Setting User Permissions on a Folder in PowerShell (Even if it’s a UNC Path)
Ever needed to assign permissions to a remote directory? This is something I’ve been trying to do for QUITE some time. Luckily, I’ve recently embraced…. and subsequently fell in love with…. Windows PowerShell. I’ve read some people state that it is a language that is hideous to look at, but I disagree. While typing lengthy piped commands at the shell prompt can be kind of ugly, actually writing a script using a proper editor or IDE is very similar to the C# language. And what a powerful language it is!!! Commands can be piped into other commands, like in BaSH. The difference is that PowerShell outputs data as objects instead of text. Also, PowerShell embraces WMI, COM, all the pre-existing CLI commands and utilities found in Windows already, and more importantly: The .NET Framework.
If that wasn’t good enough, there are a boatload of Snappins and Extensions available and you can even write your own. As a result, there isn’t much you can’t do with PowerShell.
So, after doing a little research, I found a way to set the security (permissions) on a directory. Coincidentally, this method works on both a local directory and a UNC path. The following function sets the specified rights, for the specified user, on the specified path (and all child folders and files within it).
## FUNCTION ############################################################################## ## Name ........: Set-UserAccess ## Description .: Sets/Modifies user permissions on a given directory (and all files/folders ## within it. ## Syntax ......: Set-UserAccess -Path "C:\some\folder\name" -User "MyDomain\MyUserName" -Permission "Modify" ## Parameters ..: Path - The full path to the directory to set permissions on (UNC paths are supported). ## User - The name of the user to grant permissions for (ie. "MyUserName" or "MyDomain\MyUserName"). ## Permission - The permssion to set ("Read", "Write", "Modify", "FullControl"). ## Return Value : Success - $true ## Failure - $false ## Author ......: Chris Brunner ## Modified ....: ## Remarks .....: ## Related .....: ########################################################################################## function Set-UserAccess { param ( [String]$Path, [String]$User, [String]$Permission ) if (Test-Path -Path $Path -PathType Container) { ## Get the current ACL. $acl = Get-Acl -Path $Path ## Setup the access rule. $allInherit = [System.Security.AccessControl.InheritanceFlags]"ContainerInherit", "ObjectInherit" $allPropagation = [System.Security.AccessControl.PropagationFlags]"None" $AR = New-Object System.Security.AccessControl.FileSystemAccessRule($User, $Permission, $allInherit, $allPropagation, "Allow") ## Check if Access already exists. if ($acl.Access | Where { $_.IdentityReference -eq $User}) { $accessModification = New-Object System.Security.AccessControl.AccessControlModification $accessModification.value__ = 2 $modification = $false $acl.ModifyAccessRule($accessModification, $AR, [ref]$modification) | Out-Null } else { $acl.AddAccessRule($AR) } Set-Acl -AclObject $acl -Path $Path Return $true } else { Return $false } }
The following is an example of how you could use it:
#Create a folder in a remote share. $path = "\\myserver\UserData\john.doe" New-Item -Path $path -ItemType 'directory' #Set the permissions. if (Set-UserAccess -Path $path -User "mydomain\john.doe" -Permission "Modify") { Write-Host "User permissions set!" } else { Write-Host "Set user permissions failed!!!" }
That’s it! Enjoy!
Leave a Reply
You must be logged in to post a comment.