Powershell to add group permissions to folder, shows as SID

This topic contains 0 replies, has 1 voice, and was last updated by Profile photo of Forums Archives Forums Archives 5 years, 3 months ago.

  • Author
    Posts
  • #5960

    by graybin at 2012-11-21 05:08:19

    Here is my code:
    $GetACL = Get-Acl $Path
    $Access = "domain\$SamID"

    $Permission = [System.Security.AccessControl.FileSystemRights]"Modify, Synchronize"
    $Inheri = [System.Security.AccessControl.InheritanceFlags]"ContainerInherit, ObjectInherit"
    $Allpropagation = [System.Security.AccessControl.PropagationFlags]"None"

    $AccessRule = New-Object System.Security.AccessControl.FileSystemAccessRule($Access, $Permission, $Inheri, $Allpropagation, "Allow")

    if ($GetACL.Access | Where { $_.IdentityReference -eq $Access})
    {
    Write-Host "Modifying Permissions For: $Access" -ForeGroundColor Yellow
    $AccessModification = New-Object system.security.AccessControl.AccessControlModification
    $AccessModification.value__ = 2
    $Modification = $False
    $GetACL.ModifyAccessRule($AccessModification, $AccessRule, [ref]$Modification) | Out-Null
    }
    Else
    {
    Write-Host "Adding Permission: $Permission For: $Access"
    $GetACL.AddAccessRule($AccessRule)
    }

    Set-Acl -aclobject $GetACL -Path $Path
    It applies the group with the correct permissions, but appears as the SID when I look at the rights for the folder. I have checked and the SID that shows up with rights to the folder matches the SID of the group in ADSI Edit that I expected to show up. Is there some issue with my code or something else?

    by selko at 2012-11-21 07:09:36

    Hi,

    i assume if you it manually with explorer it works.

    you can try to to get the users SID and passing the SID to FileSystemAccessRule

    SecurityIdentifier UserSID = new SecurityIdentifier(((Byte[])user.Properties["objectSid"].Value), 0);

    Like so:
    FileSystemAccessRule($UserSID, $Permission, $Inheri, $Allpropagation, "Allow")

You must be logged in to reply to this topic.