Powershell to add group permissions to folder, shows as SID

This topic contains 0 replies, has 1 voice, and was last updated by  Forums Archives 6 years, 2 months ago.

  • Author
  • #5960

    by graybin at 2012-11-21 05:08:19

    Here is my code:
    $GetACL = Get-Acl $Path
    $Access = "domain\$SamID"

    $Permission = [System.Security.AccessControl.FileSystemRights]"Modify, Synchronize"
    $Inheri = [System.Security.AccessControl.InheritanceFlags]"ContainerInherit, ObjectInherit"
    $Allpropagation = [System.Security.AccessControl.PropagationFlags]"None"

    $AccessRule = New-Object System.Security.AccessControl.FileSystemAccessRule($Access, $Permission, $Inheri, $Allpropagation, "Allow")

    if ($GetACL.Access | Where { $_.IdentityReference -eq $Access})
    Write-Host "Modifying Permissions For: $Access" -ForeGroundColor Yellow
    $AccessModification = New-Object system.security.AccessControl.AccessControlModification
    $AccessModification.value__ = 2
    $Modification = $False
    $GetACL.ModifyAccessRule($AccessModification, $AccessRule, [ref]$Modification) | Out-Null
    Write-Host "Adding Permission: $Permission For: $Access"

    Set-Acl -aclobject $GetACL -Path $Path
    It applies the group with the correct permissions, but appears as the SID when I look at the rights for the folder. I have checked and the SID that shows up with rights to the folder matches the SID of the group in ADSI Edit that I expected to show up. Is there some issue with my code or something else?

    by selko at 2012-11-21 07:09:36


    i assume if you it manually with explorer it works.

    you can try to to get the users SID and passing the SID to FileSystemAccessRule

    SecurityIdentifier UserSID = new SecurityIdentifier(((Byte[])user.Properties["objectSid"].Value), 0);

    Like so:
    FileSystemAccessRule($UserSID, $Permission, $Inheri, $Allpropagation, "Allow")

You must be logged in to reply to this topic.