I'd like to add new group with Full Control to folder's ACL and preserve inherited permissions. When I use Set-Acl or icacls inherited permissions are removed.
Asked
Active
Viewed 292 times
0
-
[Assign group permissions on folders using Powershell via CSV](https://serverfault.com/questions/960394/) – JosefZ Mar 09 '21 at 19:13
1 Answers
1
You can include the existing permissions, and they will retain the IsInherited property:
# Example for adding a user to a file's permissions
$user = 'user1'
$file = 'c:\temp\test.txt'
# Get the existing permissions
$acl = get-item $file | get-acl
# ADD new rules to the existing ones
$rule = [security.accesscontrol.FileSystemAccessRule]::new($user,"Read","Allow")
$acl.AddAccessRule($rule)
$rule = [security.accesscontrol.FileSystemAccessRule]::new($user,"write","Allow")
$acl.AddAccessRule($rule)
Set-Acl $file $acl
You can check with Get-Acl:
Get-Acl 'C:\temp\test.txt' | Select -ExpandProperty Access
FileSystemRights : Write, Read, Synchronize
AccessControlType : Allow
IdentityReference : DOMAIN\user1
IsInherited : False
InheritanceFlags : None
PropagationFlags : None
FileSystemRights : FullControl
AccessControlType : Allow
IdentityReference : BUILTIN\Administrators
IsInherited : True ## Still inherited!
InheritanceFlags : None
PropagationFlags : None
Cpt.Whale
- 307
- 3
- 11