Help with ACL

Ask your Windows PowerShell-related questions, including questions on cmdlet development!
Forum rules
Do not post any licensing information in this forum.

Any code longer than three lines should be added as code using the 'Select Code' dropdown menu or attached as a file.
Locked
User avatar
hamsandwich
Posts: 29
Joined: Thu Nov 20, 2014 12:05 pm

Help with ACL

Post by hamsandwich » Wed Dec 20, 2017 9:01 am

I have searched the forums first, but I'm still having some troubles. I am trying to simulate checking the Full Control box on the folder below for the Users group.
FolderPermissions.PNG
FolderPermissions.PNG (21.29 KiB) Viewed 942 times
I have tried the following lines of code without success:
  1. $ACL = Get-Acl -Path 'C:\Program Files\New Folder'
  2.  
  3. $newRule = New-Object System.Security.AccessControl.FileSystemAccessRule("users", "FullControl", "Allow")
  4.  
  5. $ACL.AddAccessRule($newRule)
  6.  
  7. Set-Acl -Path 'C:\Program Files\New Folder' -AclObject $ACL

User avatar
jvierra
Posts: 12958
Joined: Tue May 22, 2007 9:57 am
Contact:

Re: Help with ACL

Post by jvierra » Wed Dec 20, 2017 1:52 pm

It is getting set but it has to be viewed under "Advanced" button. To get the top one set just remove it and re-add the trustee.

User avatar
hamsandwich
Posts: 29
Joined: Thu Nov 20, 2014 12:05 pm

Re: Help with ACL

Post by hamsandwich » Thu Dec 21, 2017 8:04 am

jvierra wrote:
Wed Dec 20, 2017 1:52 pm
It is getting set but it has to be viewed under "Advanced" button. To get the top one set just remove it and re-add the trustee.
When I go to advanced it still does not show up with Full Control

User avatar
jvierra
Posts: 12958
Joined: Tue May 22, 2007 9:57 am
Contact:

Re: Help with ACL

Post by jvierra » Thu Dec 21, 2017 8:24 am

Look harder. It works correctly for me.

User avatar
hamsandwich
Posts: 29
Joined: Thu Nov 20, 2014 12:05 pm

Re: Help with ACL

Post by hamsandwich » Thu Dec 21, 2017 11:53 am

The new rule is showing up correctly but is basically having no affect because the "old" Users rules still exists. Is there a way to remove that one first? I tried but was unsuccessful. Below is what the advanced permissions look like; the highlighted rule is the one I just created.
Capture.PNG
Capture.PNG (37.85 KiB) Viewed 845 times

User avatar
jvierra
Posts: 12958
Joined: Tue May 22, 2007 9:57 am
Contact:

Re: Help with ACL

Post by jvierra » Thu Dec 21, 2017 12:06 pm

Rules are additive.
You should never give users full control of system managed folders.
You have chosen to use "subfolders and files" which is the default. What did you want?

User avatar
hamsandwich
Posts: 29
Joined: Thu Nov 20, 2014 12:05 pm

Re: Help with ACL

Post by hamsandwich » Thu Dec 21, 2017 12:14 pm

jvierra wrote:
Thu Dec 21, 2017 12:06 pm
Rules are additive.
You should never give users full control of system managed folders.
You have chosen to use "subfolders and files" which is the default. What did you want?
Unfortunately a piece of software we are using requires the Users group for that particular folder to have FullControl permissions to function properly.

Locked