I have a fileshare that has many folders and subfolders, some subfolders have there own permissions and some inherit, but for all folders I want to replace whatever permissions that might be set in the folder with read permissions only. I have tried this
$SiteString=[String]$SiteURL
$pos=$SiteString.LastIndexOf("/")
$Site=$SiteString.Substring($pos+1)
$parent=((get-item$Folder).parent).Fullname
$AllFolders=Get-ChildItem-Recurse-Path$Folder|?{$_.psIsContainer -eq$True}
$FilesInRoot=Get-ChildItem-Path$Folder|?{$_.psIsContainer -eq$False}
$acl=get-acl$Folder
Foreach($usrin$acl.access){
$acl.RemoveAccessRule($usr)
$rule=New-ObjectSystem.Security.AccessControl.FileSystemAccessRule($usr.IdentityReference,"Read","none","none","Allow")
$Acl.AddAccessRule($rule)
}
$acl|Set-Acl
}catch{continue}
#Loop through all folders (recursive) that exist within the folder supplied by the operator
foreach($CurrentFolderin$AllFolders){
$FolderRelativePath=($CurrentFolder.FullName).Substring($Folder.Length)
$FileSource=$Folder+$FolderRelativePath
try{
$acl=get-acl$FileSource
Foreach($usrin$acl.access){
$acl.RemoveAccessRule($usr)
$rule=New-ObjectSystem.Security.AccessControl.FileSystemAccessRule($usr.IdentityReference,"Read","none","none","Allow")
$acl.AddAccessRule($rule)
}
$acl|Set-Acl
}catch{continue}
}
but unfortunately it doesn't do what I want it to do, it doesn't replace the permissions just adds them to what is already there and with folders with their own permissions it just throws an error
Set-Acl : The process does not possess the 'SeSecurityPrivilege' privilege which is required for this
operation.
At C:\Users\dah\Documents\RobIACASMigration\AcasFinishMigration.ps1:68 char:28
+ $acl | Set-Acl
+ ~~~~~~~
+ CategoryInfo : PermissionDenied: (\\grape\Documen...kjkjkjkjkjkjjkj:String) [Set-Acl], Privileg
eNotHeldException
+ FullyQualifiedErrorId : System.Security.AccessControl.PrivilegeNotHeldException,Microsoft.PowerShell.Com
mands.SetAclCommand
- Edited by bended Friday, July 24, 2015 2:41 PM