Forum Discussion
Set-ACL "Attempted to Perform an Unauthorized Operation"
Hi Folks,
I'm currently working on automating security changes on Azure File Shares. As part of this process, I'd like to use Get-ACL and Set-ACL as the easiest ways to copy over a base set of permissions - icacls doesn't have as good functionality for this as it only allows restoring permissions to a file of the same name.
However, whenever I use Set-ACL, I immediately get:
Set-Acl : Attempted to perform an unauthorized operation.
At line:1 char:55
+ ... ath | Set-Acl -Path $concatPath
+ ~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : PermissionDenied: () [Set-Acl], UnauthorizedAccessException
+ FullyQualifiedErrorId : System.UnauthorizedAccessException,Microsoft.PowerShell.Commands.SetAclCommand
As a note I have removed path names.
The account I'm using is a domain admin and has NTFS permission to the file. It can edit these permissions using the GUI with no issues.
It also has an Elevated Contributor role in Azure AD, so it should be able to edit these ACLs.
I've also tried the NTFSSecurity module, which has the same issues. Similarly, I have tried to mount the fileshare to a drive with New-PSDrive, in case that helped, but no luck there either.
I'm pretty out of ideas here, and icacls will require a lot more logic work to strip back the inherited permissions to what I want them to be.
If anyone has any other ideas, I'd love to hear them. Thanks in advance!
- JasonWilliams4569Copper Contributor
Have you had any luck with this? I am having a similar issue with setting permissions on an Isilon share. I had set them in the past but I am needing to update them now to fix incorrect inheritance flags. However I get the same permission denied error message.
- anonymousawesomnessCopper Contributor
JasonWilliams4569 Remove and re-add the share permissions at the share level, not the NTFS. Most everyone uses "everyone" with Full Control because NTFS trumps the share permissions anyway.
Good luck.
- JasonWilliams4569Copper Contributor
Thanks for the reply. My issue turned out to be permissions set on the Isilon. I needed some root permissions to be able to script permissions versus using GUI.
Setting ACLs using Powershell Script | DELL Technologies got me pointed in the right direction
- veeraragavan52Copper Contributor
JakeE: I have exactly the same issue. Have you managed to solve this. Please share me the detailed steps if any.
anonymousawesomness Can you please help me with more details about the troubleshooting step you suggested.
- anonymousawesomnessCopper ContributorThere are two types of permissions for a shared folder object. NTFS and Share. Remove your share permissions and re-add them. They don't have to change, but just re-add them and it corrects this issue.
This only applies to folders that are actively being shared by a fileserver and not just any folder. Since NTFS permissions supersede Share permissions, most people have it set to Everyone and Full Control anyway, so it's not a super big deal.
Viola.
Error goes away...