Author Posts

April 13, 2015 at 9:54 pm

Hi,
What I am trying to do, is start from a folder down in the directory structure, "\\server101\e$\data\groups\property\folder1\aa subfolder\".
From this point I need to recursively search subfolders until I match folder names, like "1.subfolder, 2.subfolder", the names are fixed and known, there will be multiple instances of each. When I find a match, I need to add an AD group into the ACL, with read, write, modify access.
So if I do
Set-Location "\\server01\e$\data\groups\property\storedev\aa brands\it test folder"
get-childitem -Recurse -filter "1.subfolder" | get-acl
I can get the ACL, and I can do something like this, which mostly works, to add a group to a known directory

$folder = "C:\temp"
#$myGroup = "domain\ADgroup"
$acl = Get-Acl $folder
$rule = New-Object System.Security.AccessControl.FileSystemAccessRule("justgroup\leaseleg", "ReadData", "ContainerInherit, ObjectInherit", "None", "Allow")
$acl.AddAccessRule($rule)
$rule = New-Object System.Security.AccessControl.FileSystemAccessRule("justgroup\leaseleg", "CreateFiles", "ContainerInherit, ObjectInherit", "None", "Allow")
$acl.AddAccessRule($rule)
$rule = New-Object System.Security.AccessControl.FileSystemAccessRule("justgroup\leaseleg", "AppendData", "ContainerInherit, ObjectInherit", "None", "Allow")
$acl.AddAccessRule($rule)
Set-Acl $folder $acl

But I don't know how to run the second operation on the results of the first. Should I use the first operation to populate an array, then do a "for-each" ? Can I export the acl of a folder that has the correct groups and apply that to the subsequent folders?
Any ideas?
Thanks!

April 14, 2015 at 4:22 am

Something like this might work.

$Location = "\\server01\e$\data\groups\property\storedev\aa brands\it test folder"
If($FolderPath = Get-ChildItem -Path $Location -Recurse -filter "1.subfolder" -ErrorAction SilentlyContinue)
{
    $Folder = $FolderPath.FullName
    #$myGroup = "domain\ADgroup"
    $acl = Get-Acl $folder
    $rule = New-Object System.Security.AccessControl.FileSystemAccessRule("justgroup\leaseleg", "ReadData", "ContainerInherit, ObjectInherit", "None", "Allow")
    $acl.AddAccessRule($rule)
    $rule = New-Object System.Security.AccessControl.FileSystemAccessRule("justgroup\leaseleg", "CreateFiles", "ContainerInherit, ObjectInherit", "None", "Allow")
    $acl.AddAccessRule($rule)
    $rule = New-Object System.Security.AccessControl.FileSystemAccessRule("justgroup\leaseleg", "AppendData", "ContainerInherit, ObjectInherit", "None", "Allow")
    $acl.AddAccessRule($rule)
    Set-Acl $folder $acl
}
ElseIf($FolderPath = Get-ChildItem -Path $Location -Recurse -filter "2.subfolder" -ErrorAction SilentlyContinue)
{
    $Folder = $FolderPath.FullName
    #$myGroup = "domain\ADgroup"
    $acl = Get-Acl $folder
    $rule = New-Object System.Security.AccessControl.FileSystemAccessRule("justgroup\leaseleg", "ReadData", "ContainerInherit, ObjectInherit", "None", "Allow")
    $acl.AddAccessRule($rule)
    $rule = New-Object System.Security.AccessControl.FileSystemAccessRule("justgroup\leaseleg", "CreateFiles", "ContainerInherit, ObjectInherit", "None", "Allow")
    $acl.AddAccessRule($rule)
    $rule = New-Object System.Security.AccessControl.FileSystemAccessRule("justgroup\leaseleg", "AppendData", "ContainerInherit, ObjectInherit", "None", "Allow")
    $acl.AddAccessRule($rule)
    Set-Acl $folder $acl
}

April 15, 2015 at 8:37 pm

Hi David, Thanks, unfortunately I am still getting this error:

Set-Acl : AclObject
At line:14 char:5
+ Set-Acl $folder $acl
+ ~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidArgument: (System.Object[]:Object[]) [Set-Acl], ArgumentException
+ FullyQualifiedErrorId : SetAcl_AclObject,Microsoft.PowerShell.Commands.SetAclCommand

That doesn't happen when I run it on a local folder, like c:\temp.
I am running this script in an ISE session that is running under domain admin credentials, so it shouldn't be a permission issue, as far as I can see.
Do you think I should be invoking the script to run as a local session on the remote server?