# Set ACL Recursively for a single folder within multiple directories

• ### Question

• Hello,

Share Directory is D:\Projects

Within Projects, we have several hundred project folders --

• 001-001 Project A
• 001-002 Project B
• 001-003 Project C
• Etc.

Within each project folder there are many folders and files; However, the one I want to restrict is PM

• Folder A
• Folder B
• Folder C
• PM
• miscellaneous files

The question is how do I setup the ForEach statement to parse the Project Share and only set the ACLs on the PM folder?

Monday, November 5, 2018 6:22 PM

• Hi Erik4000

To get the list of Folder just use get-childitem with a filter in a variable. Once you have that do a foreach loop. See below

I would just create some test folder first to make sure it works correctly.

$folders = Get-ChildItem -Directory -Path D:\Projects -Recurse -Filter "PM" foreach ($folder in $folders){ ##adds PM group to PM folder$acl = Get-Acl -path $folder.FullName$accessRule = New-Object System.Security.AccessControl.FileSystemAccessRule
("domain_name\pm_group", "Modify", "ContainerInherit,ObjectInherit", "None", "Allow")
$acl.SetAccessRule($accessRule)
$acl | Set-Acl -path$folder.FullName
}

If you find that my post has answered your question, please mark it as the answer. If you find my post to be helpful in anyway, please click vote as helpful.

• Marked as answer by Tuesday, November 6, 2018 3:48 PM
Monday, November 5, 2018 7:00 PM

### All replies

• What does your script look like so far?

-- Bill Stewart [Bill_Stewart]

Monday, November 5, 2018 6:26 PM
• ##set path
$path = "D:\Projects" ##get project name$npf = read-host "Please Enter A Project Name"

##create PM folder
new-item -path $path\$npf\PM -type Directory

##removes inheritance from PM folder
$acl = Get-Item$path\$npf\PM | get-acl$acl.SetAccessRuleProtection($true,$true)
$acl |Set-Acl ##remove domain users from PM folder$acl = (Get-Item $path\$npf\PM).GetAccessControl('Access')
$RemoveACL =$acl.Access | ?{ $_.IsInherited -eq$false -and $_.IdentityReference -eq domain_name\domain users" }$acl.RemoveAccessRuleAll($RemoveACL)$acl | Set-Acl -path $path\$npf\PM

##adds PM group to PM folder
$acl = Get-Acl -path$path\$npf\PM$accessRule = New-Object System.Security.AccessControl.FileSystemAccessRule ("domain_name\pm_group", "Modify", "ContainerInherit,ObjectInherit", "None", "Allow")
$acl.SetAccessRule($accessRule)
$acl | Set-Acl -path$path\$npf\PM --------------------------------------------------------------- PM folders have been added manually before this script existed so I need to convert this script and run it against every PM folder so that every PM folder is locked down. Monday, November 5, 2018 6:38 PM • Hi Erik4000 To get the list of Folder just use get-childitem with a filter in a variable. Once you have that do a foreach loop. See below I would just create some test folder first to make sure it works correctly. $folders = Get-ChildItem -Directory -Path D:\Projects -Recurse -Filter "PM"
foreach ($folder in$folders){
##adds PM group to PM folder
$acl = Get-Acl -path$folder.FullName
$accessRule = New-Object System.Security.AccessControl.FileSystemAccessRule  ("domain_name\pm_group", "Modify", "ContainerInherit,ObjectInherit", "None", "Allow")$acl.SetAccessRule($accessRule)$acl | Set-Acl -path \$folder.FullName
}

If you find that my post has answered your question, please mark it as the answer. If you find my post to be helpful in anyway, please click vote as helpful.

• Marked as answer by Tuesday, November 6, 2018 3:48 PM
Monday, November 5, 2018 7:00 PM