none
Create Access Control Entries (using PS) with apply to "Subfolders and files only" / "This Folders and Files" and others RRS feed

  • Question

  • Hi All

    I have an requirement to set NTFS permissions using Powershell Script. Came with below script to have the permission set:

    $pathItem = "C:\TEST"
    
    $objACL = Get-ACL $pathItem
    $colRights = [System.Security.AccessControl.FileSystemRights]"FullControl" 
    $InheritanceFlag = [System.Security.AccessControl.InheritanceFlags]::None 
    $PropagationFlag = [System.Security.AccessControl.PropagationFlags]::None 
    $objType =[System.Security.AccessControl.AccessControlType]::Allow
    
    $objACERule = New-Object System.Security.AccessControl.FileSystemAccessRule("NT AUTHORITY\Authenticated Users","Modify,Synchronize", $InheritanceFlag, $PropagationFlag, $objType) 
    
    $objACL.AddAccessRule($objACERule) 
    
    Set-ACL $pathItem $objACL

    The above script help me to set the permission Apply to : This folder only. But i want to set the permission Apply to: Subfolders and files only.

    My current script does the below:

    Apply to: This folder only

    My requirement is:

    Apply To: Subfolders and files only

    Please help how can i achieve this.

    Thank you


    Regards Ram

    Monday, September 1, 2014 7:40 AM

Answers

  • You need:

    • Inheritance: ContainerInherit + ObjectInheirt, and
    • Propagation: InheritOnly

    as in:

    $pathItem='c:\test'
    $objacl=Get-ACL $pathItem
    $objACERule=New-Object System.Security.AccessControl.FileSystemAccessRule('NT AUTHORITY\Authenticated Users','Modify,Synchronize', 'ContainerInherit,ObjectInherit', 'InheritOnly', 'Allow') 
    $objacl.AddAccessRule($objACERule) 
    Set-ACL $pathItem $objacl
    $objACL.Access | select * | Out-GridView
    See this link for more details..


    Sam Boutros, Senior Consultant, Software Logic, KOP, PA http://superwidgets.wordpress.com (Please take a moment to Vote as Helpful and/or Mark as Answer, where applicable)



    • Edited by Sam Boutros Monday, September 1, 2014 9:28 AM
    • Marked as answer by RKRamesh Monday, September 1, 2014 10:24 AM
    Monday, September 1, 2014 9:16 AM
  • Try this.

    $path='c:\test'
    $acl=Get-ACL $path
    $ace=New-Object System.Security.AccessControl.FileSystemAccessRule('NT AUTHORITY\Authenticated Users','Modify,Synchronize', 'ObjectInherit', 'None', 'Allow') 
    $acl.AddAccessRule($ace) 
    Set-ACL $path $acl


    ¯\_(ツ)_/¯

    • Marked as answer by RKRamesh Monday, September 1, 2014 10:24 AM
    Monday, September 1, 2014 8:38 AM

All replies

  • Try this.

    $path='c:\test'
    $acl=Get-ACL $path
    $ace=New-Object System.Security.AccessControl.FileSystemAccessRule('NT AUTHORITY\Authenticated Users','Modify,Synchronize', 'ObjectInherit', 'None', 'Allow') 
    $acl.AddAccessRule($ace) 
    Set-ACL $path $acl


    ¯\_(ツ)_/¯

    • Marked as answer by RKRamesh Monday, September 1, 2014 10:24 AM
    Monday, September 1, 2014 8:38 AM
  • You need:

    • Inheritance: ContainerInherit + ObjectInheirt, and
    • Propagation: InheritOnly

    as in:

    $pathItem='c:\test'
    $objacl=Get-ACL $pathItem
    $objACERule=New-Object System.Security.AccessControl.FileSystemAccessRule('NT AUTHORITY\Authenticated Users','Modify,Synchronize', 'ContainerInherit,ObjectInherit', 'InheritOnly', 'Allow') 
    $objacl.AddAccessRule($objACERule) 
    Set-ACL $pathItem $objacl
    $objACL.Access | select * | Out-GridView
    See this link for more details..


    Sam Boutros, Senior Consultant, Software Logic, KOP, PA http://superwidgets.wordpress.com (Please take a moment to Vote as Helpful and/or Mark as Answer, where applicable)



    • Edited by Sam Boutros Monday, September 1, 2014 9:28 AM
    • Marked as answer by RKRamesh Monday, September 1, 2014 10:24 AM
    Monday, September 1, 2014 9:16 AM
  • Thanks to both Jrv and Sam.

    Regards Ram

    Monday, September 1, 2014 10:41 AM