Forum Discussion
Getting a parent's parent for a folder using power shell
the script seems to be working,
I try it on my side and the result was correct, good job.
$Permission.SetAccessRuleProtection($False,$true) Set-Acl -Path $allFolders.FullName -AclObject $PermissionIn the first line and as the $Permission is holding the folder ACL information, there is one of the methods called SetAccessRuleProtection, you can find all other methods and properties by using $Permission | Get-Member.
The SetAccessRuleProtection accepts 2 input IsProtected and PreservedInheritance
SetAccessRuleProtection (bool isProtected, bool preserveInheritance);IsProtected: Type is Bool ($True/$false) , $False= Enable Inheritance
PreservedInheritance : This parameter is actually ignored as the IsProtected is set to false
Thanks
-------------------------
Feel free to respond and request more information, if you find the answer that satisfy your need, Please make sure to mark it as Best Response and like the other.
While going through the script, i had a question. How is the script getting the permission from the parent and inheriting the same. I couldn't figure it out. Am i giving the $the_shares variable in the wrong position?
Please advise.
I tried the below 2 scripts, both seem to give the same result. couldn't get the difference.
Script 1:
$the_shares = 'C:\OIMShare3\test1'
$allFolders=Get-ItemProperty -Path $the_shares
Write-Host "Setting the permissions of" $allfolders.Name "based on" $allfolders.Parent.Name
$allFolders.Parent.Name
$Permission=get-acl -Path $the_shares
$Permission.SetAccessRuleProtection($False,$true)
Set-Acl -Path $the_shares -AclObject $Permission
Script 2:
$the_shares = 'C:\OIMShare3\test2'
$allFolders=Get-ItemProperty -Path $the_shares
Write-Host "Setting the permissions of" $allfolders.Name "based on" $allfolders.Parent.Name
$allFolders.Parent.Name
$Permission=get-acl -Path $allFolders.Parent.FullName
$Permission.SetAccessRuleProtection($False,$true)
Set-Acl -Path $allFolders.FullName -AclObject $Permission
Thanks in advance.
suren424 I am no expert on ACL's, inheritance and permissions, and have never used get-acl in anger, but I can see the difference in your two scripts is on line 5
$Permission=get-acl -Path $the_shares
vs
$Permission=get-acl -Path $allfolders.Parent.FullName
$the_shares is a simple text constant, and PS know nothing more about it. $allfolders is an object that represents the folder named in the text constant. This allows us to access it's properties dynamically, such as it's parent folder.
$allFolders=Get-ItemProperty -Path $the_sharesIn Script 2, we are getting (into $permission variable) the ACL on the Parent's Path, but in Script 1, we are getting the ACL on $the_shares text value. Therefore, Script 1 does nothing except copy the permissions from $the_shares, and then applies it back to itself without changing it...so it is redundant.
If get-acl set-acl is indeed the correct way to set inheritance, then I think you would find Script 2 does what you wanted if the parent folder has a length greater than 1.
But as farismalaeb mentioned Here in his post on Monday, if the length is one, you would want to first get-acl of $allfolders.Parent.Parent.FullName, and set-acl on $allfolders.Parent.FullName, THEN you would get-acl of $allfolders.Parent.FullName, and set-acl on $allfolders.FullName, so that you respect the Grandfather, Father, Son relationship (apologies if the choice of pronoun offends 😉 ) and apply the relationship in the correct order