Forum Discussion
Frenchy81100
Nov 14, 2022Copper Contributor
Specials Get-Acl and Set-Acl rules on directories
Hello Everyone, I'm managing to create a script for a company I am working with, and unfortunately, I'm stuck. The company wants some people to only access few directories using that path m...
- Nov 15, 2022
$Data1=Get-ChildItem C:\Users\Administrateur\Software\Clients -Directory -Recurse | where-object Name -eq Direct
Does that work? I don't think the * works... Nope, it doesn't 🙂
Frenchy81100
Nov 17, 2022Copper Contributor
All good! I finaly got the Answer....
Here Is the script:
$Data1=Get-ChildItem C:\Users\Administrateur\Software\Clients\ -Recurse | Where-Object -Property Name -Contains 'Direct' | Get-Acl
$Data2=Get-ChildItem C:\Users\Administrateur\Software\Clients\ -Recurse | Where-Object -Property Name -Contains 'DSS' | Get-Acl
$Data3=Get-ChildItem C:\Users\Administrateur\Software\Clients\ -Recurse | Where-Object -Property Name -Contains 'Flux' | Get-Acl
$Usergroup="Accès Fichiers"
$fileSystemRights="Read"
$InheritanceFlag="ContainerInherit,ObjectInherit"
$PropagationFlag="None"
$AccessControlType="Allow"
#Permet de désactiver l'héritage des autorisations du dossier:
$NewAcl=$Data1
$NewAcl.SetAccessRuleProtection($true,$true)
$NewAcl | Set-Acl
#Permet de donner les autorisations pour le groupe:
$Acl=$Data1
$rule=New-Object System.Security.AccessControl.FileSystemAccessRule($Usergroup, $fileSystemRights, $InheritanceFlag, $PropagationFlag, $AccessControlType)
$Acl.addAccessrule($rule)
$Acl | Set-Acl
#Copier les autorisations sur les autres dossiers:
$NewAcl=$Data2
$NewAcl.SetAccessRuleProtection($true,$true)
$NewAcl | Set-Acl
#Permet de donner les autorisations pour le groupe:
$Acl=$Data2
$rule=New-Object System.Security.AccessControl.FileSystemAccessRule($Usergroup, $fileSystemRights, $InheritanceFlag, $PropagationFlag, $AccessControlType)
$Acl.addAccessrule($rule)
$Acl | Set-Acl
$NewAcl=$Data3
$NewAcl.SetAccessRuleProtection($true,$true)
$NewAcl | Set-Acl
#Permet de donner les autorisations pour le groupe:
$Acl=$Data3
$rule=New-Object System.Security.AccessControl.FileSystemAccessRule($Usergroup, $fileSystemRights, $InheritanceFlag, $PropagationFlag, $AccessControlType)
$Acl.addAccessrule($rule)
$Acl | Set-Acl
Everything all Set and works fine!
Here Is the script:
$Data1=Get-ChildItem C:\Users\Administrateur\Software\Clients\ -Recurse | Where-Object -Property Name -Contains 'Direct' | Get-Acl
$Data2=Get-ChildItem C:\Users\Administrateur\Software\Clients\ -Recurse | Where-Object -Property Name -Contains 'DSS' | Get-Acl
$Data3=Get-ChildItem C:\Users\Administrateur\Software\Clients\ -Recurse | Where-Object -Property Name -Contains 'Flux' | Get-Acl
$Usergroup="Accès Fichiers"
$fileSystemRights="Read"
$InheritanceFlag="ContainerInherit,ObjectInherit"
$PropagationFlag="None"
$AccessControlType="Allow"
#Permet de désactiver l'héritage des autorisations du dossier:
$NewAcl=$Data1
$NewAcl.SetAccessRuleProtection($true,$true)
$NewAcl | Set-Acl
#Permet de donner les autorisations pour le groupe:
$Acl=$Data1
$rule=New-Object System.Security.AccessControl.FileSystemAccessRule($Usergroup, $fileSystemRights, $InheritanceFlag, $PropagationFlag, $AccessControlType)
$Acl.addAccessrule($rule)
$Acl | Set-Acl
#Copier les autorisations sur les autres dossiers:
$NewAcl=$Data2
$NewAcl.SetAccessRuleProtection($true,$true)
$NewAcl | Set-Acl
#Permet de donner les autorisations pour le groupe:
$Acl=$Data2
$rule=New-Object System.Security.AccessControl.FileSystemAccessRule($Usergroup, $fileSystemRights, $InheritanceFlag, $PropagationFlag, $AccessControlType)
$Acl.addAccessrule($rule)
$Acl | Set-Acl
$NewAcl=$Data3
$NewAcl.SetAccessRuleProtection($true,$true)
$NewAcl | Set-Acl
#Permet de donner les autorisations pour le groupe:
$Acl=$Data3
$rule=New-Object System.Security.AccessControl.FileSystemAccessRule($Usergroup, $fileSystemRights, $InheritanceFlag, $PropagationFlag, $AccessControlType)
$Acl.addAccessrule($rule)
$Acl | Set-Acl
Everything all Set and works fine!
Nov 17, 2022
Nice!
- Frenchy81100Nov 17, 2022Copper ContributorHarm_Veenstra
Thanks a lot For Everything, the script doesn't look clean but still is nice and fully working.