Set file permissions on a share for specific file types

This topic contains 8 replies, has 3 voices, and was last updated by  Jacktivated 4 weeks ago.

  • Author
    Posts
  • #101044

    Jacktivated
    Participant

    Hi All,

    Is it possible to use Powershell to set access permissions for a specific file type within an existing shared folder on a server (server 2008 R2)?

    I have a situation where a folder, filled with lots of different file types, is being shared and I'm being asked if I can limit access on just the .ini files within that folder, without changing it for all files in that directory. Problem is, there's more than 60 .ini files there, so I'd have to change the permissions on each file, individually, and additional .ini files may be created in the future.

    I'm wondering if there's an Access Control List that could be created, or something, using Powershell to accomplish this goal?

    Thanks very much for all help, in advance.

  • #101047

    Fredrik Kacsmarck
    Participant

    Yes you can is the short answer.

    Get-childitem to get the list of files
    Get-acl for reading the acl
    Set-acl for setting the acl

  • #101049

    Jon
    Participant

    I'd use this module

  • #101077

    Jacktivated
    Participant

    Thanks for the reply. I installed the NTFSSecurity module and went through all of the documentation for it, but it still isn't clear how to set access permissions on a specific file type, such as only .ini files within the directory.

    Even with using the Get-ChildItem cmdlet, I can sort by extension, but I have no idea how to apply NTFS permissions to those extensions:
    Get-ChildItem -Path \\server\data | Sort-Object Extension > list_sorted_by_extension.txt

    If someone could provide a good example I would be grateful. I feel like I'm close.

    Thanks again,

  • #101110

    Fredrik Kacsmarck
    Participant

    One way of doing it.

    $listOfFiles = Get-ChildItem -Path c:\tmp
    
    foreach($l in $listOfFiles)
    {
        if($l.Extension -eq '.ini')
        {
            # Set the ACL here
            
            # This will just output the fullpath so you can see an example
            Write-Output $l.FullName
        }
    }
    
    • #101194

      Jacktivated
      Participant

      Thank you very much for the example. I was able to get a list of .ini files in the directory with what you gave me, but I'm struggling, trying to change the NTFS Security permissions to read and execute, just for the .ini files, while allowing read/write for all other files in that directory, recursively.

      Please forgive me...I'm really not trying to ask all of you to write my script for me. I'm a Cisco guy, starting to dabble with PowerShell and, so far, I've been doing simple Active Directory user scripts and such. THe other day, management came to me and said they were concerned about people having the ability to change the contents of .ini files in a folder, but need them to be able to write to other files there.

      I am immensely grateful for the help you're all providing me.

  • #101115

    Jon
    Participant
    • #101199

      Jacktivated
      Participant

      Thanks. Yeah, I read both pages complete and it helped me grasp NTFSSecurity concepts, though it doesn't specify how to apply the permission changes to the specific files that I filter with Get-ChildItem.

  • #101196

    Jacktivated
    Participant

    Someone else had told me that "GCI *.ini" should do better. And that I cannot apply permissions to non existing files, so I would need to run this on a schedule (or implement a file system watcher), though I would't know how to go about his, either. Once this is set, a file system watcher sounds like it would be nice for future .ini files created in that folder.

You must be logged in to reply to this topic.