Powershell: Piping input to Set-Acl

access-control-listpowershell

have a messed up folder with inconsistent ACLs which I need to uniform. I hoped to accomplish this with powershell. So I'm trying to search for all files missing the required group and applying the rights threough Set-Acl:

Get-Acl | where {$_.accesstostring -notlike "*domain\required_grp*"} | Set-Acl $dir $acl

Unlike icacls, Set-Acl requires you to be the owner of the file to be able to modify the ACL. That's why:

$dir= Get-Acl .\reference_file
$acl= $ACL.SetOwner([System.Security.Principal.NTAccount]$my_account)

Well, when running the command I get the following error:

Set-Acl : The input object cannot be bound to any parameters for the command either because the command does not take pipeline input or the input and its properties do not match any of the parameters that take pipeline input. At line:1 char:95

I'm pretty sure the problem is with the format of the output piped to Set-Acl, but can't figure out what. Thanks for any input, much appreciated.

Luka

Best Answer

I believe you are confusing the PowerShell, because you send an array of ACLs down the pipeline, but don't iterate over each of them. Also, the Set-ACL CMDlet expects a path sent down the pipeline, it think.

$acl= Get-Acl .\reference_file
$acl= $ACL.SetOwner([System.Security.Principal.NTAccount]$my_account)
Get-ChildItem | ? { (Get-ACL $_).accesstostring -notlike "*domain\groupname*"} | % { Set-ACL $_.Fullname $acl }

This works for me. It gets every file or folder, checks if it's ACL matches your expression, and sets the ACL if required.

Related Solutions

Powershell Set-Acl fails

Check this out POWERSHELL - EDITING PERMISSIONS ON A FILE OR FOLDER

From the post comment:

You're obviously getting this error because you're trying to change the owner of the object. By default NTFS will only allow you to set the owner of an object to:

A: Yourself
B: Administrators-group

That's it.

However, if you're an administrator or backup operator you can set it to any user, BUT this privilige is disabled by default and must be enabled before you can do so. In case you're wondering - this is a concious security restriction.

There are no .NET or PowerShell specific ways of enabling this, but if we leave Microsoft-territory and visit the PowerShell Community Extensions project we find a way...

I havent used PSCX that much and it's not a Microsoft product so any questions on them should be directed to www.codeplex.com/PowerShellCX rather than here, but here goes:

Download and install PSCX from www.codeplex.com/PowerShellCX

Set up a wrapper class for TokenPriviliege using the following syntax:

$oTP = New-Object PSCX.Interop.TokenPriviliege

Now, grant it to the current process:

Set-Privilege $oTP

You should now be able to change the owner of the folder to any user you wish.

Linux – how to every file/directory in a tree to have the same owner, group, perms, acls

You can't. Use extended ACLs to provide the permissions you need (with defaults to apply them to all new files) and effectively ignore the traditional permission bits.

Best Answer

Related Solutions

Powershell Set-Acl fails

Linux – how to every file/directory in a tree to have the same owner, group, perms, acls

Related Topic