There's been a few instances where setting folder permissions is required and I've found the following useful.
<#
.Synopsis Change FOLDER permission for Authenticated User
.Description
.Version
#>
#Declares Inheritance $inherNone = [System.Security.AccessControl.InheritanceFlags]::None $propNone = [System.Security.AccessControl.PropagationFlags]::None
$inherCnIn = [System.Security.AccessControl.InheritanceFlags]::ContainerInherit $propInOn = [System.Security.AccessControl.PropagationFlags]::InheritOnly
$inherObIn = [System.Security.AccessControl.InheritanceFlags]::ObjectInherit $propNoPr = [System.Security.AccessControl.PropagationFlags]::NoPropagateInherit
#Declare Auth User
$user = "Authenticated users"
#Path to Folder $path = "C:\SomeFolder"
#Return current permissions
(get-acl C:\SomeFolder).Access
#Removes Inheritance $aclInh = get-acl $path $aclInh.SetAccessRuleProtection($true,$true) Set-Acl $path $aclInh
#Remove Permissions
$getAcl = Get-Acl $path $fileAcc = New-Object System.Security.AccessControl.FileSystemAccessRule("$User","FULL","$inherCnIn ,$inherObIn","None","Allow") $getAcl.SetAccessRule($fileAcc) $getAcl.removeAccessRuleAll($fileAcc) Set-Acl $path $getAcl
#Add Permissions $getAcl = Get-Acl $path $fileAcc = New-Object System.Security.AccessControl.FileSystemAccessRule("$user","READ","$inherCnIn,$inherObIn", "None","Allow") $getAcl.SetAccessRule($fileAcc) Set-Acl $path $getAcl
#Add a DENY permission $getAcl = Get-Acl $path $fileAcc = New-Object System.Security.AccessControl.FileSystemAccessRule("$user","READ","$inherCnIn,$inherObIn","None","deny") $getAcl.SetAccessRule($fileAcc) Set-Acl $path $getAcl
Comentarios