Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Disable inheritance and manually apply permissions when creating a folder in Powershell

Tags:

inheritance

powershell

Im trying to make a new folder in Powershell but I do not want it to inherit any NTFS security permissions and manually add 2 users: The creator and my own admin account.

I have this:

    $FolderPath = "\\srv\path"
New-Item -ItemType directory -Path $FolderPath
$acl = Get-Acl "\\srv\path"
$acl.SetAccessRuleProtection($True, $False)
$acl.Access | %{$acl.RemoveAccessRule($_)} # I remove all security
$acl.SetOwner([System.Security.Principal.NTAccount] $env:USERNAME) # I set the current user as owner
$rule = New-Object System.Security.AccessControl.FileSystemAccessRule('myadminaccount','FullControl','Allow') # I set my admin account as also having access
$acl.AddAccessRule($rule)
Set-Acl $FolderPath $acl | Out-Null

It does not work and it sill inherits the parent's security permissions.

I changed it to the comment below but it does not allow the user to set ACLs for a folder HE created. Over the root folder (path), he has change permissions privileges...

This is the access error recieved

enter image description here

What permissions should he have over the folder he just created with the code above? The owner should be able to modify it freely.

Added the full control share permission for the user and now I get that the process does not have "SeSecurityPrivilege". This happens when I add the $acl.SetAccessRuleProtection($True, $False) line

How can I get this to work?

like image 348
riahc3 Avatar asked Jul 30 '15 10:07

riahc3

1 Answers

Use the SetAccessRuleProtection() method to exclude the ACL from inheriting rules:

$acl.SetAccessRuleProtection($true,$false)

The second argument (preserveInheritance) also removes existing inherited rules when set to false, leaving just the system default ACE's.

If you have problems applying the inheritance protection, make sure you update the ACL with the ownership information before setting access rule protection:

$acl = Get-Acl "\\srv\path"
# SetOwner
$acl.SetOwner([System.Security.Principal.NTAccount] $env:USERNAME)
# Write updated ownership info back
Set-Acl $FolderPath $acl | Out-Null
# SetAccessRuleProtection
$acl.SetAccessRuleProtection($True, $False)
# Write updated ACL back
Set-Acl $FolderPath $acl | Out-Null
like image 110
Mathias R. Jessen Avatar answered Sep 28 '22 18:09

Mathias R. Jessen
Sign in to Comment

Related questions

Azure Powershell Select-AzureSubscription with subscription id
Apply XOR operation to an array of bytes?
Add column and assign value to an existing array
How can I convert currency strings to numerical values?
How to extract specific tables from html file using native powershell commands?
How to load files according to Created Date in Windows command shell via SQL Server's xp_cmdshell
Add new key value pair to JSON file in powershell.
Powershell: Getting GPS Coordinates in Windows 10 - Using Windows Location API?
Ansible playbook, what is the proper syntax to run a powershell script with a specific (domain) user, in an elevated mode?
Start-Process redirect output to $null
SMB share mappings created with New-SmbGlobalMapping for docker containers not restored after reboot on windows server 1803
How to get the index of the last occurence of a char in PowerShell string?
How to follow a symbolic/soft link in cmd or PowerShell?
script to save file as unicode
How do I use a parameterized script block with Where-Object in Powershell?
Using PowerShell's Add-Member results in an error
Can I access My Custom .NET Class from PowerShell?
Why is my boolean of value 0 returning true?
PowerShell Remove Files smaller than 500bytes in directory recursively
PowerShell - Connecting to Azure Active Directory using Microsoft Account

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!