Set file permissions on a share for specific file types

Welcome Forums General PowerShell Q&A Set file permissions on a share for specific file types

This topic contains 8 replies, has 3 voices, and was last updated by

 
Participant
6 months, 2 weeks ago.

  • Author
    Posts
  • #101044

    Participant
    Points: 0
    Rank: Member

    Hi All,

    Is it possible to use Powershell to set access permissions for a specific file type within an existing shared folder on a server (server 2008 R2)?

    I have a situation where a folder, filled with lots of different file types, is being shared and I'm being asked if I can limit access on just the .ini files within that folder, without changing it for all files in that directory. Problem is, there's more than 60 .ini files there, so I'd have to change the permissions on each file, individually, and additional .ini files may be created in the future.

    I'm wondering if there's an Access Control List that could be created, or something, using Powershell to accomplish this goal?

    Thanks very much for all help, in advance.

  • #101047

    Participant
    Points: 190
    Helping Hand
    Rank: Participant

    Yes you can is the short answer.

    Get-childitem to get the list of files
    Get-acl for reading the acl
    Set-acl for setting the acl

  • #101049
    Jon

    Participant
    Points: 35
    Rank: Member

    I'd use this module

  • #101077

    Participant
    Points: 0
    Rank: Member

    Thanks for the reply. I installed the NTFSSecurity module and went through all of the documentation for it, but it still isn't clear how to set access permissions on a specific file type, such as only .ini files within the directory.

    Even with using the Get-ChildItem cmdlet, I can sort by extension, but I have no idea how to apply NTFS permissions to those extensions:
    Get-ChildItem -Path \\server\data | Sort-Object Extension > list_sorted_by_extension.txt

    If someone could provide a good example I would be grateful. I feel like I'm close.

    Thanks again,

  • #101110

    Participant
    Points: 190
    Helping Hand
    Rank: Participant

    One way of doing it.

    $listOfFiles = Get-ChildItem -Path c:\tmp
    
    foreach($l in $listOfFiles)
    {
        if($l.Extension -eq '.ini')
        {
            # Set the ACL here
            
            # This will just output the fullpath so you can see an example
            Write-Output $l.FullName
        }
    }
    
    • #101194

      Participant
      Points: 0
      Rank: Member

      Thank you very much for the example. I was able to get a list of .ini files in the directory with what you gave me, but I'm struggling, trying to change the NTFS Security permissions to read and execute, just for the .ini files, while allowing read/write for all other files in that directory, recursively.

      Please forgive me...I'm really not trying to ask all of you to write my script for me. I'm a Cisco guy, starting to dabble with PowerShell and, so far, I've been doing simple Active Directory user scripts and such. THe other day, management came to me and said they were concerned about people having the ability to change the contents of .ini files in a folder, but need them to be able to write to other files there.

      I am immensely grateful for the help you're all providing me.

  • #101115
    Jon

    Participant
    Points: 35
    Rank: Member
    • #101199

      Participant
      Points: 0
      Rank: Member

      Thanks. Yeah, I read both pages complete and it helped me grasp NTFSSecurity concepts, though it doesn't specify how to apply the permission changes to the specific files that I filter with Get-ChildItem.

  • #101196

    Participant
    Points: 0
    Rank: Member

    Someone else had told me that "GCI *.ini" should do better. And that I cannot apply permissions to non existing files, so I would need to run this on a schedule (or implement a file system watcher), though I would't know how to go about his, either. Once this is set, a file system watcher sounds like it would be nice for future .ini files created in that folder.

The topic ‘Set file permissions on a share for specific file types’ is closed to new replies.