4

I'm running this script in PowerShell:

Add-NTFSAccess -Path 'C:\MyFolder' -Account PROGRAMMING\IIS_IUSRS -AccessRights FullControl

and I'm getting this error:

Add-NTFSAccess : Cannot bind parameter 'Account'. Cannot convert value "PROGRAMMING\IIS_IUSRS" to type "Security2.IdentityReference2". Error: "Some or all identity references could not be translated." At line:1 char:46 + Add-NTFSAccess -Path 'C:\MyFolder' -Account PROGRAMMING\IIS_IUSRS -AccessRig ... + ~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : InvalidArgument: (:) [Add-NTFSAccess], ParameterBindingException + FullyQualifiedErrorId : CannotConvertArgumentNoMessage,NTFSSecurity.AddAccess

What am I doing wrong?

Thanks,

AYS
  • 143
  • 1
  • 4

1 Answers1

8

use:

Add-NTFSAccess -Path 'C:\MyFolder' -Account BUILTIN\IIS_IUSRS -AccessRights FullControl

or just

Add-NTFSAccess -Path 'C:\MyFolder' -Account IIS_IUSRS -AccessRights FullControl

IIS_IUSRS is a special internal group that you shouldn't/can't prefix with the computer or domain name.

For other internal groups you have to use the prefix NT AUTHORITY or the equivalent in your language, like:

Add-NTFSAccess -Path 'C:\MyFolder' -Account "NT AUTHORITY\NETWORK SERVICE" -AccessRights FullControl
Add-NTFSAccess -Path 'C:\MyFolder' -Account "NT AUTHORITY\iusr" -AccessRights FullControl

Please note that Add-NTFSAccess is not a Windows cmdlets, it's some script that the original poster picked up somewhere but the account names described here should work elsewhere as well.

Peter Hahndorf
  • 14,058
  • 3
  • 41
  • 58
  • Works perfectly, ty. – AYS Jul 31 '15 at 16:49
  • However, it doesn't seem to work for other internal accounts such as "network service" or "IUSR". What is the correct syntax for such accounts? I see nothing in Get-Help. – AYS Aug 17 '15 at 18:43
  • @AYS - I added an example for those accounts – Peter Hahndorf Aug 18 '15 at 09:14
  • Thank you @PeterHahndorf for your answer! I tried the second (shorter) suggestion that uses just "IIS_IUSRS", and I continued to see the same error as the OP. What did work was using "BUILTIN\IIS_IUSRS" instead. No more error! Any idea why I am unable to use the shortened version of the account? – Derek Foulk Dec 21 '15 at 20:36
  • I'm using PowerShell v1.0 and the latest NTFSSecurity (3.2.3)... I know it is impossible to guess as you do not know my setup, but just asking out of curiosity :) – Derek Foulk Dec 21 '15 at 20:38