InheritOnly propagation flag isn't set) , subfolders (ContainerInherit inheritance flag is set), and files (ObjectInherit inheritance flag is set), which is necessary for the ACE to not be considered 'special' in the ACL Editor.

    • Marked as answer by leeman2424 Wednesday, September 24, 2014 2:02 PM
    Tuesday, September 23, 2014 9:30 PM
  • When you say there are no permissions, do mean that the ACL Editor is showing 'Special permissions' and none of the other boxes are checked?

    Try changing the inheritance and propagation flags to this:

    $InheritanceFlag = [System.Security.AccessControl.InheritanceFlags] "ContainerInherit, ObjectInherit"
    $PropagationFlag = [System.Security.AccessControl.PropagationFlags]::None

    That sets the ACE to apply to the folder (InheritOnly propagation flag isn't set) , subfolders (ContainerInherit inheritance flag is set), and files (ObjectInherit inheritance flag is set), which is necessary for the ACE to not be considered 'special' in the ACL Editor.

    Awesome. Thanks. That did work. 

    And yes I did mean that it was showing special permissions with nothing checked. 


    Kyle

    Wednesday, September 24, 2014 2:02 PM