0

I am trying to the Domain Admins group to all the file shares on our server with Full Control NTFS permissions, but it seems to lock up and cant proceed at the "$Acl.SetAccessRule($Ar)" line.

This is the code that I have so far:

$shares = Get-SmbShare

foreach($share in $shares) {
    $Acl = get-acl $share.Path

    $Ar = New-Object System.Security.AccessControl.FileSystemAccessRule("Domain Admins", "FullControl", "ContainerInherit,ObjectInherit", "None", "Allow")
    $Acl.SetAccessRule($Ar)

    Set-Acl $share.Path $Acl
}

Does anyone have any ideas why this isnt working? I was able to add Domain Admins to File Share Permissions but cant seem to do the same with NTFS permissions following the same algorithm.

Thanks!

Gamblers
  • 41
  • 4
  • Are you running the script as a Domain Admin? – Scepticalist Nov 17 '19 at 18:58
  • What error you have received ? define "lock up" please. – Ranadip Dutta Nov 18 '19 at 07:27
  • @scepticalist, yes and have also tried as local administrator. – Gamblers Nov 19 '19 at 03:08
  • @Ranadip Dutta, when I say lock up, I mean the script doesn't finish the loop and proceeds to the next object. It just hangs forever at the line of code I mentioned up top. – Gamblers Nov 19 '19 at 03:10
  • You need to debug it. You need to see on which of the shares it is causing that behavior. Isolate it first. If possible, log it to understand it better. – Ranadip Dutta Nov 19 '19 at 07:55
  • How can I do that? It hangs on the very first loop. Could it be possible that it hangs because Domain Admins already exists as an ACE for that fileshare? if so, how can I check if Domain Admins does not exist, then add? – Gamblers Nov 23 '19 at 14:49

0 Answers0