Reputation: 13769
Set-Acl with Append
How can I append the ACL's of one folder to another with PowerShell?
I tried with Get-Acl and Set-Acl, but "when the commands complete, the security descriptors .. are identical."
This causes my \\dest\share below to lose dest\Administrators: Full Control and other default share permissions.
Get-Acl '\\source\share' | Set-Acl '\\dest\share'
Set-Acl - Examples | Microsoft Docs
Example 1: Copy a security descriptor from one file to another
$DogACL = Get-Acl -Path "C:\Dog.txt" Set-Acl -Path "C:\Cat.txt" -AclObject $DogACLThese commands copy the values from the security descriptor of the Dog.txt file to the security descriptor of the Cat.txt file. When the commands complete, the security descriptors of the Dog.txt and Cat.txt files are identical.
How can I append the ACL's of \\source\share to \\dest\share?
Upvotes: 0
Views: 1140
Answers (1)
Reputation: 1781
If you want to add the extra ACL's instead of replace them, you'll have to modify the destination ACL before setting it.
Here's a how I would set things up to test it before trying it on live shares:
# Make folders and shares on the machine you'd like to test on
New-Item -Path C:\Users\TestUser\Documents\Share1 -Type Directory -Force
New-Item -Path C:\Users\TestUser\Documents\Share2 -Type Directory -Force
New-SmbShare -Path "C:\Users\TestUser\Documents\Share1" -Name SourceShare
New-SmbShare -Path "C:\Users\TestUser\Documents\Share2" -Name DestinationShare
Now, take a moment to go manually make a change to the ACL's on the shares so you can tell if it works when copying it over to from source to destination. Then continue below:
# Set network share path variables
$SourceShare = "\\GLaDOS\SourceShare"
$DestinationShare = "\\GLaDOS\DestinationShare"
# Set ACL variables
$SourceAcl = Get-Acl $SourceShare
$DestinationAcl = Get-Acl $DestinationShare
# Add all the source ACL's to the destination ACL
$SourceAcl.Access | foreach {$DestinationAcl.AddAccessRule($_)}
# Invoke the command on the computer using local path since network path does not seem to work
Invoke-Command -ComputerName GLaDOS -ScriptBlock {$LocalPath = (Get-SmbShare -Name DestinationShare).Path ; Set-Acl $LocalPath $Using:DestinationAcl}
Obviously you'll want to replace the TestUser and GLaDOS with username and computername respectively.
P.S. Before I used Invoke-Command I tried a less complicated option and got an authentication error:
PS C:\> Set-Acl $DestinationShare $DestinationAcl
Set-Acl : Attempted to perform an unauthorized operation.
Still haven't figured out that one. I should have all the permissions needed.
Upvotes: 1
Related Questions
- Applying ACL Permissions using PowerShell Set-Acl
- PowerShell SetAccessRule for ACL failing
- Adding Variables to Powershell Get-Acl output
- powershell add user permission to a folder in windows server
- Set-acl not working in powershell 3.0
- SET-ACL via powershell for computer object
- PowerShell 5.1 Set-Acl
- powershell ACLs Apply to this folder only
- powershell permissions
- Bring Set-Acl output to file