Replace ACLs with Inherited Defaults using PowerShell

0
votes

I have a number of folders within user directories that have ended up with the wrong ACLs. I would like to find a way to use PowerShell (or a regular command prompt if that is easier) to remove the existing ACL and replace it with what it should inherit from its parent folder. The trick is that only the user that owns the folder has access to it (get-acl '.\folder' returns "Attempted to perform an unauthorized operation."). These folders all sit on a Windows Server 2003 Std system.

2
powershellwindows-server-2003acl
mattgemmell.com/2008/12/08/what-have-you-triedCB.
@C.B.: I've tried some scripts from other closely related inquiries I found but all of them failed with some variation of the message above. I assumed that PowerShell being the new thing, it would be easier to accomplish my task using it but as you see in my answer below, it was much easier with the older command prompt.Caynadian

2 Answers

0
votes

Try this:

#You have a textfile with FOLDER-paths
#$a = Get-Content d:\list.txt
#You have an array of FOLDER-paths
$a = @("d:\mytestfolder", "d:\my2ndtestfolder")

$a | % {
    #Take ownership to admin-group
    & TAKEOWN /F $_ /A /R /D Y
    #Reset acl to default recursively
    & ICACLS $_ /RESET /T /C
}
0
votes

It turns out that this was much easier to accomplish with the regular command prompt tools. The attached script did what I needed in just a couple of lines:

@Echo Off
@Echo Taking ownership of files in %1
takeown /f %1 /r /d Y /a > :nul
@Echo Restoring default ACLs in %1
icacls %1 /reset /t /c > :nul
@Echo Restoring ownership of files to %2
subinacl /file %1 /setowner=%2 > :nul
subinacl /subdirectories %1\*.* /setowner=%2 > :nul