Set-ACL "Attempted to Perform an Unauthorized Operation"

Copper Contributor

Hi Folks, 

I'm currently working on automating security changes on Azure File Shares. As part of this process, I'd like to use Get-ACL and Set-ACL as the easiest ways to copy over a base set of permissions - icacls doesn't have as good functionality for this as it only allows restoring permissions to a file of the same name. 

However, whenever I use Set-ACL, I immediately get:

 

 

 

 

 

Set-Acl : Attempted to perform an unauthorized operation.
At line:1 char:55
+ ... ath  | Set-Acl -Path $concatPath
+                                                 ~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : PermissionDenied: () [Set-Acl], UnauthorizedAccessException
    + FullyQualifiedErrorId : System.UnauthorizedAccessException,Microsoft.PowerShell.Commands.SetAclCommand
 

 

 

 

 

 

As a note I have removed path names. 
The account I'm using is a domain admin and has NTFS permission to the file. It can edit these permissions using the GUI with no issues. 
It also has an Elevated Contributor role in Azure AD, so it should be able to edit these ACLs. 

I've also tried the NTFSSecurity module, which has the same issues. Similarly, I have tried to mount the fileshare to a drive with New-PSDrive, in case that helped, but no luck there either. 

I'm pretty out of ideas here, and icacls will require a lot more logic work to strip back the inherited permissions to what I want them to be. 


If anyone has any other ideas, I'd love to hear them. Thanks in advance!

3 Replies

@JakeE 

Have you had any luck with this? I am having a similar issue with setting permissions on an Isilon share. I had set them in the past but I am needing to update them now to fix incorrect inheritance flags. However I get the same permission denied error message. 

@JasonWilliams4569 Remove and re-add the share permissions at the share level, not the NTFS. Most everyone uses "everyone" with Full Control because NTFS trumps the share permissions anyway.

 

Good luck.

@anonymousawesomness 

Thanks for the reply. My issue turned out to be permissions set on the Isilon. I needed some root permissions to be able to script permissions versus using GUI. 

‎Setting ACLs using Powershell Script | DELL Technologies got me pointed in the right direction