Author Posts

January 30, 2018 at 2:54 pm

Hi,

I'm trying to set permissions on a folder then make all child folders/files inherit those permissions of the parent folder.

Here is what I have so far. It will set the permissions to the parent but child folders/files are not getting the inherited permissions.

$path = 'C:\temp\test'

# Get the ACL for an existing folder

$existingAcl = (Get-Item $path).GetAccessControl('Access')
$allInherit = [System.Security.AccessControl.InheritanceFlags]"ContainerInherit","ObjectInherit"

# Set the permissions that you want to apply to the folder

$permissions = $env:username,"FullControl",$allInherit,"None","Allow"

# Create a new FileSystemAccessRule object

$rule = New-Object System.Security.AccessControl.FileSystemAccessRule $permissions

# Modify the existing ACL to include the new rule

$existingAcl.SetAccessRule($rule)

#Enable Inheritance

$existingAcl.SetAccessRuleProtection($false,$true)

# Apply the modified access rule to the folder

Set-Acl -path $path -AclObject $existingAcl

Any help is appreciated, thanks!

January 30, 2018 at 4:07 pm

https://gallery.technet.microsoft.com/scriptcenter/1abd77a5-9c0b-4a2b-acef-90dbb2b84e85

Using NTFS module and inheritance

Personally I find doing ACL's natively with powershell is awful, check out the module above. Much easier to work with.

January 31, 2018 at 11:47 pm

Example 3 from the MS Docs page at https://docs.microsoft.com/en-us/powershell/module/microsoft.powershell.security/set-acl?view=powershell-5.1 shows how to iterate through the child objects of the parent directory to accomplish this.

Looks like a simple change to the last line like below:

Get-ChildItem -Path $path -Recurse -Force | Set-Acl -AclObject $existingAcl