With our Windows 7 roll out we removed users admin rights, but that have been giving some problems with older software that would like to write into the program files folder insted of the users appdata folder

An easy fix for this is this script I've created and I just wanted to share it if it could help some of you guys =)

The script set the "administrator group" as owner of the folder (I've run into problems if that wasn't done first on some folders) and then give "users" write access to the folder and all sub folders

This can be run when logged in as a user aswell, just open a cmd with administrator privileges and run the command.

from a cmd run this command:

PowerShell.exe -ExecutionPolicy Bypass -file SetACL.ps1

and the SetACL.ps1 script:

###################################################################
# Set ACL on a folder and Make Administrators owner of the folder #
# By René Meyer - 2012 #
###################################################################
Function SetACL {
param($Argument1)
Add-Content C:\CH-Group\Install\Status.txt "`n"
# Take ownership by the administrator group
    Add-Content C:\CH-Group\Install\Status.txt "Setting Administrators as owner of folder: $Argument1"
    takeown /F ""$Argument1"" /A
    $LastExitCode
    If ($LastExitCode -ne 0) {
        Add-Content C:\CH-Group\Install\Status.txt "ERROR setting 'Administrators' as owner of folder: $Argument1"
         $ErrorCounter = $ErrorCounter + 1  
    }

# Set Users to write access and SYSTEM/Administrators to Full access
    Add-Content C:\CH-Group\Install\Status.txt "Setting ACL on folder: $Argument1 (User:Write, Administrators:Full, SYSTEM:Full)"
    cacls ""$Argument1"" /T /c /E /g Users:C Administrators:F SYSTEM:F
    $LastExitCode
    If ($LastExitCode -ne 0) {
        Add-Content C:\CH-Group\Install\Status.txt "ERROR setting ACL on folder: $Argument1 (User:Write, Administrators:Full, SYSTEM:Full)"
         $ErrorCounter = $ErrorCounter + 1
    }

}
$FolderPath=read-host "Please type folder to update rights for: "

#############################
#Enable users to write to the folder           #
#############################
if (test-path "$FolderPath")
{
SetACL "$FolderPath"
}

You can also add this script to a unattended installation by replacing the last 4 lines wit:

if (test-path "C:\Program Files (x86)\Your Program path")
{
SetACL "C:\Program Files (x86)\Your Program path"
}

And remove this line:

$FolderPath=read-host "Please type folder to update rights for: "

I hope this can save you some time at least :)

 

- René