TechTalkz.com Technology & Computer Troubleshooting Forums - View Single Post

18-05-2008, 06:52 PM

I've been experimenting with a couple of scripts to set folder permissions.

I've tried this from here http://chrisfederico.wordpress.com/2...n-powershell/:

$acl = Get-Acl c:\temp
$permission = "domain\user","FullControl","Allow"
$accessRule = New-Object System.Security.AccessControl.FileSystemAccessRule $permission
$acl.SetAccessRule($accessRule)
$acl | Set-Acl c:\temp

and this from here http://technet.microsoft.com/en-us/m...cc194419.aspx:

#ChangeACL.ps1
$Right="FullControl"

#The possible values for Rights are
# ListDirectory, ReadData, WriteData
# CreateFiles, CreateDirectories, AppendData
# ReadExtendedAttributes, WriteExtendedAttributes, Traverse
# ExecuteFile, DeleteSubdirectoriesAndFiles, ReadAttributes
# WriteAttributes, Write, Delete
# ReadPermissions, Read, ReadAndExecute
# Modify, ChangePermissions, TakeOwnership
# Synchronize, FullControl

$StartingDir=Read-Host "What directory do you want to start at?"
$Principal=Read-Host "What security principal do you want to grant" `
"$Right to? `n Use format domain\username or domain\group"

#define a new access rule.
#note that the $rule line has been artificially broken for print purposes.
#it needs to be one line. the online version of the script is properly
#formatted.
$rule=new-object System.Security.AccessControl.FileSystemAccessRule
($Principal,$Right,"Allow")

foreach ($file in $(Get-ChildItem $StartingDir -recurse)) {
$acl=get-acl $file.FullName

#Add this access rule to the ACL
$acl.SetAccessRule($rule)

#Write the changes to the object
set-acl $File.Fullname $acl
}

For the second one I get this error when trying to apply it to an inetpub folder:

Exception calling "SetAccessRule" with "1" argument(s): "Some or all identity references could not be translated."
At C:\Documents and Settings\kmcfarlane\My Documents\Development\ChangeACL.ps1:29 char:21
+ $acl.SetAccessRule( <<<< $rule)
Set-Acl : The security identifier is not allowed to be the owner of this object.
At C:\Documents and Settings\kmcfarlane\My Documents\Development\ChangeACL.ps1:32 char:10
+ set-acl <<<< $File.Fullname $acl

For the first script I just get the first part of that error. Any ideas?
--
Kevin

18-05-2008, 06:52 PM	#1
NewWorldMan Guest Posts: n/a	Setting folder permissions I've been experimenting with a couple of scripts to set folder permissions. I've tried this from here http://chrisfederico.wordpress.com/2...n-powershell/: $acl = Get-Acl c:\temp $permission = "domain\user","FullControl","Allow" $accessRule = New-Object System.Security.AccessControl.FileSystemAccessRule $permission $acl.SetAccessRule($accessRule) $acl \| Set-Acl c:\temp and this from here http://technet.microsoft.com/en-us/m...cc194419.aspx: #ChangeACL.ps1 $Right="FullControl" #The possible values for Rights are # ListDirectory, ReadData, WriteData # CreateFiles, CreateDirectories, AppendData # ReadExtendedAttributes, WriteExtendedAttributes, Traverse # ExecuteFile, DeleteSubdirectoriesAndFiles, ReadAttributes # WriteAttributes, Write, Delete # ReadPermissions, Read, ReadAndExecute # Modify, ChangePermissions, TakeOwnership # Synchronize, FullControl $StartingDir=Read-Host "What directory do you want to start at?" $Principal=Read-Host "What security principal do you want to grant" ` "$Right to? `n Use format domain\username or domain\group" #define a new access rule. #note that the $rule line has been artificially broken for print purposes. #it needs to be one line. the online version of the script is properly #formatted. $rule=new-object System.Security.AccessControl.FileSystemAccessRule ($Principal,$Right,"Allow") foreach ($file in $(Get-ChildItem $StartingDir -recurse)) { $acl=get-acl $file.FullName #Add this access rule to the ACL $acl.SetAccessRule($rule) #Write the changes to the object set-acl $File.Fullname $acl } For the second one I get this error when trying to apply it to an inetpub folder: Exception calling "SetAccessRule" with "1" argument(s): "Some or all identity references could not be translated." At C:\Documents and Settings\kmcfarlane\My Documents\Development\ChangeACL.ps1:29 char:21 + $acl.SetAccessRule( <<<< $rule) Set-Acl : The security identifier is not allowed to be the owner of this object. At C:\Documents and Settings\kmcfarlane\My Documents\Development\ChangeACL.ps1:32 char:10 + set-acl <<<< $File.Fullname $acl For the first script I just get the first part of that error. Any ideas? -- Kevin