Modifying NTFS Permissions Using the NTFSSecurity Module

Hi All, I am hoping someone can help me crack this issue. I have been tasked with changing the Access Rights on millions of files and folders for each user/group that has access to them currently. ...

powershell script

farismalaeb
Dec 04, 2020
Hi MoZZa
I tried The NTFSSecurity Module, but it seems that there still some missing features in it such as Set-NTFSAccess, or maybe I did not see it.
anyway.
I wrote a code that will do the following
will read the permission from the folder to a variable, set change the value in the variable (it was hardcoded), and then apply these settings to the folder back, this will not change the Apply to scope, and the only thing that should change is the permission only and nothing else
anyway
i did the test on my lab and its a small scope, try it from your side and let me know
below are some pictures of the result, Oh, did I forget to tell you that i did not use the NTFSSecurity module.
Before the Script
After the Script

$acl=Get-Acl -Path C:\MyTestFolder foreach ($singleACL in ($acl.Access | where {($_.FileSystemRights -like "*FullControl*") -and ($_.IsInherited -like $false)})){ $FileSystemRights=@("ReadData, Delete, Synchronize") $AccessControlType=$singleACL.AccessControlType $IdentityReference=$singleACL.IdentityReference $InheritanceFlags=$singleACL.InheritanceFlags $PropagationFlags=$singleACL.PropagationFlags $rule = New-Object System.Security.AccessControl.FileSystemAccessRule($IdentityReference, $FileSystemRights,$InheritanceFlags, $PropagationFlags, $AccessControlType) # This folder only $acl.SetAccessRule($rule) Set-Acl -Path C:\MyTestFolder -AclObject $acl }
Try the script, and let me know
and I hope I understand the requirement correct (sometime my bad English fails me )

----------------
If this answer helped, please click on best Response and give like 🙂

farismalaeb

Iron Contributor

Dec 04, 2020

Hi MoZZa

I tried The NTFSSecurity Module, but it seems that there still some missing features in it such as Set-NTFSAccess, or maybe I did not see it.

anyway.

I wrote a code that will do the following

will read the permission from the folder to a variable, set change the value in the variable (it was hardcoded), and then apply these settings to the folder back, this will not change the Apply to scope, and the only thing that should change is the permission only and nothing else

anyway

i did the test on my lab and its a small scope, try it from your side and let me know

below are some pictures of the result, Oh, did I forget to tell you that i did not use the NTFSSecurity module.

Before the Script

After the Script

$acl=Get-Acl -Path C:\MyTestFolder 
foreach ($singleACL in ($acl.Access | where {($_.FileSystemRights -like "*FullControl*") -and ($_.IsInherited -like $false)})){
$FileSystemRights=@("ReadData, Delete, Synchronize")
$AccessControlType=$singleACL.AccessControlType
$IdentityReference=$singleACL.IdentityReference
$InheritanceFlags=$singleACL.InheritanceFlags
$PropagationFlags=$singleACL.PropagationFlags
$rule = New-Object System.Security.AccessControl.FileSystemAccessRule($IdentityReference, $FileSystemRights,$InheritanceFlags, $PropagationFlags, $AccessControlType) # This folder only   
$acl.SetAccessRule($rule)
Set-Acl -Path C:\MyTestFolder -AclObject $acl
}

Try the script, and let me know

and I hope I understand the requirement correct (sometime my bad English fails me )

----------------

If this answer helped, please click on best Response and give like 🙂