/build/static/layout/Breadcrumb_cap_w.png

Scripting Question


Powershell, need to create script to allow all users modify rightd to two folders in Program Files (x86) and ProgramData

10/30/2018 1657 views
Just finishing up my app deploy script, and trying to complete the script to allow all users modify rightd to two folders in Program Files (x86) and ProgramData. Below is not working for me.
  $dirs = @("C:\ProgramData\OpenSpan", "C:\Program Files (x86)\OpenSpan")
        foreach ($dir in $dirs){
            $acl = Get-Acl $dir
            $permission = "BUILTIN\Users","Modify","Allow"
            $accessRule = New-Object System.Security.AccessControl.FileSystemAccessRule $permission
            $acl.AddAccessRule($accessRule)
            $acl | Set-Acl $dir
            }

Need help!

0 Comments   [ + ] Show comments

Comments


All Answers

0

Create and change permission via Powershell


clear

$FolderPath = 'C:\Temp'

$UserList = 'Users'#,'Everyone'


If(!(Test-Path $FolderPath -PathType Container)) {

    New-Item -Path $FolderPath -ItemType Directory


    Foreach ($Users in $UserList) {

        $ACL = Get-Acl -Path $FolderPath


        $isProtected = $true

        $preserveinheritance = $true


        $acl.SetAccessRuleProtection($isProtected, $PreserveInheritance)


        $rule=New-Object System.Security.AccessControl.FileSystemAccessRule("users","Modify,Synchronize","ContainerInherit, ObjectInherit","None","Allow")

        $rule.IdentityReference.Translate([System.Security.Principal.securityidentifier])


        $acl.SetAccessRule($rule)


        Set-Acl -path $FolderPath -aclObject $ACL

    }

} else {

    write-host "-- Folder already created"

}


Answered 12/17/2018 by: giesbrs
White Belt

0
I ran your script and it seems to be working fine. I would only include folder creation if it does not exist at the beginning of forearch:
 foreach ($dir in $dirs){
    If (-Not (Test-Path $Dir)){ New-Item $dir -itemtype directory}
    ...
    ...
The Modify permission has been added successfully as a 'Special' permissions - you can check it in the 'Advanced' view. By default you would see the inherited "Read and Execute" and "special - modify" as a separate permissions.

Answered 10/31/2018 by: rad33k
Fourth Degree Brown Belt

Don't be a Stranger!

Sign up today to participate, stay informed, earn points and establish a reputation for yourself!

Sign up! or login

View more:

Share

 
This website uses cookies. By continuing to use this site and/or clicking the "Accept" button you are providing consent Quest Software and its affiliates do NOT sell the Personal Data you provide to us either when you register on our websites or when you do business with us. For more information about our Privacy Policy and our data protection efforts, please visit GDPR-HQ