SOLVED

Powershell script to enable inheritance for the folders created in NTFS share

Copper Contributor

Hi,

 

We have a NTFS Share folder wherein we are creating all the users' homeDirectories (homefolder) within the enterprise using Oracle identity management tool. Homefolder creation is working good. But, we are having issues with the permissions.

 

-- It doesn't inherit permissions from the parent folder.

-- sometimes the owner also doesn't get the permissions.

 

Is there a way for us to check the current permissions and enable inheritance for the folders created in the share and all the child items within. We have a lot of homefolders and not able to figureout how to do it via Powershell.

 

Any input will be greatly appreciated.

 

Thanks in advance.

 

 

 

13 Replies

@suren424 

Try this

 

$path='\\SharePath\Whatever'
$Permission=get-acl -Path $path
$Permission.SetAccessRuleProtection($False,$true)
Set-Acl -Path $path -AclObject $Permission
#https://docs.microsoft.com/en-us/dotnet/api/system.security.accesscontrol.objectsecurity.setaccessru...

 

This will enable inheritance on a folder

Thanks for the quick response @farismalaeb

 

I was doing some research and network share folder we need to have 'NTFSSecurity ' powershell module. Do i have to use cmdlets from 'NTFSSecurity' module or the one you shared works fine too.

 

I used this enable inheritance for 'abc' folder, but it's not enabling inheritance for the child items in the 'abc' holder. The same goes with child items in the parent folder 'C:\Share'. How to enable inheritance for child items too. I want to do this for all the folders that gets created newly on a daily basis.

 

Thanks in advance.

 

Get-Item C:\Share\abc\ | Enable-NTFSAccessInheritance

@suren424 

Regardless,

The Modules are make to ease and make common tasks easier and possible.

Have you tried the code I wrote,

Give it a try on a test folder and see the result, I test it from my side and its working fine, this is a native code, so no need for any module or anything, just copy and paste and thats it.

Replace the Value or the $Path with any folder and give it a try. if it work (and should) you can add it with a foreach loop. Just try the code on a test folder and post the result back

 

 

Thank you  @farismalaeb

 

When i tried the below script , it didn't set enable inheritance for the child items in 'OIMShare' folder.

 

$path='\\WINDOWS-2S9Q\OIMShare\'
$Permission=get-acl -Path $path
$Permission.SetAccessRuleProtection($False,$true)
Set-Acl -Path $path -AclObject $Permission

 

 

But, it worked when i ran this script.

 

$path='\\WINDOWS-2S9QPLV\OIMShare\abc\'
$Permission=get-acl -Path $path
$Permission.SetAccessRuleProtection($False,$true)
Set-Acl -Path $path -AclObject $Permission

 

We have lot parent folders like 'OIMShare' (OIMShare1, OIMShare2,....) which many child items in it.

 

Thanks in advance.

@suren424 

 

Yes sure it wont work in all folder as its not part of a loop

This is the full code

$allFolders=Get-ChildItem -Path C:\MySource -Directory -Recurse
foreach ($Folder in $allFolders){
$Permission=get-acl -Path $Folder.FullName
$Permission.SetAccessRuleProtection($False,$true)
Set-Acl -Path $Folder.FullName -AclObject $Permission
}

You only need to modify the path of the root and the script will do the same

Thank you@farismalaeb

 

Your script worked. I tried improvising your script to include multiple shares, but it's throwing below error(attached screeshot).  Am i missing anything in the script ?

 

suren424_0-1601064182231.png

 

Script :

$the_shares = ('\\WINDOWS-2S9QPLV\OIMShare\', '\\WINDOWS-2S9QPLV\OIMShare1\')
$allFolders=Get-ChildItem -Path $the_shares -Directory -Recurse
foreach ($Folder in $allFolders){
$Permission=get-acl -Path $Folder.FullName
$Permission.SetAccessRuleProtection($False,$true)
Set-Acl -Path $Folder.FullName -AclObject $Permission
}

 

 

@suren424 

The error is stating that the path not found.

Make sure that you have the access to that directory and/or its really exist \\Windows-2S9QPLV\OIMShare1

Thank you @farismalaeb .

 

The script worked after changing the path from '\\Windows-2S9QPLV\OIMShare1 to C:\OIMShare1.

 

Quick question :

Is there a way to identify the parent folder if we provide the child items in the script. 

 

Actually, we will provide the child items ('C:\OIMShare1\abc1\') in the script and it has identify the parent folder ('C:\OIMShare1\') and the child items need to inherit all the permissions for the parent.

 

Thanks in advance

best response confirmed by suren424 (Copper Contributor)
Solution

@suren424 

You can use this example

 

$x=Get-ItemProperty -Path C:\MyFolder\123\456
Write-Host "The Parent is " -ForegroundColor Green -NoNewline
$x.Parent.Name

if the answer fulfill your needs, please don't forget to click on Best Response and give a like :)

Thanks

 

Thank you@farismalaeb 

 

It worked. Can i print what permissions is this script setting and what were there on the child folder before ?

 

And does this below script looks fine or am i missing anything?

I am trying to get the parent folder for the child item and inherit the permissions. Just wanted to make sure, i am not redoing the same thing as it is in the for loop.

Script :

 

 

$the_shares = ('C:\OIMShare\abc\', 'C:\OIMShare\abc1\','C:\OIMShare1\def\','C:\OIMShare2\ghi\')
$allFolders=Get-ItemProperty -Path $the_shares
Write-Host "The Parent is " -ForegroundColor Green -NoNewline
$allFolders.Parent.Name
foreach ($Folder in $allFolders){
$Permission=get-acl -Path $Folder.FullName
$Permission.SetAccessRuleProtection($False,$true)
Set-Acl -Path $Folder.FullName -AclObject $Permission
}

 

 

 

Thanks in advance.

Thank you @farismalaeb.

 

The script worked. I was able to get the parent for the child items and set the permissions.

 

-- Does the below script looks good. As the permissions section is in a loop, just wanted to make sure, i am not redoing the same thing again and again.

-- Is there a way to print the permissions before and after enabling the inheritance to know what permissions have changed ?

 $the_shares = ('C:\OIMShare\abc\', 'C:\OIMShare\abc1\','C:\OIMShare1\def\','C:\OIMShare2\ghi\')
$allFolders=Get-ItemProperty -Path $the_shares
Write-Host "The Parent is " -ForegroundColor Green -NoNewline
$allFolders.Parent.Name
foreach ($Folder in $allFolders){
$Permission=get-acl -Path $Folder.FullName
$Permission.SetAccessRuleProtection($False,$true)
Set-Acl -Path $Folder.FullName -AclObject $Permission
}

 

Thank you very much for all you guidance

@suren424 

Everything seems fine, and I always recommend trying things before applying it in production, what might seems to be fine might not be OK with you, so its always better to try :)

and yes you can get the current permission by running the following 

Get-Acl -Path C:\AttendanceReport\ | select path,access -ExpandProperty Access

there is a more complicated way, which will provide a cleaner output, but you just need this for reference, so enjoy you day and the script

 

-----------------------------------

If everything is fine, please select one of the response and click on Best Response :)

Thanks

 

Thank you@farismalaeb for all the help and guidance.

1 best response

Accepted Solutions
best response confirmed by suren424 (Copper Contributor)
Solution

@suren424 

You can use this example

 

$x=Get-ItemProperty -Path C:\MyFolder\123\456
Write-Host "The Parent is " -ForegroundColor Green -NoNewline
$x.Parent.Name

if the answer fulfill your needs, please don't forget to click on Best Response and give a like :)

Thanks

 

View solution in original post