PowerShell for Windows Admins

Jul 23 2010   1:50PM GMT

Setting permissions

Richard Siddaway Richard Siddaway Profile: Richard Siddaway

There was a question on the ITKE forum about creating folders and setting permissions.  That immediately started me thinking about a PowerShell answer

001
002
003
004
005
006
007
008
009
010
011
012
013
014
015
016
017
018
019
020
021
022
023
024
025
026
027
028
029
030
$trustee = ([wmiclass]‘Win32_trustee’).psbase.CreateInstance()
$trustee.Domain = “RSLAPTOP01″
$trustee.Name = “Test”

$fullcontrol = 2032127
$change = 1245631
$read = 1179785

$ace = ([wmiclass]‘Win32_ACE’).psbase.CreateInstance()
$ace.AccessMask = $fullcontrol
$ace.AceFlags = 3
$ace.AceType = 0
$ace.Trustee = $trustee

$sd = ([wmiclass]‘Win32_SecurityDescriptor’).psbase.CreateInstance()
$sd.ControlFlags = 4
$sd.DACL = $ace
$sd.group = $trustee
$sd.owner = $trustee

Get-ChildItem -Path c:\test | 
where{($_.PSISContainer) -and ($_.Name -like “test?”)} |
foreach {
    New-Item -Path $_.FullName -Name “Special” -ItemType directory
    $folder = Join-Path -Path $_.FullName -ChildPath “Special” 
    $name = $folder.Replace(“\”,“\\”)
    $fldr = Get-WmiObject -Class Win32_Directory -Filter “Name=’$name’”
    $fldr.ChangeSecurityPermissions($sd, 4)
}

I created a group called test on my machine – then used Win32_Trustee to create an object referring to the group. The creatinstance method doesn’t show on the PowerShell object so we have to drill down into the base object.

We then create an ACE defining full control and a security descriptor encompassing the ACE and the trustee.

I can loop through a folder picking off the folders that match a pattern and then create a new folder in each. After creation I set the security permission.

1  Comment on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
  • Richard Siddaway
    [...] a recent post http://itknowledgeexchange.techtarget.com/powershell/setting-permissions/ I showed how to set the permissions on a folder. Some times we just want to add [...]
    0 pointsBadges:
    report

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: