In my previous post, I used PowerShell to change the permissions of a top level folder. In that script, I took the folder in question and copied the inherited permissions to it, and then I tinkered it to be what I wanted. I wanted to do something similar, but I wanted a set of permission that differed from the parent. Basically I wanted the folder to have unique permissions. Below is the function to do that:
function JBMURPHY-PERMS-ClientsFolderReBase {
Param([parameter(Mandatory = $true)]$Path)
$correctACLs = New-Object System.Security.AccessControl.DirectorySecurity
$correctACLs.SetAccessRuleProtection($true,$true)
$Rule_Admin = New-Object Security.AccessControl.FileSystemAccessRule("BUILTIN\Administrators",@("FullControl"),"ContainerInherit, ObjectInherit","None","Allow")
$Rule_System = New-Object Security.AccessControl.FileSystemAccessRule("NT AUTHORITY\SYSTEM",@("FullControl"),"ContainerInherit, ObjectInherit","None","Allow")
$Rule_Users1 = New-Object Security.AccessControl.FileSystemAccessRule("BUILTIN\Users",@("ReadAndExecute", "Synchronize"),"None","None","Allow")
$Rule_Users2 = New-Object Security.AccessControl.FileSystemAccessRule("BUILTIN\Users",@("Modify, Synchronize"),"ContainerInherit, ObjectInherit","InheritOnly","Allow")
$correctACLs.AddAccessRule($Rule_Admin)
$correctACLs.AddAccessRule($Rule_System)
$correctACLs.AddAccessRule($Rule_Users1)
$correctACLs.AddAccessRule($Rule_Users2)
write-host "Changing $Path"
set-acl $path $correctACLs
}
In line 3 I create a new ACl, and in line 4, I set the cal to not inherit parent permissions.
Lines 4-8 are the specific permissions I want to apply (they are addressing the same issue I described here)
Lines 9-12 add the new perms to the new ACL, and line 14 set the ACL of the folder to the new ACL.
A little different want o go about this, as I created an ACL from the start.