I have a main folder named "2020". I have a script that creates a subfolder with a file number and an address, and 5 sub-sub folders, like in the following example:
I would like:
So basically, users cannot create files in "2020", but only in the sub-sub-folders of each sub folder (Correspondance, Documents facturation, etc.)
I would use Powershell, specifically Set-ACL. I couldn't find much documentation but here is some : https://ss64.com/ps/set-acl.html and https://docs.microsoft.com/en-us/powershell/module/microsoft.powershell.security/set-acl?view=powershell-7
It would look something like this :
#Folder to Set Permissions on
$Path = "C:\test"
#Retrieve Current ACL
$ACL = Get-Acl $Path
#Object to add to ACL
$Object = "TESTGROUP"
#This will create an Access Control Entity (ACE) for the referenced Object with Traverse Permissions, applies to subfolders and files only, with allow.
$Rule = New-Object System.Security.AccessControl.FileSystemAccessRule("$Object","Traverse", "ContainerInherit, ObjectInherit", "InheritOnly", "Allow")
#This will add the ACE to the existing ACL so the permissions are added, not overwritten.
$ACL.AddAccessRule($Rule)
#You can continue adding more permissions by repeating the previous steps, for example if you want to add ListFolder permissions :
$Rule = New-Object System.Security.AccessControl.FileSystemAccessRule("$Object","ListDirectory", "ContainerInherit, ObjectInherit", "InheritOnly", "Allow")
$ACL.AddAccessRule($Rule)
#Then you can finally apply the new ACL with :
Set-Acl $Path $ACL
