I have this script which sets folder permissions:
Get-Acl $IGXYSimFiles
$acl = Get-Acl $IGXYSimFiles
$acl.SetAccessRuleProtection($false,$true)
$rule = New-Object
System.Security.AccessControl.FileSystemAccessRule("RISK\DL-GPA-UKI-Users","CreateFiles", "ContainerInherit, ObjectInherit", "None", "Allow")
$acl.AddAccessRule($rule)
$rule = New-Object
System.Security.AccessControl.FileSystemAccessRule("RISK\DL-GPA-UKI-Igloo-IGXY-Power-Users","Modify", "ContainerInherit, ObjectInherit", "None", "Allow")
$acl.AddAccessRule($rule)
Set-Acl $IGXYSimFiles $acl
I need to add special permissions for the DL-GPA-UKI-Users group so that they can create subfolders in the $IGXYSimFiles folder but not files. They need to be able to create files in the subfolders which they've been allowed to create, but not any further subfolders.
I have achieved this by setting special permissions "Create Folder / Append Data" for "This Folder Only" and "Create Files / Write Data" for "Subfolders and Files Only". This is working great, but now comes the time where I need to edit my script to do this.
So I thought I would get-acl on the folder where I have manually set these permissions, this isn't returning the desired result:
AccessToString :
RISK\DL-GPA-UKI-Igloo-IGXY-Power-Users Allow Modify,Synchronize
RISK\DL-GPA-UKI-Users Allow AppendData, Synchronize
RISK\DL-GPA-UKI-Users Allow CreateFiles, Synchronize
NT AUTHORITY\SYSTEM Allow FullControl
RISK\Domain Admins Allow FullControl
RISK\DL-GPA-UKI-Readonly Allow ReadAndExecute, Synchronize
RISK\svcGIECSSPrd_EA Allow FullControl
RISK\DL-GPA-UKI-Users Allow ReadAndExecute, Synchronize
RISK\DL-GPA-AIMSSOPS Allow FullControl
As you can see its not displaying the "This Folder Only" or "Subfolders and files only" setting...
Is this possible with PowerShell?
Many thanks in advance
Chris