Share via

Apply Set-ACL settings to all child folders

Alex Warren 161 Reputation points
2021-09-01T22:31:12.887+00:00

Hey all,

I am trying to add something to my image that will solve some program access issues post-deployment. I am trying to run a PS script to set permissions so that everyone can traverse several folders and get to a child folder. I am unable to find how to apply the permissions past the initial folder. Thus far, my script looks like this:

$acl = Get-Acl c:\folder

$AccessRule = New-Object System.Security.AccessControl.FileSystemAccessRule("everyone","ExecuteFile","Allow")

$acl.SetAccessRule($AccessRule)

$acl | Set-Acl c:\folder

I looked up and had tested success with using icacls, but my attempts to make that work with the deployment also failed. So, how can I get the permissions to propagate to all child folders?

All help is appreciated!

Windows for business | Windows Client for IT Pros | Devices and deployment | Set up, install, or upgrade
Windows for business | Windows Server | User experience | PowerShell
Windows for business | Windows Client for IT Pros | User experience | Other
0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Amandayou-MSFT 11,156 Reputation points
    2021-09-02T07:15:32.23+00:00

    Hi,

    If we would like to traverse several folders and get to a child folder, yes, you are right. The permission of ExecuteFile is required to add into accessrule.

    Besides, these permissions would be added into the rule: ReadData, ReadPermissions, ReadAttributes, ReadExtendedAttributes. 

    $acl = Get-Acl c:\folder  
  
$AccessRule = New-Object System.Security.AccessControl.FileSystemAccessRule("everyone","ExecuteFile", "ContainerInherit,ObjectInherit", "None", "Allow")  
$acl.addAccessRule($AccessRule)  
$acl | Set-Acl c:\folder  
  
$AccessRule = New-Object System.Security.AccessControl.FileSystemAccessRule("everyone","ReadData", "ContainerInherit,ObjectInherit", "None", "Allow")  
$acl.addAccessRule($AccessRule)  
$acl | Set-Acl c:\folder  
  
$AccessRule = New-Object System.Security.AccessControl.FileSystemAccessRule("everyone","ReadPermissions", "ContainerInherit,ObjectInherit", "None", "Allow")  
$acl.addAccessRule($AccessRule)  
$acl | Set-Acl c:\folder  
  
$AccessRule = New-Object System.Security.AccessControl.FileSystemAccessRule("everyone","ReadAttributes", "ContainerInherit,ObjectInherit", "None", "Allow")  
$acl.addAccessRule($AccessRule)  
$acl | Set-Acl c:\folder  
  
$AccessRule = New-Object System.Security.AccessControl.FileSystemAccessRule("everyone","ReadExtendedAttributes", "ContainerInherit,ObjectInherit", "None", "Allow")  
$acl.addAccessRule($AccessRule)  
$acl | Set-Acl c:\folder

    128602-92.png

    If the response is helpful, please click "Accept Answer" and upvote it.
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    3 people found this answer helpful.
  2. Limitless Technology 39,926 Reputation points
    2021-09-03T16:28:18.047+00:00

    Hi @Alex Warren

    Try enabling inheritance on the subfolders. Subfolders need to enable inheritance so that they could apply the access control entries from the parent folder.

    If an Answer is helpful, please click "Accept Answer" and upvote it : )

    1 person found this answer helpful.
    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.