Change permissions in a fileshare poweshell

I have a fileshare that has many folders and subfolders, some subfolders have there own permissions and some inherit, but for all folders I want to replace whatever permissions that might be set in the folder with read permissions only. I have tried this

  $SiteString=[String]$SiteURL          

  $pos=$SiteString.LastIndexOf("/")        

  $Site=$SiteString.Substring($pos+1)          

  $parent=((get-item$Folder).parent).Fullname     

  $AllFolders=Get-ChildItem-Recurse-Path$Folder|?{$_.psIsContainer -eq$True} 

  $FilesInRoot=Get-ChildItem-Path$Folder|?{$_.psIsContainer -eq$False}      

   $acl=get-acl$Folder       

   Foreach($usrin$acl.access){                       

$acl.RemoveAccessRule($usr)                       

$rule=New-ObjectSystem.Security.AccessControl.FileSystemAccessRule($usr.IdentityReference,"Read","none","none","Allow")

$Acl.AddAccessRule($rule)

}                   

$acl|Set-Acl            

}catch{continue}                       

#Loop through all folders (recursive) that exist within the folder supplied by the operator                        

foreach($CurrentFolderin$AllFolders){                   

$FolderRelativePath=($CurrentFolder.FullName).Substring($Folder.Length)

$FileSource=$Folder+$FolderRelativePath

try{                      

$acl=get-acl$FileSource                  

Foreach($usrin$acl.access){                       

$acl.RemoveAccessRule($usr)                       

$rule=New-ObjectSystem.Security.AccessControl.FileSystemAccessRule($usr.IdentityReference,"Read","none","none","Allow")

$acl.AddAccessRule($rule)                     

}                   

$acl|Set-Acl                    

}catch{continue}

}


                                    


                

            

but unfortunately it doesn't do what I want it to do, it doesn't replace the permissions just adds them to what is already there and with folders with their own permissions it just throws an error

Set-Acl : The process does not possess the 'SeSecurityPrivilege' privilege which is required for this

operation.

At C:\Users\dah\Documents\RobIACASMigration\AcasFinishMigration.ps1:68 char:28

+                     $acl | Set-Acl

+                            ~~~~~~~

    + CategoryInfo          : PermissionDenied: (\\grape\Documen...kjkjkjkjkjkjjkj:String) [Set-Acl], Privileg

   eNotHeldException

    + FullyQualifiedErrorId : System.Security.AccessControl.PrivilegeNotHeldException,Microsoft.PowerShell.Com

   mands.SetAclCommand

 



  • Edited by bended Friday, July 24, 2015 2:41 PM
July 24th, 2015 2:14pm

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics