Question:
I’m writing a script that should set filesystem access rights for a folder and all of it’s contents.
To affect all content, both subfolders and files, one should combine ContainerInherit and ObjectInherit according to the .NET documentation. But I can’t get that to work and I’m not sure about the syntax.
Sample code:
|
1 2 |
$ar = new-object System.Security.AccessControl.FileSystemAccessRule(New-Object System.Security.Principal.NTAccount($user),FullControl,ContainerInherit,InheritOnly,Allow) |
That’ll work and so would using ObjectInherit only, but how can I combine them? Using quotation marks and a comma, like this "ContainerInherit,ObjectInherit" won’t work, since it’s appearantly not allowed to mix string and non-string argument.
I’ve also tried using the -and operator, but that just gives me an error. Assigning the enums to a variable ($inherit = ContainerInherit,ObjectInherit) won’t work either.
So, any tips on how to do this?
Answer:
You can merge them using -bor (analogous to | in other languages). Parsing it from a string using a comma as shown in the other answer also works.
I also corrected your sample syntax and this sample should work.
|
1 2 3 4 5 6 7 |
$if=[Security.AccessControl.InheritanceFlags] $fsr=[Security.AccessControl.FileSystemRights] $pf=[Security.AccessControl.PropagationFlags] $flags = [Security.AccessControl.InheritanceFlags]($if::ContainerInherit -bor $if::ObjectInherit) $ar = new-object Security.AccessControl.FileSystemAccessRule ((New-Object System.Security.Principal.NTAccount($user)),$fsr::FullControl, $flags, $pf::InheritOnly, "Allow") |
But even simpler is to use strings only:
|
1 2 |
new-object Security.AccessControl.FileSystemAccessRule ($user, "FullControl", "ContainerInherit,ObjectInherit", "InheritOnly", "Allow") |