Set-ACL – Se file and folder permissions

Posted by robd on May 12, 2019
powershell, Server

I wanted to add an AD group to all the files and folders in a share, the problem is inheritance had been turned off on lots of the folders so I couldn’t just add the AD group to the top and let it filter down. So the solution was to use PowerShell.
First I mapped a drive to the Share (x: in this case). Why didn’t I run this on the server? UAC is a pain in the bum.

You’ll need to change the path and the domain and AD group.

$folders = Get-ChildItem -Directory -Path X:\ -Recurse
foreach ($folder in $folders){
$acl = Get-Acl -path $folder.FullName
$accessRule = New-Object System.Security.AccessControl.FileSystemAccessRule `
("DOMAIN\AD_GROUP", "FullControl", "ContainerInherit,ObjectInherit", "None", "Allow")
$acl.SetAccessRule($accessRule)
$acl | Set-Acl -path $folder.FullName
}

 

Tags: ,

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.