This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 8%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
I have to add Users and groups manually to all folders inside a specific volumes (es: vol2).
I have tried the cript below that it seems all is working fine (it adds user1 and Group1) in all sub-folder ...
I was wondering : why I am receiving the error/warning below?
Exception calling "AddAccessRule" with "1" argument(s): "No flags can be set.
Parameter name: inheritanceFlags"
At line:16 char:17
+ ... $ACL.AddAccessRule((New-Object System.Security.AccessCont ...
+ CategoryInfo : NotSpecified: (:) [], MethodInvocationException
+ FullyQualifiedErrorId : ArgumentException
-----------SCRIPT------------
$FoldersPath = Get-ChildItem -Recurse -Path "D:\test\Vol2"
foreach ($FolderPath in $FoldersPath){
$Path=$FolderPath.Fullname
$ACL = Get-Acl -Path $Path
$ACL.SetAccessRuleProtection($false,$true)
$ACL.AddAccessRule((New-Object System.Security.AccessControl.FileSystemAccessRule("User1" , “read”, “ContainerInherit,ObjectInherit” ,"none", “Allow”)))
$ACL.AddAccessRule((New-Object System.Security.AccessControl.FileSystemAccessRule("Group1" , “FullControl”, “ContainerInherit,ObjectInherit” ,"none", “Allow”)))
$ACL.AddAccessRule((New-
}
Locked Question. This question was migrated from the Microsoft Support Community. You can vote on whether it's helpful, but you can't add comments or replies or follow the question. To protect privacy, user profiles for migrated questions are anonymized.
I think you saw the error message Exception calling "AddAccessRule" with "1" argument(s): "No flags can be set. Parameter name: inheritanceFlags" because the script tried to set inheritanceFlags on files in your $fileList. If you do have to do it then the inheritanceFlags must be set to None, so it might be better to set acls on files and folders separately.
#folders
if( $Lists.PSIsContainer -eq $true ){ .... }
#files
else{ ... }
Hi Marc,
The script you post is incomplete and there are multiple AddAccessRule lines. Which line is the line 16 in your script?
The lines doesn't match because I added some commented notes at the beginning of the script...
Below the line 16.
$ACL.AddAccessRule((New-Object System.Security.AccessControl.FileSystemAccessRule("User1" , “read”, “ContainerInherit,ObjectInherit” ,"none", “Allow”)))
The Vol2 has folders , sub-folder and files included. I have noticed the error (Exception calling "AddAccessRule" with "1" argument(s): "No flags can be set. Parameter name: inheritanceFlags") happen only when the script try to give the ACL permissions to files (not folders) like file.doc, document.pdf etc...
NOTE:
It seems the error has been resolved adding the flags below:
$InheritanceFlag = [System.Security.AccessControl.InheritanceFlags]::None
$PropagationFlag = [System.Security.AccessControl.PropagationFlags]::None
The InheritanceFlags cannot be set on files because files have no child objects.
I modified the script (below) to add the appropriate group based on the folder name (to the folderexamined).
I had to enable inheritance to add the parent folder groups to the sub-folders and sub-files.
Without the attribute "ContainerInherit", "ObjectInherit" doesn't do that.
$InheritanceFlag = [System.Security.AccessControl.InheritanceFlags]::"ContainerInherit", "ObjectInherit"
Unfortunately I get the error below:
Exception calling "AddAccessRule" with "1" argument(s): "No flags can be set. Parameter name: inheritanceFlags"
However in the test environment the script seems working.
NOTE:
$InheritanceFlag = [System.Security.AccessControl.InheritanceFlags]::
New-Object : Cannot find an overload for "FileSystemAccessRule" and the argument count: "5".
+ ... AccessRule((New-Object System.Security.AccessControl.FileSystemAccess
>> How can I go over this error?
Thanks
------------SCRIPT------------
$fileList = Get-ChildItem -Recurse -Path "D:\test"
foreach ($lists in $fileList) {
$fileName = $Lists.name
$Path=$Lists.Fullname
$ACL = Get-Acl -Path $Path
$GroupID = Get-ADGroup -Filter “Name -like 'Local\_$fileName\*'" -Properties \* | select -property name
if (-not ($GroupID -eq $null)) {
foreach ($NameAD in $GroupID) {
$ADname = "DOMAIN\" + $NameAD
$modifiedADname = ($ADname -replace '@{name=', '').Trim("}")
#$ACL = Get-Acl -Path $Path
#$ACL.SetAccessRuleProtection($false,$true)
$ACL.SetAccessRuleProtection($true,$false)
$User1 = "Administrators"
$FileSystemAccessRights1 = [System.Security.AccessControl.FileSystemRights]"FullControl"
$FileSystemAccessRights2 = [System.Security.AccessControl.FileSystemRights]"Modify"
$FileSystemAccessRights3 = [System.Security.AccessControl.FileSystemRights]“Read”
$InheritanceFlag = [System.Security.AccessControl.InheritanceFlags]::"ContainerInherit", "ObjectInherit"
$PropagationFlag = [System.Security.AccessControl.PropagationFlags]::None
$AccessControl = [System.Security.AccessControl.AccessControlType]::Allow
# if at the end of the group name is present the caracter "W"
if ($modifiedADname -match 'W$')
{
$ACL.AddAccessRule((New-Object System.Security.AccessControl.FileSystemAccessRule($modifiedADname, $FileSystemAccessRights2, $InheritanceFlag, $PropagationFlag, $AccessControl)))
$ACL.AddAccessRule((New-Object System.Security.AccessControl.FileSystemAccessRule($User1, $FileSystemAccessRights1, $InheritanceFlag, $PropagationFlag, $AccessControl)))
Set-Acl -Path $Path -AclObject $ACL
}
else {
Write-Output "----------------"
Write-Output $Path " The group doesn't exist"
Write-Output "----------------"
}
}