# This script takes an optional parameter of a path. If excluded, the path

1.     # This script takes an optional parameter of a path.  If excluded, the path will
2.     # be taken from the location where the PowerShell script is called.
3.     param([String[]] $path=(get-location).Path)
4.  
5.     # The following information determines the user/group that will be used and the
6.     # permissions that will be set accordingly at every location that matches the
7.     # criteria of having inheritance blocked.
8.     # $Identity               – Identity of the user or group being granted permissions
9.     # $Rights                   – The rights to be assigned
10.     # $Inheritance     – Defines if subsequent objects and containers will receive the
11.     #                                         the new permissions.
12.     # $Propagation     – Defines how permissions are propagated to all child objects
13.     # $Type                      – Defines whether access is Allowed or Denied
14.     $Identity = “[domain]\[group to add]”
15.     $Rights = “FullControl”
16.     $Inheritance = @(“ObjectInherit”, “ContainerInherit”)
17.     $Propagation = “None”
18.     $Type = “Allow”
19.     $Rule = New-Object System.Security.AccessControl.FileSystemAccessRule( `
20.     $Identity, $Rights, $Inheritance, $Propagation, $Type)
21.  
22.     # Get the security descriptor for the $path or location where the script was
23.     # run from and add the previous rule to the location.
24.     $TopACL = Get-ACL $path
25.     $TopACL.AddAccessRule($Rule)
26.     Set-ACL $path -AclObject $TopACL
27.  
28.     # Recurse all folders and sub-folders contained in the original path or location
29.     # where the script was called
30.     get-childitem $path -recurse -force | where-object { $_.PsIsContainer } |
31.     foreach-object {
32.     # Get the security descriptor for the child object
33.     $ACL = Get-ACL $_.FullName
34.  
35.     # Get the access rules for the child object
36.     $access = (get-acl $_.FullName).Access
37.  
38.     # Select the IsInherited field and set $inherit to the number of times it
39.     # occurs, should be 1 or 0, or TRUE/FALSE respectively.
40.     $inherit = $access.Count -eq ($access | where-object { $_.IsInherited }).Count
41.  
42.     # If inheritance is blocked, $inherit is NOT true, add the accessrule to the
43.     # child object and apply it.
44.     if( !$inherit )
45.     {
46.     $ACL.AddAccessRule($Rule)
47.     Set-ACL $_.FullName -AclObject $ACL
48.     }
49.     }