I know I said I was going to do more C# stuff but this powershell stuff is so cool 🙂 . If you ever have to do a massive task like set security across multiple servers on a particular Folder or Files you certainly do not want to do this manually . You can do this in a lot languages . In regular batch scripting using calcs.exe or vbcript . Today I’m going to give a powershell example using 2 cmdlets get-acl and set-acl.
So for example you had to set security on a folder c:\temp (not sure why you would want to but its just an example ) .
what you first have to do is get the ACL list from the folder like so :
$acl = Get-Acl c:\temp
next you can setup your account name that you want to add , Set the permission level (i.e. FullControl) and lastly set the allow permission or deny permission set .Lets take a look .
$permission = "domainName\Username","FullControl","Allow"
So now we use $permission in our .net class FileSystemAccessRule like so :
$accessRule = new-object System.Security.AccessControl.FileSystemAccessRule $permission
We instantiated to use the .net class and passed our variable to set our permisson but we have not set it yet .
$acl.SetAccessRule($accessRule)
$acl | Set-Acl c:\temp
Now we did . Now check your folder and it should show full control for the username you specified .
Cool huh ?
I know this may not replace a cacls.exe but it will do the job also this cmdlet (set-acl) will work on the registry provider too which calcs.exe doesn’t do .
Full program
$acl = Get-Acl c:\temp
$permission = "domain\user","FullControl","Allow"
$accessRule = New-Object System.Security.AccessControl.FileSystemAccessRule $permission
$acl.SetAccessRule($accessRule)
$acl | Set-Acl c:\temp
Hope this helps .
Chris
Reply