/build/static/layout/Breadcrumb_cap_w.png

Powershell, need to create script to allow all users modify rightd to two folders in Program Files (x86) and ProgramData

Just finishing up my app deploy script, and trying to complete the script to allow all users modify rightd to two folders in Program Files (x86) and ProgramData. Below is not working for me.
  $dirs = @("C:\ProgramData\OpenSpan", "C:\Program Files (x86)\OpenSpan")
        foreach ($dir in $dirs){
            $acl = Get-Acl $dir
            $permission = "BUILTIN\Users","Modify","Allow"
            $accessRule = New-Object System.Security.AccessControl.FileSystemAccessRule $permission
            $acl.AddAccessRule($accessRule)
            $acl | Set-Acl $dir
            }

Need help!

Asked 5 years ago 2140 views
0 Comments   [ + ] Show comments

Answers (2)

Posted by: giesbrs 5 years ago
White Belt
0

Create and change permission via Powershell


clear

$FolderPath = 'C:\Temp'

$UserList = 'Users'#,'Everyone'


If(!(Test-Path $FolderPath -PathType Container)) {

    New-Item -Path $FolderPath -ItemType Directory


    Foreach ($Users in $UserList) {

        $ACL = Get-Acl -Path $FolderPath


        $isProtected = $true

        $preserveinheritance = $true


        $acl.SetAccessRuleProtection($isProtected, $PreserveInheritance)


        $rule=New-Object System.Security.AccessControl.FileSystemAccessRule("users","Modify,Synchronize","ContainerInherit, ObjectInherit","None","Allow")

        $rule.IdentityReference.Translate([System.Security.Principal.securityidentifier])


        $acl.SetAccessRule($rule)


        Set-Acl -path $FolderPath -aclObject $ACL

    }

} else {

    write-host "-- Folder already created"

}


Posted by: rad33k 5 years ago
Fourth Degree Brown Belt
0
I ran your script and it seems to be working fine. I would only include folder creation if it does not exist at the beginning of forearch:
 foreach ($dir in $dirs){
    If (-Not (Test-Path $Dir)){ New-Item $dir -itemtype directory}
    ...
    ...
The Modify permission has been added successfully as a 'Special' permissions - you can check it in the 'Advanced' view. By default you would see the inherited "Read and Execute" and "special - modify" as a separate permissions.

 
This website uses cookies. By continuing to use this site and/or clicking the "Accept" button you are providing consent Quest Software and its affiliates do NOT sell the Personal Data you provide to us either when you register on our websites or when you do business with us. For more information about our Privacy Policy and our data protection efforts, please visit GDPR-HQ