I have written two PowerShell scripts. One asks the user for a foldername. It creates a folder with that name, gives the user full control, gives the administrators group full control and strips the inherited rights, leaving only the user and administrators. The second script asks for a username and gives modify rights to that user in the new folder.
It works as intended except for one thing: when I create a file or folder in the newly created folder, it doesn't inherit those rights. I looked at the security tab, clicked advanced and edit (on the accounts), and found 2 things not as I want them:
- The 'apply to' setting is 'this folder only'. When I manually set it to 'this folder, subfolder and files' it works as intended
- The user created with the second script has the above, and the permissions box 'delete subfolders and files' is not ticked.
Adding the accounts revolves around these lines:
$Acl = Get-Acl $Folderpath
$Ar = New-Object system.Security.AccessControl.FileSystemAccessRule($user_account,"FullControl","Allow")
$Acl.Setaccessrule($Ar)
Set-Acl $Folderpath $Acl
$Folderpath is a variable set earlier pointing to the folder. $user_account is a variable set earlier containing the useraccount name.
My question:
Is there a way to have these accounts added to the folder permissions correctly (rights will be inherited, user has delete rights) or to correct it afterwards in the script?
