11

I'm currently using Vista 32-bit. How do I add the Windows security group "Everyone" and give full control to a directory and all of it's sub-directories and all files? Is there a powershell script that I could use?

Thanks!

tempid
  • 7,838
  • 28
  • 71
  • 101

3 Answers3

16

I've expanded on martona's snippet and was able to give access to all folders and sub-folders. Here's my code -

$FilesAndFolders = gci "c:\data" -recurse | % {$_.FullName}
foreach($FileAndFolder in $FilesAndFolders)
{
    #using get-item instead because some of the folders have '[' or ']' character and Powershell throws exception trying to do a get-acl or set-acl on them.
    $item = gi -literalpath $FileAndFolder 
    $acl = $item.GetAccessControl() 
    $permission = "Everyone","FullControl","Allow"
    $rule = New-Object System.Security.AccessControl.FileSystemAccessRule $permission
    $acl.SetAccessRule($rule)
    $item.SetAccessControl($acl)
}
tempid
  • 7,838
  • 28
  • 71
  • 101
  • Thanks for this. Works well, and if anyone is wondering "Get-Item -LiteralPath" works on UNC paths, meaning you can apply permissions to remote machines. – Patrick Feb 11 '13 at 12:13
8

Sometimes the "native" PowerShell way isn't necessarily the best way. For something like this I would still use icacls.exe. Remember that good ol' exes work pretty good in PowerShell. Just cd to the directory you want to set and execute:

icacls $pwd /grant "Everyone":(OI)(CI)F

This will give Everyone full access to the current directory downwards (via permission inheritance). This should work as long as there are no explicit denials to Everyone in the dir structure.

Mur
  • 71
  • 1
  • 6
Keith Hill
  • 194,368
  • 42
  • 353
  • 369
  • 1
    Using the scripts below added the everyone account, but gave them no permissions. This approach worked for me... – BrianH Jul 10 '12 at 15:45
  • I'd use this if I know what the magic codes meant. `(OI)(CF)` I'm a dev who tries to help out with devops, not an admin trying to automate things, so magic like that is scary compared to the "Read" or "FullControl" powershell below. – yzorg Feb 04 '13 at 17:09
5
$acl = Get-Acl c:\mydir
$permission = "Everyone","FullControl","Allow"
$rule = New-Object System.Security.AccessControl.FileSystemAccessRule $permission
$acl.SetAccessRule($rule)
$acl | Set-Acl c:\mydir
martona
  • 5,760
  • 1
  • 17
  • 20
  • Thanks but it added the Everyone group only to the top folder and also the FullControl checkbox is not checked. What am I missing? – tempid Dec 16 '10 at 21:10
  • This might not have been a good answer to the question, but I found this example useful today, so voting it up. – yzorg Feb 04 '13 at 17:07