PowerShell To Set Folder Permissions

Question

I am trying to use the "default" options in applying folder permissions; by that, I mean that using the "Full Controll, Write, Read, etc" in the 'Properties' for a folder.

The following script works to add the user in, but it applies "Special Permissions" - not the ones with the tick boxes for the ones visible in the properties menu of the folder:

$Acl = Get-Acl "\\R9N2WRN\Share"  $Ar = New-Object System.Security.AccessControl.FileSystemAccessRule ("user","FullControl","Allow")  $Acl.SetAccessRule($Ar) Set-Acl "\\R9N2WRN\Share" $Acl 

What am I doing wrong please?

Answer 1

Specifying inheritance in the FileSystemAccessRule() constructor fixes this, as demonstrated by the modified code below (notice the two new constuctor parameters inserted between "FullControl" and "Allow").

$Acl = Get-Acl "\\R9N2WRN\Share"  $Ar = New-Object System.Security.AccessControl.FileSystemAccessRule("user", "FullControl", "ContainerInherit,ObjectInherit", "None", "Allow")  $Acl.SetAccessRule($Ar) Set-Acl "\\R9N2WRN\Share" $Acl 

According to this topic

"when you create a FileSystemAccessRule the way you have, the InheritanceFlags property is set to None. In the GUI, this corresponds to an ACE with the Apply To box set to "This Folder Only", and that type of entry has to be viewed through the Advanced settings."

I have tested the modification and it works, but of course credit is due to the MVP posting the answer in that topic.

Answer 2

Referring to Gamaliel 's answer: $args is an array of the arguments that are passed into a script at runtime - as such cannot be used the way Gamaliel is using it. This is actually working:

$myPath = 'C:\whatever.file' # get actual Acl entry $myAcl = Get-Acl "$myPath" $myAclEntry = "Domain\User","FullControl","Allow" $myAccessRule = New-Object System.Security.AccessControl.FileSystemAccessRule($myAclEntry) # prepare new Acl $myAcl.SetAccessRule($myAccessRule) $myAcl | Set-Acl "$MyPath" # check if added entry present Get-Acl "$myPath" | fl