How do I change the owner of a folder with Powershell when Get-Acl returns "Access Denied"? How do I change the owner of a folder with Powershell when Get-Acl returns "Access Denied"? powershell powershell

How do I change the owner of a folder with Powershell when Get-Acl returns "Access Denied"?


powershell acl

Windows Vista and up include a command-line tool named takeown.exe which can be used from an elevated command prompt (or elevated powershell console) to change the ownership of a file system object.

takeown /F "C:\SomeFolder" /R /D Y

should give you ownership on C:\SomeFolder and the file system objects it contains.

powershell acl

I have some system configuration scripts from our build guy and I recall a note about the Get-Acl command "not working well on certain paths". 

# NOTE: This method does not work well?#$acl = Get-Acl -Path $Path

The kinds of paths we were setting permissions on were empty folders created by an administrator user later captured in a disk image. This is the PowerShell command that we used instead.

$acl = (Get-Item $path).GetAccessControl("Access")

Oh, and it gets real obscure once you have an ACL object. I don't know if this is the best way to do it, but it's a snippet from the same script I refer to above.

$acl = (Get-Item $path).GetAccessControl("Access")# Setup the access rule.$allInherit = [System.Security.AccessControl.InheritanceFlags]"ContainerInherit", "ObjectInherit"$allPropagation = [System.Security.AccessControl.PropagationFlags]"None"$AR = New-Object System.Security.AccessControl.FileSystemAccessRule $user, $permissions, $allInherit, $allPropagation, "Allow"# Check if Access already exists.if ($acl.Access | Where { $_.IdentityReference -eq $User}) {    $accessModification = New-Object System.Security.AccessControl.AccessControlModification    $accessModification.value__ = 2    $modification = $false    $acl.ModifyAccessRule($accessModification, $AR, [ref]$modification) | Out-Null} else {    $acl.AddAccessRule($AR)}Set-Acl -AclObject $acl -Path $Path

powershell acl

the above code worked great. wanted to post a tweak for recursively going through directory and filling in some "missing" 

$HomeFolders = Get-ChildItem "put your directory root here" -Directory -recurseforeach ($HomeFolder in $HomeFolders) {    $Path = $HomeFolder.FullName    $acl = (Get-Item $Path).GetAccessControl('Access')    $allInherit = [System.Security.AccessControl.InheritanceFlags]"ContainerInherit", "ObjectInherit"    $allPropagation = [System.Security.AccessControl.PropagationFlags]"None"    $permissions = "FullControl"    $Username = "<put your name here>"    $AR = New-Object System.Security.AccessControl.FileSystemAccessRule($Username, $permissions, $allInherit, $allPropagation, "Allow")    if ($acl.Access | Where { $_.IdentityReference -eq $Username})     {        $accessModification = New-Object System.Security.AccessControl.AccessControlModification        $accessModification.value__ = 2        $modification = $false        $acl.ModifyAccessRule($accessModification, $AR, [ref]$modification) | Out-Null    }     else     {        $acl.AddAccessRule($AR)    }    Set-Acl -path $Path -AclObject $Acl}

Recent Posts
How can I color dots in a xy scatterplot according to column value?
How to update a claim in ASP.NET Identity?
What does {0} mean when initializing an object?
Accessing members of items in a JSONArray with Java
How to log SQL statements in Spring Boot?
Powershell Get-WebSite name parameter is ignored
How to detect scroll to bottom of html element
Java synchronized method
How to test controllers with CodeIgniter?
Detect Visual Composer
Matplotlib: Specify format of floats for tick labels
Rails join a list of strings with commas and "and" before the last