Reputation: 93
Folder ACL Export / Import issue - inheritance
I am having issues getting the Folder inheritance state to export/import properly via get-acl, set-acl modules in PowerShell. I am exporting to a csv and it looks like everything is correct in the csv file but when I reimport I get error and the inheritance does not get set on the folders.
NON_WORKING EXPORT CODE:
Get-ChildItem "k:\IT" -Recurse | ?{ $_.PsIsContainer } | %{
$Path = $_.FullName
(Get-Acl $Path) | Select-Object `
@{n='Path';e={ $Path }},
AccessRightType,
AccessRuleType,
AuditRuleType,
AreAccessRulesProtected,
AreAuditRulesProtected,
AreAccessRulesCanonical,
AreAuditRulesCanonical
} | Export-CSV "C:\acl\DirInhPermissions.csv"
NON_WORKING IMPORT CODE
$ruleset = Import-Csv -Path "C:\acl\DirInhPermissions.csv"
foreach ( $i in $ruleset ) {
$path=$i.Path
$AccessRightType= $i.AccessRightType
$AccessRuleType=$i.AccessRuleType
$AuditRuleType= $i.AuditRuleType
$AreAccessRulesProtected=$i.AreAccessRulesProtected
$AreAuditRulesProtected=$i.AreAuditRulesProtected
$AreAccessRulesCanonical=$i.AreAccessRulesCanonical
$AreAuditRulesCanonical=$i.AreAuditRulesCanonical
$acl = Get-Acl $path
$permission = $AccessRightType,$AccessRuleType,$AuditRuleType,$AreAccessRulesProtected,$AreAuditRulesProtected,$AreAccessRulesCanonical,$AreAuditRulesCanonical
$accessRule = new-object System.Security.AccessControl.FileSystemAccessRule $permission
$acl.SetAccessRule($accessRule)
$acl | Set-Acl $path
}
ERROR RECEIVED:
CONTENTS OF CSV:
#TYPE Selected.System.Security.AccessControl.DirectorySecurity
"Path","AccessRightType","AccessRuleType","AuditRuleType","AreAccessRulesProtected","AreAuditRulesProtected","AreAccessRulesCanonical","AreAuditRulesCanonical"
"K:\IT\New folder","System.Security.AccessControl.FileSystemRights","System.Security.AccessControl.FileSystemAccessRule","System.Security.AccessControl.FileSystemAuditRule","False","False","True","True"
"K:\IT\New folder\xyz","System.Security.AccessControl.FileSystemRights","System.Security.AccessControl.FileSystemAccessRule","System.Security.AccessControl.FileSystemAuditRule","True","False","True","True"
"K:\IT\New folder\xyz\123","System.Security.AccessControl.FileSystemRights","System.Security.AccessControl.FileSystemAccessRule","System.Security.AccessControl.FileSystemAuditRule","False","False","True","True"
I can not figure out why this is not working. I use similar code to import and export individual access rights and that works but this folder inheritance portion is not. For comparison, here is the code that works for the individual access rights:
working export
Get-ChildItem "k:\IT" -Recurse | ?{ $_.PsIsContainer } | %{
$Path = $_.FullName
(Get-Acl $Path).Access | Select-Object `
@{n='Path';e={ $Path }},
IdentityReference,
AccessControlType,
InheritanceFlags,
PropagationFlags,
FileSystemRights
} | Export-CSV "C:\acl\ACEPermissions.csv"
working import
$acerules = Import-Csv -Path "C:\acl\ACEPermissions.csv"
foreach ( $i in $acerules ) {
$path= $i.Path
$IdentityReference= $i.IdentityReference
$AccessControlType=$i.AccessControlType
$InheritanceFlags= $i.InheritanceFlags
$PropagationFlags=$i.PropagationFlags
$FileSystemRights=$i.FileSystemRights
$acl = Get-Acl $path
$permission = $IdentityReference, $FileSystemRights, $InheritanceFlags, $PropagationFlags, $AccessControlType
$accessRule = new-object System.Security.AccessControl.FileSystemAccessRule $permission
$acl.SetAccessRule($accessRule)
$acl | Set-Acl $path
}
This is part of a larger script that I am using to modify access rights and will be using this as a rollback process. Any help you could provide would be greatly appreciated. Thank you in advance!
Upvotes: 0
Views: 274