Advertisements

About

This blog is intended to document how-to’s, fixes, work-arounds, and the various gotchas that are the meat and potatoes of the IT field.

Advertisements

4 comments so far

  1. X300 on

    Hi
    We have to periodically archive a leavers Windows folders including Desktop and Profile I have been using a script which has at its core:
    takeown /f $b /R /d y | out-null
    “Ownership of $b taken”
    icacls $b /grant mydomain\myname:F /t | out-null
    “Permissions taken on $b”
    But quite often it fails as ownership isnt propogated to child folders and permissions arent propogated either. It is possible that the takeown doesn’t have enough time to complete; thats why i added out null; but I am still having problems. Any suggestions?
    Is there a ‘pure’powershell method I could use?
    I am running Win 7 and files are on a win server 2008 R2

    • Marquis Calmes on

      I haven’t used takeown extensively since it only allows you to assign ownership to yourself and I haven’t had a need to do that much. It may be that inheritance is blocked at a lower level.
      Below is a chunk of a script I’ve used to recursively assign ownership using powershell. It is slow, but it seems to work.

      $path=”C:\Users\someuser”
      $ID = new-object System.Security.Principal.NTAccount(“domainname“, “username“)
      get-childitem -Literalpath $path -force -recurse | foreach {
      $objChild = $_
      $longPath = $_.FullName
      write-progress -activity “Set File Owner” -status “Processing $longPath with user $ID”
      $acl = $objChild.GetAccessControl()
      if ($acl) {
      $acl.SetOwner($ID)
      $objChild.SetAccessControl($acl)
      }

  2. x300 on

    Hi
    Thanks for reply. Is there a way to use powershell to grant full permissions to a folder recursively instead of using Icacls?

  3. Marquis Calmes on

    The quickest way to would be to add your current iacls command into the above script. Either once at the beging of the scripts for the root folder, or remove the /t and place in the final “if” statement after the $objChild.SetAccessControl($acl). Then it would be applied to each and every file.

    I’ve also used the 3rd part utility fileacl which seems to be faster than icacls, but does require installing. (http://www.gbordier.com/gbtools/fileacl.asp)

    It is possible do this with powershell, though it is a bit more complicated. Rather than type what is written elsewhere I recommend looking at http://chrisfederico.wordpress.com/2008/02/01/setting-acl-on-a-file-or-directory-in-powershell/


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Advertisements
%d bloggers like this: