Powershell Windows ACL

0
votes

We are running the script mentioned below to change a heap of ACL permissions which needs to be down to the file level as we are migrating from one environment to another.

The script below is working for folders/subfolders but appears to fail when it comes to the actual files themselves.

$items = get-childitem \\file.location.com.au\project\people\user1 -recurse | select-object -property fullname

Foreach ($item in $items) {
# Get the ACL for an existing folder
$existingAcl = Get-Acl -Path '$item'

# Set the permissions that you want to apply to the folder
$permissions = 'SERVER\USER1', 'Read,Modify', 'ContainerInherit,ObjectInherit', 'None', 'Allow'

# Create a new FileSystemAccessRule object
$rule = New-Object -TypeName System.Security.AccessControl.FileSystemAccessRule -ArgumentList $permissions

# Modify the existing ACL to include the new rule
$existingAcl.SetAccessRule($rule)

# Apply the modified access rule to the folder
$existingAcl | Set-Acl -Path '$ITEM'
}

As you can see we are getting the below error and im unsure why. Is someone able to see what im missing?

I have spent a lot of time with no progress on rectifying this issue.

At line:14 char:1
+ $existingAcl.SetAccessRule($rule)
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidOperation: (:) [], RuntimeException
    + FullyQualifiedErrorId : InvokeMethodOnNull

Get-Acl : Cannot find path '$item' because it does not exist.
At line:5 char:16
+ $existingAcl = Get-Acl -Path '$item'
+                ~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : ObjectNotFound: (:) [Get-Acl], ItemNotFoundException
    + FullyQualifiedErrorId : GetAcl_PathNotFound_Exception,Microsoft.PowerShell.Commands.GetAcl
   Command

You cannot call a method on a null-valued expression.
1
windowspowershellacl
Don;t use single quotes around the $ITEM variable when getting or setting aclScepticalist
Thanks @Scepticalist, however the same error is still prompting, any other ideas?Andrew Waters
See docs.microsoft.com/en-us/powershell/module/… for proper syntax - you've got quite a bit going wrong there. Inheritance is set via .SetAccessruleProtectionScepticalist

1 Answers

0
votes

This should put you on the right track:

$items = get-childitem \\file.location.com.au\project\people\user1 -recurse | select-object -property fullname
# Set the permissions that you want to apply to the folder
$permissions = 'SERVER\User1', 'Read,Modify', 'Allow'

# Create a new FileSystemAccessRule object
$newaccessrule = New-Object -TypeName System.Security.AccessControl.FileSystemAccessRule -ArgumentList $permissions


Foreach ($item in $items) {
# Get the ACL for an existing folder
$existingAcl = Get-Acl -Path $item.FullName

# Modify the existing ACL to include the new rule
$existingAcl.SetAccessRule($newaccessrule)
$existingAcl.SetAccessRuleProtection($false,$true)

# Apply the modified access rule to the folder
Set-Acl -Path $item.FullName -AclObject $existingAcl
}