Powershell – Adding Folder Permissions Using Powershell

file-permissionsntfspermissionspowershell

I'm running this script in PowerShell:

Add-NTFSAccess -Path 'C:\MyFolder' -Account PROGRAMMING\IIS_IUSRS -AccessRights FullControl

and I'm getting this error:

Add-NTFSAccess : Cannot bind parameter 'Account'. Cannot convert value "PROGRAMMING\IIS_IUSRS" to type
"Security2.IdentityReference2". Error: "Some or all identity references could not be translated."
At line:1 char:46
+ Add-NTFSAccess -Path 'C:\MyFolder' -Account PROGRAMMING\IIS_IUSRS -AccessRig …
+ ~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidArgument: (:) [Add-NTFSAccess], ParameterBindingException
+ FullyQualifiedErrorId : CannotConvertArgumentNoMessage,NTFSSecurity.AddAccess

What am I doing wrong?

Thanks,

Best Answer

use:

Add-NTFSAccess -Path 'C:\MyFolder' -Account BUILTIN\IIS_IUSRS -AccessRights FullControl

or just

Add-NTFSAccess -Path 'C:\MyFolder' -Account IIS_IUSRS -AccessRights FullControl

IIS_IUSRS is a special internal group that you shouldn't/can't prefix with the computer or domain name.

For other internal groups you have to use the prefix NT AUTHORITY or the equivalent in your language, like:

Add-NTFSAccess -Path 'C:\MyFolder' -Account "NT AUTHORITY\NETWORK SERVICE" -AccessRights FullControl
Add-NTFSAccess -Path 'C:\MyFolder' -Account "NT AUTHORITY\iusr" -AccessRights FullControl

Please note that Add-NTFSAccess is not a Windows cmdlets, it's some script that the original poster picked up somewhere but the account names described here should work elsewhere as well.

Related Topic