/build/static/layout/Breadcrumb_cap_w.png
10/30/2018 556 views
Just finishing up my app deploy script, and trying to complete the script to allow all users modify rightd to two folders in Program Files (x86) and ProgramData. Below is not working for me.
  $dirs = @("C:\ProgramData\OpenSpan", "C:\Program Files (x86)\OpenSpan")
        foreach ($dir in $dirs){
            $acl = Get-Acl $dir
            $permission = "BUILTIN\Users","Modify","Allow"
            $accessRule = New-Object System.Security.AccessControl.FileSystemAccessRule $permission
            $acl.AddAccessRule($accessRule)
            $acl | Set-Acl $dir
            }

Need help!

0 Comments   [ + ] Show comments

Comments


All Answers

0

Create and change permission via Powershell


clear

$FolderPath = 'C:\Temp'

$UserList = 'Users'#,'Everyone'


If(!(Test-Path $FolderPath -PathType Container)) {

    New-Item -Path $FolderPath -ItemType Directory


    Foreach ($Users in $UserList) {

        $ACL = Get-Acl -Path $FolderPath


        $isProtected = $true

        $preserveinheritance = $true


        $acl.SetAccessRuleProtection($isProtected, $PreserveInheritance)


        $rule=New-Object System.Security.AccessControl.FileSystemAccessRule("users","Modify,Synchronize","ContainerInherit, ObjectInherit","None","Allow")

        $rule.IdentityReference.Translate([System.Security.Principal.securityidentifier])


        $acl.SetAccessRule($rule)


        Set-Acl -path $FolderPath -aclObject $ACL

    }

} else {

    write-host "-- Folder already created"

}


Answered 12/17/2018 by: giesbrs
White Belt

0
I ran your script and it seems to be working fine. I would only include folder creation if it does not exist at the beginning of forearch:
 foreach ($dir in $dirs){
    If (-Not (Test-Path $Dir)){ New-Item $dir -itemtype directory}
    ...
    ...
The Modify permission has been added successfully as a 'Special' permissions - you can check it in the 'Advanced' view. By default you would see the inherited "Read and Execute" and "special - modify" as a separate permissions.

Answered 10/31/2018 by: rad33k
Second Degree Brown Belt