Post reply

Setting folder access permissions

  • May 9, 2017 at 1:01 pm

    #330220

    I found the following code on the internets that appears to do what I want it to, namely grant read and execute access on a folder and all subfolders and files to various AD groups.
    Project path is the top-level folder for the groups in the $Domains\$Groups combos.

    $Acl = (Get-Item $ProjectPath).GetAccessControl('Access')

    foreach ($Domain in $Domains)
        {
        foreach ($Group in $Groups)
            {
            $ADGroup = "$Domain\$Group"
            if ($Acl.AccessToString.IndexOf($ADGroup) -eq -1)
                {
                $permissions = $AdGroup, 'Read,ReadAndExecute,ListDirectory', 'ContainerInherit,ObjectInherit', 'None', 'Allow'
                $Ar = New-Object System.Security.Accesscontrol.Filesystemaccessrule -ArgumentList $permissions
                $Acl.SetAccessRule($Ar)
                }
            }
        }

    Set-Acl -Path $ProjectPath -AclObject $Acl

    From https://msdn.microsoft.com/en-us/library/ms229747(v=vs.110).aspx,

                   ContainerInherit       , and ObjectInherit

         

    		      Target folder, child folder, child object (file), grandchild folder, grandchild object (file).

    I expect that all child objects (folders and files) will get the permissions I grant to the parent folder. So  far, this is working as it should. The current, child and grandchild files and folders all have the intended permissions.

    Today, a user dropped a new file into a child folder. The file did not inherit all the permissions granted above. Not sure I understand why the groups to which I granted read and execute above can't see/read that file?

    Thanks!

    P

  • May 9, 2017 at 1:47 pm

    #1941888

    Was the file copied, or moved? Copying should inherit permissions in the way you want, but moving does not necessarily do so.

    The absence of evidence is not evidence of absence.
    Martin Rees

    You can lead a horse to water, but a pencil must be lead.
    Stan Laurel

  • May 10, 2017 at 8:29 am

    #1942020

    Well that seems weird...

    However, I experimented with a move and a copy and, in both cases, the permissions were as expected, and identical.

    I had the same user who copied or moved the original file repeat the experiment, and again, everything was as expected.

Viewing 3 posts - 1 through 2 (of 2 total)

You must be logged in to reply to this topic. Login to reply