Geek asks and answers

Powershell: Combine ContainerInherit and ObjectInherit in FileSystemAccessRule?

I am writing a script that should set file system permissions for a folder and all content.

To affect all content, both subfolders and files, you must combine ContainerInherit and ObjectInherit according to the .NET documentation. But I can't get this to work, and I'm not sure about the syntax.

Code example:

$ar = new-object System.Security.AccessControl.FileSystemAccessRule(New-Object System.Security.Principal.NTAccount($user),FullControl,ContainerInherit,InheritOnly,Allow)

This will work and will only use ObjectInherit, but how can I combine them? Using quotes and commas like this "ContainerInherit,ObjectInherit"will not work, as it is not allowed to mix string and non-string arguments.

I also tried using the operator -and, but that just gives me an error. Assigning enumerations to a variable ( $inherit = ContainerInherit,ObjectInherit) will also not work.

So, any tips on how to do this?

+3
source share
2 answers

You can combine them with -bor (similar to | in other languages). Processing it from a string using a comma also works, as shown in another answer.

I also corrected your syntax sample, and this sample should work.

$if=[Security.AccessControl.InheritanceFlags]
$fsr=[Security.AccessControl.FileSystemRights]
$pf=[Security.AccessControl.PropagationFlags]
$flags = [Security.AccessControl.InheritanceFlags]($if::ContainerInherit -bor $if::ObjectInherit)

$ar = new-object Security.AccessControl.FileSystemAccessRule ((New-Object System.Security.Principal.NTAccount($user)),$fsr::FullControl, $flags, $pf::InheritOnly, "Allow")

But it’s even easier to use only strings:

new-object Security.AccessControl.FileSystemAccessRule ($user, "FullControl", "ContainerInherit,ObjectInherit", "InheritOnly", "Allow")
+7
source

I am not in front of the computer, but I will try:

[System.Security.AccessControl.InheritanceFlags] 'ContainerInherit, ObjectInherit'

+2
source

More articles:


All Articles