How do I change the owner of a folder with Powershell when Get-Acl returns "Access Denied"?
Windows Vista and up include a command-line tool named takeown.exe which can be used from an elevated command prompt (or elevated powershell console) to change the ownership of a file system object.
takeown /F "C:\SomeFolder" /R /D Y
should give you ownership on C:\SomeFolder and the file system objects it contains.
I have some system configuration scripts from our build guy and I recall a note about the Get-Acl
command "not working well on certain paths".
# NOTE: This method does not work well?#$acl = Get-Acl -Path $Path
The kinds of paths we were setting permissions on were empty folders created by an administrator user later captured in a disk image. This is the PowerShell command that we used instead.
$acl = (Get-Item $path).GetAccessControl("Access")
Oh, and it gets real obscure once you have an ACL object. I don't know if this is the best way to do it, but it's a snippet from the same script I refer to above.
$acl = (Get-Item $path).GetAccessControl("Access")# Setup the access rule.$allInherit = [System.Security.AccessControl.InheritanceFlags]"ContainerInherit", "ObjectInherit"$allPropagation = [System.Security.AccessControl.PropagationFlags]"None"$AR = New-Object System.Security.AccessControl.FileSystemAccessRule $user, $permissions, $allInherit, $allPropagation, "Allow"# Check if Access already exists.if ($acl.Access | Where { $_.IdentityReference -eq $User}) { $accessModification = New-Object System.Security.AccessControl.AccessControlModification $accessModification.value__ = 2 $modification = $false $acl.ModifyAccessRule($accessModification, $AR, [ref]$modification) | Out-Null} else { $acl.AddAccessRule($AR)}Set-Acl -AclObject $acl -Path $Path
the above code worked great. wanted to post a tweak for recursively going through directory and filling in some "missing"
$HomeFolders = Get-ChildItem "put your directory root here" -Directory -recurseforeach ($HomeFolder in $HomeFolders) { $Path = $HomeFolder.FullName $acl = (Get-Item $Path).GetAccessControl('Access') $allInherit = [System.Security.AccessControl.InheritanceFlags]"ContainerInherit", "ObjectInherit" $allPropagation = [System.Security.AccessControl.PropagationFlags]"None" $permissions = "FullControl" $Username = "<put your name here>" $AR = New-Object System.Security.AccessControl.FileSystemAccessRule($Username, $permissions, $allInherit, $allPropagation, "Allow") if ($acl.Access | Where { $_.IdentityReference -eq $Username}) { $accessModification = New-Object System.Security.AccessControl.AccessControlModification $accessModification.value__ = 2 $modification = $false $acl.ModifyAccessRule($accessModification, $AR, [ref]$modification) | Out-Null } else { $acl.AddAccessRule($AR) } Set-Acl -path $Path -AclObject $Acl}