question

JelleKammaNL-3794 avatar image
0 Votes"
JelleKammaNL-3794 asked LimitlessTechnology-2700 answered

Remotely setting ACL

Hi all,


I am trying to perfect my server installation script, which runs a bunch of tasks on every new machine. The script is runned under a local admin account which prompts for domain credentials. Everything is working great. I am trying to create a folder on our NAS and set modify permissions on it. however the variables are not working. I have tried to run all the commands using the ; separator. Below is part of the script that I am using.

$NASfolder is the path of the folder on the NAS
$cred is are the domain credentials. Can someone help me?

Invoke-Command -ComputerName server.domain.local -Credential $cred {New-Item -Path "P:\P" -Name "$Using:NASfolder" -ItemType "directory"}
Invoke-Command -ComputerName server.domain.local -Credential $cred {$Acl = Get-Acl P:\P\"$Using:NASfolder"}
Invoke-Command -ComputerName server.domain.local -Credential $cred {$Ar = New-Object system.Security.AccessControl.FileSystemAccessRule("Domain\User", "Modify", "ContainerInherit, ObjectInherit", "None", "Allow")}
Invoke-Command -ComputerName server.domain.local -Credential $cred {$Acl.Setaccessrule($Ar)}
Invoke-Command -ComputerName server.domain.local -Credential $cred {Set-Acl P:\P\"$Using:NASfolder" $Acl}

windows-server-powershell
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

JelleKammaNL-3794 avatar image
0 Votes"
JelleKammaNL-3794 answered JelleKammaNL-3794 edited

Managed to do it with a one liner when using this powershell package:

https://www.powershellgallery.com/packages/NTFSSecurity/4.2.4


Invoke-Command -ComputerName servername.local -Credential $cred {Add-NTFSAccess –Path P:\folder –Account domain\username –AccessRights modify}

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

LimitlessTechnology-2700 avatar image
0 Votes"
LimitlessTechnology-2700 answered

Hello @JelleKammaNL-3794

It seems that the main issue is that the account running the script has no Domain permissions (even if later you authenticate with Domain credentials. This scenario was discussed in the past in the next thread, I think you may find it useful to explain the behavior:

https://social.technet.microsoft.com/Forums/en-US/65a476fe-61a5-4ff3-a7d1-53700a47784f/problem-with-setting-ntfs-permissions-using-systemsecurityaccesscontrolfilesystemaccessrule?forum=ITCG

Hope this helps with your query,


--If the reply is helpful, please Upvote and Accept as answer--

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.