Apply Set-ACL settings to all child folders

Alex Warren 161 Reputation points
2021-09-01T22:31:12.887+00:00

Hey all,

I am trying to add something to my image that will solve some program access issues post-deployment. I am trying to run a PS script to set permissions so that everyone can traverse several folders and get to a child folder. I am unable to find how to apply the permissions past the initial folder. Thus far, my script looks like this:

$acl = Get-Acl c:\folder

$AccessRule = New-Object System.Security.AccessControl.FileSystemAccessRule("everyone","ExecuteFile","Allow")

$acl.SetAccessRule($AccessRule)

$acl | Set-Acl c:\folder

I looked up and had tested success with using icacls, but my attempts to make that work with the deployment also failed. So, how can I get the permissions to propagate to all child folders?

All help is appreciated!

Windows 10
Windows 10
A Microsoft operating system that runs on personal computers and tablets.
10,668 questions
Microsoft Deployment Toolkit
Microsoft Deployment Toolkit
A collection of Microsoft tools and documentation for automating desktop and server deployment. Previously known as Microsoft Solution Accelerator for Business Desktop Deployment (BDD).
831 questions
Windows Server PowerShell
Windows Server PowerShell
Windows Server: A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.PowerShell: A family of Microsoft task automation and configuration management frameworks consisting of a command-line shell and associated scripting language.
5,381 questions
0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Amandayou-MSFT 11,046 Reputation points
    2021-09-02T07:15:32.23+00:00

    Hi,

    If we would like to traverse several folders and get to a child folder, yes, you are right. The permission of ExecuteFile is required to add into accessrule.

    Besides, these permissions would be added into the rule: ReadData, ReadPermissions, ReadAttributes, ReadExtendedAttributes. 

    $acl = Get-Acl c:\folder  
  
$AccessRule = New-Object System.Security.AccessControl.FileSystemAccessRule("everyone","ExecuteFile", "ContainerInherit,ObjectInherit", "None", "Allow")  
$acl.addAccessRule($AccessRule)  
$acl | Set-Acl c:\folder  
  
$AccessRule = New-Object System.Security.AccessControl.FileSystemAccessRule("everyone","ReadData", "ContainerInherit,ObjectInherit", "None", "Allow")  
$acl.addAccessRule($AccessRule)  
$acl | Set-Acl c:\folder  
  
$AccessRule = New-Object System.Security.AccessControl.FileSystemAccessRule("everyone","ReadPermissions", "ContainerInherit,ObjectInherit", "None", "Allow")  
$acl.addAccessRule($AccessRule)  
$acl | Set-Acl c:\folder  
  
$AccessRule = New-Object System.Security.AccessControl.FileSystemAccessRule("everyone","ReadAttributes", "ContainerInherit,ObjectInherit", "None", "Allow")  
$acl.addAccessRule($AccessRule)  
$acl | Set-Acl c:\folder  
  
$AccessRule = New-Object System.Security.AccessControl.FileSystemAccessRule("everyone","ReadExtendedAttributes", "ContainerInherit,ObjectInherit", "None", "Allow")  
$acl.addAccessRule($AccessRule)  
$acl | Set-Acl c:\folder

    128602-92.png

    If the response is helpful, please click "Accept Answer" and upvote it.
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    2 people found this answer helpful.
  2. Limitless Technology 39,376 Reputation points
    2021-09-03T16:28:18.047+00:00

    Hi @Alex Warren

    Try enabling inheritance on the subfolders. Subfolders need to enable inheritance so that they could apply the access control entries from the parent folder.

    If an Answer is helpful, please click "Accept Answer" and upvote it : )

    1 person found this answer helpful.
    0 comments