Wednesday, September 26, 2012

Powershell Change NTFS permissions

Help i am getting the error: Set-Acl : The security identifier is not allowed to be the owner of this object.

If you were getting this error with your script please see the reason below.

The error is failing to change the folder’s ownership (even though you don't want to)– very frustrating! Microsoft explanation:

“Unfortunately Get-ACL is missing some features. It always reads the full security descriptor even if you just want to modify the DACL. That’s why Set-ACL also wants to write the owner even if you have not changed it. Using the GetAccessControl method allows you to specify what part of the security descriptor you want to read”

The key line is: $acl = (Get-Item $path).GetAccessControl("Access")

How to add 'modify' access to the group 'Users' using Powershell sucessfully

$username = "Users"
$path = "C:\Program Files (x86)\Java"
$acl = (Get-Item $path).GetAccessControl("Access")
$accessrule = New-Object system.security.AccessControl.FileSystemAccessRule($username, "Modify", "ContainerInherit,ObjectInherit", "None", "Allow")
$acl.AddAccessRule($accessrule)
set-acl -aclobject $acl $path

 

 

 

No comments:

Post a Comment