Forum Discussion

JakeE's avatar
JakeE
Copper Contributor
Nov 22, 2023

Set-ACL "Attempted to Perform an Unauthorized Operation"

Hi Folks, 

I'm currently working on automating security changes on Azure File Shares. As part of this process, I'd like to use Get-ACL and Set-ACL as the easiest ways to copy over a base set of permissions - icacls doesn't have as good functionality for this as it only allows restoring permissions to a file of the same name. 

However, whenever I use Set-ACL, I immediately get:

 

 

 

 

 

Set-Acl : Attempted to perform an unauthorized operation.
At line:1 char:55
+ ... ath  | Set-Acl -Path $concatPath
+                                                 ~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : PermissionDenied: () [Set-Acl], UnauthorizedAccessException
    + FullyQualifiedErrorId : System.UnauthorizedAccessException,Microsoft.PowerShell.Commands.SetAclCommand
 

 

 

 

 

 

As a note I have removed path names. 
The account I'm using is a domain admin and has NTFS permission to the file. It can edit these permissions using the GUI with no issues. 
It also has an Elevated Contributor role in Azure AD, so it should be able to edit these ACLs. 

I've also tried the NTFSSecurity module, which has the same issues. Similarly, I have tried to mount the fileshare to a drive with New-PSDrive, in case that helped, but no luck there either. 

I'm pretty out of ideas here, and icacls will require a lot more logic work to strip back the inherited permissions to what I want them to be. 


If anyone has any other ideas, I'd love to hear them. Thanks in advance!

  • JakeE 

    Have you had any luck with this? I am having a similar issue with setting permissions on an Isilon share. I had set them in the past but I am needing to update them now to fix incorrect inheritance flags. However I get the same permission denied error message. 

  • veeraragavan52's avatar
    veeraragavan52
    Copper Contributor

    JakeE: I have exactly the same issue. Have you managed to solve this. Please share me the detailed steps if any.

     

    anonymousawesomness Can you please help me with more details about the troubleshooting step you suggested. 

     

     

    • anonymousawesomness's avatar
      anonymousawesomness
      Copper Contributor
      There are two types of permissions for a shared folder object. NTFS and Share. Remove your share permissions and re-add them. They don't have to change, but just re-add them and it corrects this issue.

      This only applies to folders that are actively being shared by a fileserver and not just any folder. Since NTFS permissions supersede Share permissions, most people have it set to Everyone and Full Control anyway, so it's not a super big deal.

      Viola.

      Error goes away...

Resources