Author Posts

January 1, 2012 at 12:00 am

by graybin at 2012-11-21 05:08:19

Here is my code:
$GetACL = Get-Acl $Path
$Access = "domain\$SamID"

$Permission = [System.Security.AccessControl.FileSystemRights]"Modify, Synchronize"
$Inheri = [System.Security.AccessControl.InheritanceFlags]"ContainerInherit, ObjectInherit"
$Allpropagation = [System.Security.AccessControl.PropagationFlags]"None"

$AccessRule = New-Object System.Security.AccessControl.FileSystemAccessRule($Access, $Permission, $Inheri, $Allpropagation, "Allow")

if ($GetACL.Access | Where { $_.IdentityReference -eq $Access})
{
Write-Host "Modifying Permissions For: $Access" -ForeGroundColor Yellow
$AccessModification = New-Object system.security.AccessControl.AccessControlModification
$AccessModification.value__ = 2
$Modification = $False
$GetACL.ModifyAccessRule($AccessModification, $AccessRule, [ref]$Modification) | Out-Null
}
Else
{
Write-Host "Adding Permission: $Permission For: $Access"
$GetACL.AddAccessRule($AccessRule)
}

Set-Acl -aclobject $GetACL -Path $Path
It applies the group with the correct permissions, but appears as the SID when I look at the rights for the folder. I have checked and the SID that shows up with rights to the folder matches the SID of the group in ADSI Edit that I expected to show up. Is there some issue with my code or something else?

by selko at 2012-11-21 07:09:36

Hi,

i assume if you it manually with explorer it works.

you can try to to get the users SID and passing the SID to FileSystemAccessRule

SecurityIdentifier UserSID = new SecurityIdentifier(((Byte[])user.Properties["objectSid"].Value), 0);

Like so:
FileSystemAccessRule($UserSID, $Permission, $Inheri, $Allpropagation, "Allow")