David C
Reputation: 21
Copy an object to new object with changed value
In need to get the ACL object and replace an Access.IdentityReference.Value and keep the rest of the object intact so I can apply the Set-Acl to another system.
$acl = Get-Acl -Path "C:\Temp"
$h = New-Object -TypeName PSObject
ForEach-Object -InputObject $acl -Process {
if ($_.Access.IdentityReference.Value -contains "BUILTIN\Users") {
"found"
$h += @($_.Access.IdentityReference.Value.Replace("BUILTIN\Users", "new\name"))
} else {
$h += @($_)
}
}
$h.Access
I have so many ways to do this and the best I have been able to get is finding and replacing the target value but losing the rest of the original object.
Edit: when I try this code:
$acl = Get-Acl -Path 'C:\Temp'
$ace = $acl.Access | Where-Object { $_.IdentityReference -eq 'BUILTIN\Users' }
$newAce = New-Object System.Security.AccessControl.FileSystemAccessRule (
'new\name',
$ace.FileSystemRights,
$ace.InheritanceFlags,
$ace.PropagationFlags,
$ace.AccessControlType
)
$acl.RemoveAccessRule($ace)
$acl.AddAccessRule($newAce)
Set-Acl -Path 'C:\Temp' -AclObject $acl
I'm getting the following error:
Exception calling "AddAccessRule" with "1" argument(s): "Some or all identity
references could not be translated."
At line:12 char:1
+ $acl.AddAccessRule($newAce)
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [], MethodInvocationException
+ FullyQualifiedErrorId : IdentityNotMappedException
Edit2: New script, but not quite there yet:
$Ssid = "S-1-5-21-2214593661-3374179426-1523454523-1133"
$Tsid = "S-1-5-21-2227185791-3254421074-497073356-1005"
$Spath = "\\clw01\dept\CLW_Site"
$Tpath = "\\clw03\dept\CLW_Site"
$acl = Get-Acl -Path $Spath
$ace = $acl.Access | Where-Object { $_.IdentityReference -eq $Ssid }
$newAce = New-Object System.Security.AccessControl.FileSystemAccessRule (
$Tsid,
$ace.FileSystemRights,
$ace.InheritanceFlags,
$ace.PropagationFlags,
$ace.AccessControlType
)
$acl.RemoveAccessRule($ace)
$acl.AddAccessRule($newAce)
Set-Acl -Path $Tpath -AclObject $acl
I'm getting the following error:
Exception calling "AddAccessRule" with "1" argument(s): "The trust relationship
between the primary domain and the trusted domain failed."
At line:9 char:1
+ $acl.AddAccessRule($newAce)
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [], MethodInvocationException
+ FullyQualifiedErrorId : SystemException
Upvotes: 2
Views: 1091
Answers (1)
Ansgar Wiechers
Reputation: 200473
You can't replace the identity reference on an existing ACE, you need to replace the entire ACE with a new one.
$acl = Get-Acl -Path 'C:\Temp'
$ace = $acl.Access | Where-Object { $_.IdentityReference -eq 'BUILTIN\Users' }
$newAce = New-Object System.Security.AccessControl.FileSystemAccessRule (
'new\name',
$ace.FileSystemRights,
$ace.InheritanceFlags,
$ace.PropagationFlags,
$ace.AccessControlType
)
$acl.RemoveAccessRule($ace)
$acl.AddAccessRule($newAce)
Set-Acl -Path 'C:\Temp' -AclObject $acl
Upvotes: 1
Related Questions
- Applying ACL Permissions using PowerShell Set-Acl
- Set ReadOnly ACL recursively
- Copy-Item with overwrite?
- how to "replace all child object permission entries with inheritable permission entries from this object" using PowerShell for ACL folder access
- Replacing ACL with Inheritance using PowerShell
- Change property on existing powershell object
- Error when attempting to copy inherited permissions
- SET-ACL via powershell for computer object
- Change owner and acl permission recursively
- Can I copy an ACL from one registry key to another in PowerShell 2.0