Hi,
I'd be happy to help you out with your question. Sorry for the inconvenience caused.
First, we'll need to define the folder path and the name of the security group that we want to modify. Once we have those, we can use the PowerShell cmdlets Get-Acl, Set-Acl, and Add-AccessRule to modify the folder's permissions.
Here's the PowerShell script you can use:
# Define the folder path and the security group name
$FolderPath = "C:\TEMP1"
$GroupName = "Secure_Grp"
# Get the current ACL of the folder
$Acl = Get-Acl $FolderPath
# Remove inheritance for the security group
$Acl.SetAccessRuleProtection($true, $false)
# Remove any existing access rules for the security group
$Acl.Access | Where-Object { $_.IdentityReference -eq $GroupName } |
ForEach-Object { $Acl.RemoveAccessRule($_) }
# Grant "Read & Execute" access to the security group
$AccessRule = New-Object System.Security.AccessControl.FileSystemAccessRule($GroupName, "ReadAndExecute", "Allow")
$Acl.AddAccessRule($AccessRule)
# Set the modified ACL to the folder
Set-Acl $FolderPath $Acl
What this script does is:
1) Get the current Access Control List (ACL) of the folder using the Get-Acl cmdlet.
2) Remove inheritance for the security group using the SetAccessRuleProtection method.
3) Remove any existing access rules for the security group using the RemoveAccessRule method.
4) Grant "Read & Execute" access to the security group by creating a new FileSystemAccessRule object and adding it to the ACL using the AddAccessRule method.
5) Apply the modified ACL to the folder using the Set-Acl cmdlet.
Note that this script assumes that the current ACL of the folder only contains inheritance from the parent folder and no explicit access rules for the security group. If there are any explicit access rules, you may need to modify the script to handle them appropriately.
If you have any other questions or need assistance with anything, please don't hesitate to let me know. I'm here to help.
If the reply was helpful, please don’t forget to upvote or accept as answer, thank you.