10/30/2018 556 views
Just finishing up my app deploy script, and trying to complete the script to allow all users modify rightd to two folders in Program Files (x86) and ProgramData. Below is not working for me.
  $dirs = @("C:\ProgramData\OpenSpan", "C:\Program Files (x86)\OpenSpan")
        foreach ($dir in $dirs){
            $acl = Get-Acl $dir
            $permission = "BUILTIN\Users","Modify","Allow"
            $accessRule = New-Object System.Security.AccessControl.FileSystemAccessRule $permission
            $acl | Set-Acl $dir

Need help!

0 Comments   [ + ] Show comments


All Answers


Create and change permission via Powershell


$FolderPath = 'C:\Temp'

$UserList = 'Users'#,'Everyone'

If(!(Test-Path $FolderPath -PathType Container)) {

    New-Item -Path $FolderPath -ItemType Directory

    Foreach ($Users in $UserList) {

        $ACL = Get-Acl -Path $FolderPath

        $isProtected = $true

        $preserveinheritance = $true

        $acl.SetAccessRuleProtection($isProtected, $PreserveInheritance)

        $rule=New-Object System.Security.AccessControl.FileSystemAccessRule("users","Modify,Synchronize","ContainerInherit, ObjectInherit","None","Allow")



        Set-Acl -path $FolderPath -aclObject $ACL


} else {

    write-host "-- Folder already created"


Answered 12/17/2018 by: giesbrs
White Belt

I ran your script and it seems to be working fine. I would only include folder creation if it does not exist at the beginning of forearch:
 foreach ($dir in $dirs){
    If (-Not (Test-Path $Dir)){ New-Item $dir -itemtype directory}
The Modify permission has been added successfully as a 'Special' permissions - you can check it in the 'Advanced' view. By default you would see the inherited "Read and Execute" and "special - modify" as a separate permissions.

Answered 10/31/2018 by: rad33k
Second Degree Brown Belt