CODEWITHSUNDEEP
powershell
Norm
Norm

Reputation: 669

How do I set the local administrators group in PowerShell?

The code below sets the Domain Admins group just fine. However I also need to set the local admins [COMPUTER-NAME\Administrators] group on my folder as well. 

function Set-DirACLs
    {
        # Gets the names of the directories in the  directory and adds them to an array. 

        $dircount = Get-ChildItem $UV | foreach-object -process { $_.FullName }
        $cname = $env:computername
        $localadmin =  "$cname\" + "Administrators"
        $userlist = @("MYDOMAIN\Domain Admins", $localadmin)
        #Loops through the directories and sets the ACL on each.
        foreach($folder in $dircount)
        {
            #Print some info to the console so we don't mistake the script being stuck. 
            Write-Host "Editing ACL for $folder "
            Write-Host "Standby "
            Write-Host $localadmin
            $InheritanceFlag = [System.Security.AccessControl.InheritanceFlags]::ContainerInherit -bor [System.Security.AccessControl.InheritanceFlags]::ObjectInherit
            $PropagationFlag = [System.Security.AccessControl.PropagationFlags]::none 
            $colRights = [System.Security.AccessControl.FileSystemRights]"FullControl"
            $objType =[System.Security.AccessControl.AccessControlType]::Allow
            $ACL = Get-Acl $folder 
            $folder = (convert-path $ACL.pspath)
            $acl.SetAccessRuleProtection($True, $False)
            #Now we have to iterate over the users in userlist for each directory.
            foreach($user in $userlist)
            {
                $objUser = New-Object System.Security.Principal.NTAccount($user)
                $rule = New-Object System.Security.AccessControl.FileSystemAccessRule($objUser, $colRights, $InheritanceFlag,$PropagationFlag, $objType) 
                $ACL.AddAccessRule($rule) 

                Set-Acl $folder $ACL 
            }
        }
    }

However I keep getting this error and no matter how I change up the $localadmin variable to concat the computername + \Administrators I get this error

Exception calling "AddAccessRule" with "1" argument(s): "Some or all identity references could not be translated."

This is driving me nuts!!

Upvotes: 0

Views: 4048

Answers (2)

Norm
Norm

Reputation: 669

I fussed and fussed around with this and finally this is what worked:

$userlist = @("MYDOMAIN\Domain Admins",  $cname + "\Administrators")

The sorry part is I know I tried that BEFORE I asked the question on here and it did not work. I suppose I was off my something that first time.

Upvotes: 0

CB.
CB.

Reputation: 60918

try changing this:

$localadmin =  "BUILTIN\Administrators"

then this line is no more required:

$cname = $env:computername

Upvotes: 2

Related Questions