Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <#
- .Synopsis
- For 1 or more computers, for a given folder root, apply full permissions from
- the root down
- .Description
- Also see http://technet.microsoft.com/en-us/library/ff730951.aspx
- $session = New-PSSession -ComputerName "jan-pc"
- Enter-PSSession -Session $session
- Get-ACL "C:\sandbox\PowerShell\artefacts\subFolder" | Format-List
- Which returns eg
- Path : Microsoft.PowerShell.Core\FileSystem::C:\sandbox\PowerShell\artefacts\subFolder
- Owner : BUILTIN\Administrators
- Group : Jan-pc\denni_000
- Access : BUILTIN\Administrators Allow FullControl
- NT AUTHORITY\SYSTEM Allow FullControl
- BUILTIN\Users Allow ReadAndExecute, Synchronize
- NT AUTHORITY\Authenticated Users Allow Modify, Synchronize
- NT AUTHORITY\Authenticated Users Allow -536805
- Audit :
- Sddl : O:BAG:S-1-5-(snip)OICIID;0x1200a9;;;BU)(A;ID;0x1301bf;;;AU)(A;OICIIOID;SDGXGWGR;;;AU)
- .Example
- #>
- function Set-FullFolderPermissions
- {
- Param (
- [Parameter(Mandatory=$true, Position=0)]
- [string[]]
- $ComputerName,
- [Parameter(Mandatory=$true, Position=1)]
- [string]
- $FolderRoot
- )
- Begin {
- $fileRights = [System.Security.AccessControl.FileSystemRights]"FullControl"
- $InheritanceFlag = [System.Security.AccessControl.InheritanceFlags]::None
- $PropagationFlag = [System.Security.AccessControl.PropagationFlags]::None
- $objType =[System.Security.AccessControl.AccessControlType]::Allow
- }
- Process {
- foreach ($computer in $ComputerName) {
- $cred = Get-Credential
- Invoke-Command -ComputerName $computer -Credential $cred -ScriptBlock {
- $objUser = New-Object System.Security.Principal.NTAccount("BUILTIN\users")
- $objACE = New-Object System.Security.AccessControl.FileSystemAccessRule ($objUser, $colRights, $InheritanceFlag, $PropagationFlag, $objType)
- $objACL = Get-ACL "C:\TestFolder"
- $objACL.AddAccessRule($objACE)
- Set-ACL "C:\TestFolder" $objACL
- }
- }
- }
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement