All geek questions in one place

How to change the owner of a folder using Powershell when Get-Acl returns "Access Denied"?

I have a question about Get-Acl in Powershell. I keep getting the error: "Access to the path is denied." I want to change the owner of the folder for myself, and then grant myself full access rights to the folder using Powershell. Here's a line of code giving me an error:

$acl = Get-Acl "C:\SomeFolder"

I use Windows Explorer to set permissions to "SomeFolder" before running the script. They look like this:

  • no entries in access control list
  • The owner is not himself

I do not receive an error message if I make myself an owner using the Windows Explorer GUI before running the Powershell script. I don’t understand why I am allowed to change ownership using Windows Explorer, but not using Powershell? I have full administrator rights on this computer. Windows 7, Powershell 2.0, .NET 3.5.

I assume the only way to change the owner is to use Get-Acl, set the owner in the ACL, and then use Set-Acl to write it back to the folder. If there is another way, please let me know? How can I change the owner of a folder using Powershell?

+6
source share
3 answers

Windows Vista and above uses a command-line tool called takeown.exe that can be used from an elevated command prompt (or with an elevated PowerShell console) to change ownership of a file system object.

 takeown /F "C:\SomeFolder" /R /DY

should give you ownership of C: \ SomeFolder and the file system objects it contains.

+8
source

I have our system builder’s system configuration scripts, and I recall a note about the Get-Acl command that doesn’t work on specific paths.

 # NOTE: This method does not work well? #$acl = Get-Acl -Path $Path

The types of paths on which we set the permissions were empty folders created by the administrator user, which were subsequently written to the disk image. This is the PowerShell command that we used instead.

 $acl = (Get-Item $path).GetAccessControl("Access")

Oh, and it becomes real obscure when you have an ACL object. I don't know if this is the best way, but this is a snippet from the same script that I mentioned above.

 $acl = (Get-Item $path).GetAccessControl("Access") # Setup the access rule. $allInherit = [System.Security.AccessControl.InheritanceFlags]"ContainerInherit", "ObjectInherit" $allPropagation = [System.Security.AccessControl.PropagationFlags]"None" $AR = New-Object System.Security.AccessControl.FileSystemAccessRule $user, $permissions, $allInherit, $allPropagation, "Allow" # Check if Access already exists. if ($acl.Access | Where { $_.IdentityReference -eq $User}) { $accessModification = New-Object System.Security.AccessControl.AccessControlModification $accessModification.value__ = 2 $modification = $false $acl.ModifyAccessRule($accessModification, $AR, [ref]$modification) | Out-Null } else { $acl.AddAccessRule($AR) } Set-Acl -AclObject $acl -Path $Path
+4
source

the above code worked fine. wanted to post a twist to recursively navigate through the directory and fill in some of the "missing"

 $HomeFolders = Get-ChildItem "put your directory root here" -Directory -recurse foreach ($HomeFolder in $HomeFolders) {   $Path = $HomeFolder.FullName   $acl = (Get-Item $Path).GetAccessControl('Access') $allInherit = [System.Security.AccessControl.InheritanceFlags]"ContainerInherit", "ObjectInherit" $allPropagation = [System.Security.AccessControl.PropagationFlags]"None" $permissions = "FullControl"   $Username = "<put your name here>" $AR = New-Object System.Security.AccessControl.FileSystemAccessRule($Username, $permissions, $allInherit, $allPropagation, "Allow") if ($acl.Access | Where { $_.IdentityReference -eq $Username}) { $accessModification = New-Object System.Security.AccessControl.AccessControlModification $accessModification.value__ = 2 $modification = $false $acl.ModifyAccessRule($accessModification, $AR, [ref]$modification) | Out-Null } else { $acl.AddAccessRule($AR) }   Set-Acl -path $Path -AclObject $Acl }
0
source

Source: https://habr.com/ru/post/902036/

More articles:


All Articles