none
Issue in PowerShell with setting inheritance RRS feed

  • Question

  • I have a script that I need some assistance in configuring permission inheritance on a collection of folders and subfolders

    Here's what I have so far:

        cls
        Set-Location "C:\Set-ACL"
        $log = "C:\Set-ACL\Folders.txt"
        #Gets the ACL's from a folder with correct permissions set
        $ACL = Get-Acl -Path "C:\Folder\subfolder\subfolder\subfolder"
        $Folders = Get-ChildItem -Path "E:\Folder\Subfolder\*\*" | Select-String -pattern "01-"
        $Folders >> $log
    
        Start-Process $log -Wait
        #Function to pause script while ignoring certain keys like Ctrl etc.
        'Function Pause4user($M = "Press any key to continue setting ACL's Ctrl + C to quit  . . . ") { If ($psISE) { $S = New-Object -ComObject "WScript.Shell"; $B = $S.Popup("Click OK to continue.", 0, "Script Paused", 0); Return }; Write-Host -NoNewline $M; $I = 16, 17, 18, 20, 91, 92, 93, 144, 145, 166, 167, 168, 169, 170, 171, 172, 173, 174, 175, 176, 177, 178, 179, 180, 181, 182, 183; While ($K.VirtualKeyCode -Eq $Null -Or $I -Contains $K.VirtualKeyCode) { $K = $Host.UI.RawUI.ReadKey("NoEcho,IncludeKeyDown") }; Write-Host }'
        Pause4user
    
        foreach ($Folder in $Folders)
        {
    
    Set-ACL -Path $Folders -AclObject $ACL
    Write-Host "ACL's Set"
    Remove-Item $log
    
        }
    

    The issue i'm finding is that the permissions I have defined in the variable $ACL are not passed to all subfolders and using -recurse after the Get-ChildItem looks like it would do the job but doesnt work because of the 260 character limit in the path.

    Is there a way to set the permissions on the folders returned in the $Folders variable and inherit these permissions to everything underneath it therefore not running into the path limit?

    P.S. Go easy on the script it was put together quickly!

    Thanks in advance

    Wednesday, June 4, 2014 10:07 AM

Answers

  • Hi Jack,

    you can enforce childfolders accepting inheritance by getting their respective Acl, und using the SetAccessRuleProtection method on the target folders.

    If path length is escalating, you may want to consider doing one of these:

    • Temporarily create junctions to shorten the path.
    • Redesign your storage to be (or appear) more flat

    I think there are other tools out there that can handle the path issue, but I don't have one at hand I can recommend - I have never had to design paths that long.

    Cheers,
    Fred

    Ps.: Some shameless advertisement: This function will create junctions for you, if you need something for that. You can remove them afterwards like any other shortcut.


    There's no place like 127.0.0.1


    • Edited by FWN Wednesday, June 4, 2014 10:50 AM
    • Marked as answer by Jack Stalley Monday, June 9, 2014 8:20 AM
    Wednesday, June 4, 2014 10:48 AM
  • Part of the problem here is a very badly formatted script.  It is almost impossible to see what is happening.

    Start with something that does not include a dozen unused lines and fix some of the logic errors.

    Given the following what is it you are trying to do.

    #Gets the ACL's from a folder with correct permissions set
    $ACL = Get-Acl -Path "C:\Folder\subfolder\subfolder\subfolder"
    $folders=Get-ChildItem -Path "E:\Folder\Subfolder\*\*" -Include "*01-*"
    foreach($f in $folders){
        Set-ACL -Path $f -AclObject $ACL
    }
    If you are only interest in inheritance that alter this to use Fred's suggestion.


    ¯\_(ツ)_/¯


    • Edited by jrv Wednesday, June 4, 2014 1:28 PM
    • Marked as answer by Jack Stalley Monday, June 9, 2014 8:20 AM
    Wednesday, June 4, 2014 1:27 PM

All replies

  • Hi Jack,

    you can enforce childfolders accepting inheritance by getting their respective Acl, und using the SetAccessRuleProtection method on the target folders.

    If path length is escalating, you may want to consider doing one of these:

    • Temporarily create junctions to shorten the path.
    • Redesign your storage to be (or appear) more flat

    I think there are other tools out there that can handle the path issue, but I don't have one at hand I can recommend - I have never had to design paths that long.

    Cheers,
    Fred

    Ps.: Some shameless advertisement: This function will create junctions for you, if you need something for that. You can remove them afterwards like any other shortcut.


    There's no place like 127.0.0.1


    • Edited by FWN Wednesday, June 4, 2014 10:50 AM
    • Marked as answer by Jack Stalley Monday, June 9, 2014 8:20 AM
    Wednesday, June 4, 2014 10:48 AM
  • look closely at this piece of code:

    foreach ($Folder in $Folders)
        {

    Set-ACL -Path $Folders -AclObject $ACL
    Write-Host "ACL's Set"
    Remove-Item $log

        }

    I think this is not what you want and is where the path limit is failing.


    ¯\_(ツ)_/¯

    Wednesday, June 4, 2014 1:21 PM
  • Part of the problem here is a very badly formatted script.  It is almost impossible to see what is happening.

    Start with something that does not include a dozen unused lines and fix some of the logic errors.

    Given the following what is it you are trying to do.

    #Gets the ACL's from a folder with correct permissions set
    $ACL = Get-Acl -Path "C:\Folder\subfolder\subfolder\subfolder"
    $folders=Get-ChildItem -Path "E:\Folder\Subfolder\*\*" -Include "*01-*"
    foreach($f in $folders){
        Set-ACL -Path $f -AclObject $ACL
    }
    If you are only interest in inheritance that alter this to use Fred's suggestion.


    ¯\_(ツ)_/¯


    • Edited by jrv Wednesday, June 4, 2014 1:28 PM
    • Marked as answer by Jack Stalley Monday, June 9, 2014 8:20 AM
    Wednesday, June 4, 2014 1:27 PM