0

Can I take over ownership and then set-acl to a folder? I have a folders.txt file where I have the location of the folder.

For Example:

D:\Dept\CC\NorthRiver\16-17\StaffAdministration

Then I am creating a new year of the previous year folder structure and copying the rights and permissions of the previous years folders to the new folder years matching folder. I ran into an issue though because of ownership of the folder. If I am not the owner I can not duplicate the permissions of certain folders and I receive Set-ACL : The security identifier is not allowed to be the owner of this object. Is there any way around this?

I tried adding the line (to change the owner to me but that did not work either):

get-item $currentFolder.Replace("16-17", "15-16") | set-owner -Account 'VDB-TST1\Administrators'

Does anyone have any ideas of how I may accomplish this? This is the full script I have:

Function Get-FileName{
[CmdletBinding()]
Param(
    [String]$Filter = "|*.*",
    [String]$InitialDirectory = "C:\")

    [void][System.Reflection.Assembly]::LoadWithPartialName("System.windows.forms")
    $OpenFileDialog = New-Object System.Windows.Forms.OpenFileDialog
    $OpenFileDialog.initialDirectory = $InitialDirectory
    $OpenFileDialog.filter = $Filter
    [void]$OpenFileDialog.ShowDialog()
    $OpenFileDialog.filename
}


    #Get and Set the ACL to the new years folder structure
    foreach ($currentFolder in (GC (Get-FileName -InitialDirectory $env:USERPROFILE\Desktop -Filter "Text files (*.txt)|*.txt|All files (*.*)|*.*"))) {
    md $currentFolder # Create Folder
    get-item $currentFolder.Replace("16-17", "15-16") | set-owner -Account 'VDB-TST1\Administrators'
    Get-ACL $currentFolder.Replace("16-17", "15-16") | Set-ACL $currentFolder 
}
David Brierton
  • 6,977
  • 12
  • 47
  • 104

2 Answers2

1

I think you are running into the same limitations of Set-ACL and Get-ACL described in this post. try changing

Get-ACL $currentFolder.Replace("16-17", "15-16") | Set-ACL $currentFolder

to

(Get-Item $currentFolder.Replace("16-17", "15-16")).GetAccessControl('Access') | Set-ACL $currentFolder

As an alternative you can use robocopy to copy the ntfs permissions from one directory and then apply them to another.

robocopy $currentFolder.Replace("16-17", "15-16") $currentfolder /copy:S /SECFIX

Hope this helps.

Community
  • 1
  • 1
StephenP
  • 3,895
  • 18
  • 18
  • This does not keep the new folder as the same owner because I am creating it? Just out of curiosity if I wanted to keep the same owner also would this be possible also? – David Brierton Sep 29 '16 at 13:08
  • This is only setting the NTFS file permissions. The robocopy is only setting permissions and does not actually copy any files or folders. If you want to set the owner of a folder via powershell you will need to look at takeown.exe or a more [elegant solution crafted by Boe Prox](https://learn-powershell.net/2014/06/24/changing-ownership-of-file-or-folder-using-powershell/). – StephenP Sep 30 '16 at 04:43
0

The Set-ACL cmdlet native to powershell is pretty terrible. I would suggest using the NTFS module that is available. I have tried playing with Set-ACL several times and it always wastes more of my time rather than actually being useful.

creamers
  • 36
  • 3