question

obujuwami avatar image
0 Votes"
obujuwami asked Amandayou-MSFT commented

Apply Set-ACL settings to all child folders

Hey all,

I am trying to add something to my image that will solve some program access issues post-deployment. I am trying to run a PS script to set permissions so that everyone can traverse several folders and get to a child folder. I am unable to find how to apply the permissions past the initial folder. Thus far, my script looks like this:

$acl = Get-Acl c:\folder

$AccessRule = New-Object System.Security.AccessControl.FileSystemAccessRule("everyone","ExecuteFile","Allow")

$acl.SetAccessRule($AccessRule)

$acl | Set-Acl c:\folder

I looked up and had tested success with using icacls, but my attempts to make that work with the deployment also failed. So, how can I get the permissions to propagate to all child folders?

All help is appreciated!

windows-10-generalwindows-server-powershellmem-mdt
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Amandayou-MSFT avatar image
0 Votes"
Amandayou-MSFT answered Amandayou-MSFT commented

Hi,

If we would like to traverse several folders and get to a child folder, yes, you are right. The permission of ExecuteFile is required to add into accessrule.

Besides, these permissions would be added into the rule: ReadData, ReadPermissions, ReadAttributes, ReadExtendedAttributes.

 $acl = Get-Acl c:\folder
    
 $AccessRule = New-Object System.Security.AccessControl.FileSystemAccessRule("everyone","ExecuteFile", "ContainerInherit,ObjectInherit", "None", "Allow")
 $acl.addAccessRule($AccessRule)
 $acl | Set-Acl c:\folder
    
 $AccessRule = New-Object System.Security.AccessControl.FileSystemAccessRule("everyone","ReadData", "ContainerInherit,ObjectInherit", "None", "Allow")
 $acl.addAccessRule($AccessRule)
 $acl | Set-Acl c:\folder
    
 $AccessRule = New-Object System.Security.AccessControl.FileSystemAccessRule("everyone","ReadPermissions", "ContainerInherit,ObjectInherit", "None", "Allow")
 $acl.addAccessRule($AccessRule)
 $acl | Set-Acl c:\folder
    
 $AccessRule = New-Object System.Security.AccessControl.FileSystemAccessRule("everyone","ReadAttributes", "ContainerInherit,ObjectInherit", "None", "Allow")
 $acl.addAccessRule($AccessRule)
 $acl | Set-Acl c:\folder
    
 $AccessRule = New-Object System.Security.AccessControl.FileSystemAccessRule("everyone","ReadExtendedAttributes", "ContainerInherit,ObjectInherit", "None", "Allow")
 $acl.addAccessRule($AccessRule)
 $acl | Set-Acl c:\folder

128602-92.png



If the response is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.





92.png (12.0 KiB)
· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi,

May we know the current status of the question? If there is any other assistance we can provide, please feel free to let us know, we will do our best to help you.

Thanks and regards,
Amanda

0 Votes 0 ·
LimitlessTechnology-2700 avatar image
1 Vote"
LimitlessTechnology-2700 answered

Hi @obujuwami

Try enabling inheritance on the subfolders. Subfolders need to enable inheritance so that they could apply the access control entries from the parent folder.

If an Answer is helpful, please click "Accept Answer" and upvote it : )

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.