Help with ACL

Ask your PowerShell-related questions, including questions on cmdlet development!
Forum rules
Do not post any licensing information in this forum.

Any code longer than three lines should be added as code using the 'Select Code' dropdown menu or attached as a file.
This topic is 6 years and 3 months old and has exceeded the time allowed for comments. Please begin a new topic or use the search feature to find a similar but newer topic.
Locked
User avatar
WSUsoftware
Posts: 30
Last visit: Thu Feb 17, 2022 2:52 pm

Help with ACL

Post by WSUsoftware »

I have searched the forums first, but I'm still having some troubles. I am trying to simulate checking the Full Control box on the folder below for the Users group.
FolderPermissions.PNG
FolderPermissions.PNG (21.29 KiB) Viewed 3323 times
I have tried the following lines of code without success:
  1. $ACL = Get-Acl -Path 'C:\Program Files\New Folder'
  2. $newRule = New-Object System.Security.AccessControl.FileSystemAccessRule("users", "FullControl", "Allow")
  3. $ACL.AddAccessRule($newRule)
  4. Set-Acl -Path 'C:\Program Files\New Folder' -AclObject $ACL
jvierra
Posts: 15439
Last visit: Tue Nov 21, 2023 6:37 pm
Answers: 30
Has voted: 4 times
Been upvoted: 33 times

Re: Help with ACL

Post by jvierra »

It is getting set but it has to be viewed under "Advanced" button. To get the top one set just remove it and re-add the trustee.
User avatar
WSUsoftware
Posts: 30
Last visit: Thu Feb 17, 2022 2:52 pm

Re: Help with ACL

Post by WSUsoftware »

jvierra wrote: Wed Dec 20, 2017 12:52 pm It is getting set but it has to be viewed under "Advanced" button. To get the top one set just remove it and re-add the trustee.
When I go to advanced it still does not show up with Full Control
jvierra
Posts: 15439
Last visit: Tue Nov 21, 2023 6:37 pm
Answers: 30
Has voted: 4 times
Been upvoted: 33 times

Re: Help with ACL

Post by jvierra »

Look harder. It works correctly for me.
User avatar
WSUsoftware
Posts: 30
Last visit: Thu Feb 17, 2022 2:52 pm

Re: Help with ACL

Post by WSUsoftware »

The new rule is showing up correctly but is basically having no affect because the "old" Users rules still exists. Is there a way to remove that one first? I tried but was unsuccessful. Below is what the advanced permissions look like; the highlighted rule is the one I just created.
Capture.PNG
Capture.PNG (37.85 KiB) Viewed 3226 times
jvierra
Posts: 15439
Last visit: Tue Nov 21, 2023 6:37 pm
Answers: 30
Has voted: 4 times
Been upvoted: 33 times

Re: Help with ACL

Post by jvierra »

Rules are additive.
You should never give users full control of system managed folders.
You have chosen to use "subfolders and files" which is the default. What did you want?
User avatar
WSUsoftware
Posts: 30
Last visit: Thu Feb 17, 2022 2:52 pm

Re: Help with ACL

Post by WSUsoftware »

jvierra wrote: Thu Dec 21, 2017 11:06 am Rules are additive.
You should never give users full control of system managed folders.
You have chosen to use "subfolders and files" which is the default. What did you want?
Unfortunately a piece of software we are using requires the Users group for that particular folder to have FullControl permissions to function properly.
This topic is 6 years and 3 months old and has exceeded the time allowed for comments. Please begin a new topic or use the search feature to find a similar but newer topic.
Locked