Set-Acl Without Changing Owner & Without Enabling Inheritance. (Network Steve Forum)

Set-Acl Without Changing Owner & Without Enabling Inheritance.

I posted this question in an old forum after it was already marked as answered but figured it might be best to ask this question in a new one.

My task is to add in BUILTIN\Administrators to all files and folders including sub-directories without changing the Owner. I've come across a particular function someone had created that allows for the first part of my task to work but it doesn't work if inheritance is disabled on a sub-directory. Is there anything that can be added to leave inheritance disabled and continue adding in permissions? A Recursive command somewhere?

I'm relatively new to Powershell and have tried searching around trying to find this answer myself but all the examples I've come across assumes that proper permission is already in place in order to add permissions in a sub-directory that has disabled inheritance.

Thank you for the help anyone might be able to give :)

Here's the script:

Function Set-FilePathPermission()
{
 	[CmdletBinding(PositionalBinding=$false)]
    Param(
	    [Parameter(Mandatory=$True)][string][ValidateNotNullOrEmpty()][ValidateScript({Test-Path $_})] $Path, 
	    [Parameter(Mandatory=$True)][string][ValidateNotNullOrEmpty()] $Identity,
	    [Parameter(Mandatory=$True)][System.Security.AccessControl.FileSystemRights] $Permission,
		[Parameter(Mandatory=$false)][string][ValidateSet("Allow","Deny")] $Action = "Allow",
		[Switch] $DisablePropagation
    )

    #Show all permissions that can be assigned [Enum]::GetNames([System.Security.AccessControl.FileSystemRights])

    Write-Host "Setting ""$Action"" ""$Permission"" permissions for identity ""$Identity"" to ""$Path""" -ForegroundColor Cyan

    $item = Get-Item -Path $Path
    	
	#If the path that we are setting permission to is a folder then consider inheriatance and propagation
	if ($item -is [System.IO.DirectoryInfo])
	{
		$inherit = [System.Security.AccessControl.InheritanceFlags] "ContainerInherit, ObjectInherit"
    	if ($DisablePropagation)
		{
			$propagation = [System.Security.AccessControl.PropagationFlags] "NoPropagateInherit"
		}
		else
		{
			$propagation = [System.Security.AccessControl.PropagationFlags] "None"
		}
		$acl = [System.IO.Directory]::GetAccessControl($Path)
		$permissionRule = $Identity, $Permission, $inherit, $propagation, $Action
        $accessRule = New-Object System.Security.AccessControl.FileSystemAccessRule $permissionRule
        $acl.AddAccessRule($accessRule)
        [System.IO.Directory]::SetAccessControl($Path,$acl)
	}
	elseif ($item -is [System.IO.FileInfo])
	{
		$acl = [System.IO.File]::GetAccessControl($Path)
        $permissionRule = $Identity, $Permission, $Action
        $accessRule = New-Object System.Security.AccessControl.FileSystemAccessRule $permissionRule
        $acl.AddAccessRule($accessRule)
        [System.IO.File]::SetAccessControl($Path, $acl)
	}
    else
    {
        Throw "Unknown file type for path ""$Path"""
    }
}

Edited by Dayrowshay 14 hours 58 minutes ago

July 22nd, 2015 12:05pm

This topic is archived. No further replies will be accepted.