Skip to main content

Powershell Change NTFS permissions

Help i am getting the error: Set-Acl : The security identifier is not allowed to be the owner of this object.

If you were getting this error with your script please see the reason below.

The error is failing to change the folder’s ownership (even though you don't want to)– very frustrating! Microsoft explanation:

“Unfortunately Get-ACL is missing some features. It always reads the full security descriptor even if you just want to modify the DACL. That’s why Set-ACL also wants to write the owner even if you have not changed it. Using the GetAccessControl method allows you to specify what part of the security descriptor you want to read”

The key line is: $acl = (Get-Item $path).GetAccessControl("Access")

How to add 'modify' access to the group 'Users' using Powershell sucessfully

$username = "Users"
$path = "C:\Program Files (x86)\Java"
$acl = (Get-Item $path).GetAccessControl("Access")
$accessrule = New-Object system.security.AccessControl.FileSystemAccessRule($username, "Modify", "ContainerInherit,ObjectInherit", "None", "Allow")
$acl.AddAccessRule($accessrule)
set-acl -aclobject $acl $path

 

 

 
Labels:

Comments

Post a Comment

Popular posts from this blog

Windows 7 Offline files will not go Online when connected to network

Issue Several laptop users move between networks, domain, home, etc and when they attempt to access DFS shares explorer status is working offline.  The issue only resolves it self after a reboot. Connecting directly to the share works and i am able to ping network resources.  This behavior occurs for VPN users as well. Possible Causes "slow-link mode". In win7 (with default settings) a client will enter slow-link mode if the latency to the server is above 80ms. In slow-link mode all writes are made to the local cache and a background sync only happens every 6 hours.  Depending on your connection the default slow link detection speed is 64,000 bps On client computers running Windows 7 or Windows Server 2008 R2, a shared folder automatically transitions to the slow-link mode if the round-trip latency of the network is greater than 80 milliseconds, or as configured by the "Configure slow-link mode" policy. After transitioning a folder to the slow-link mode, Offline Fil
8 comments
Read more

SCCM Unknown computer not able to see Task Sequences after installing Current Branch 1702

Soon after installing SCCM CB 1702 we were unable to see Task Sequences deployed to the unknown collection. This issue was identified as a random system taking the GUID of the 'x64 Unknown Computer (x64 Unknown Computer)' record. As a result it was now a known GUID; as we were only deploying Task Sequences to the Unknown collection none were made available. 'x64 Unknown Computer (x64 Unknown Computer)' record 'x86 Unknown Computer (x86 Unknown Computer)' record To get the GUID of your unknown systems open SQL management studio and run the following command: --Sql Command to list the name and GUID for UnknownSystems record data select ItemKey, Name0,SMS_Unique_Identifier0 from UnknownSystem_DISC Using the returned GUID (SMS_Unique_Identifier0) we can find the hostname that has been assigned the 'x64 Unknown Computer (x64 Unknown Computer)' GUID by running the query below. --x64 Unknown Computers select Name0,SMS_Unique_Identifier0,Decommissioned0 from Sys
32 comments
Read more

SCCM Client Certificate (PKI) Value is None

SCCM Client Certificate (PKI) Value is None Stopping WMI service Stopping CCMExec SC Delete any sccm services (ccmexec, smstsmgr, cmecservice, ccmsetup) Delete C:\windows\ccm, C:\windows\ccmsetup, C:\windows\ccmcache, C:\Windows\SMSCFG.ini Go into regedit and remove: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CCM HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CCMSetup HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SMS Then restart WMI, and reinstall the client. You shouldn't need a reboot to complete this. Once this has been done the client will install and pick up the cert. https://www.windows-noob.com/forums/topic/12644-sccm-2012-client-certificate-pki-value-is-none/
Post a Comment
Read more