Hi Folks, 

I'm currently working on automating security changes on Azure File Shares. As part of this process, I'd like to use Get-ACL and Set-ACL as the easiest ways to copy over a base set of permissions - icacls doesn't have as good functionality for this as it only allows restoring permissions to a file of the same name. 

However, whenever I use Set-ACL, I immediately get:

Set-Acl : Attempted to perform an unauthorized operation.
At line:1 char:55
+ ... ath  | Set-Acl -Path $concatPath
+                                                 ~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : PermissionDenied: () [Set-Acl], UnauthorizedAccessException
    + FullyQualifiedErrorId : System.UnauthorizedAccessException,Microsoft.PowerShell.Commands.SetAclCommand
 

As a note I have removed path names. 
The account I'm using is a domain admin and has NTFS permission to the file. It can edit these permissions using the GUI with no issues. 
It also has an Elevated Contributor role in Azure AD, so it should be able to edit these ACLs. 

I've also tried the NTFSSecurity module, which has the same issues. Similarly, I have tried to mount the fileshare to a drive with New-PSDrive, in case that helped, but no luck there either. 

I'm pretty out of ideas here, and icacls will require a lot more logic work to strip back the inherited permissions to what I want them to be. 


If anyone has any other ideas, I'd love to hear them. Thanks in advance!