Setting Inheritance and Propagation flags with set-acl and powershell

Question

I am trying to mimic the action of right-clicking on a folder  setting  modify  on a folder  and having the permissions apply to the specific folder and subfolders and files   I m mostly there using Powershell  however the inheritance is only being set as  subfolders and files  instead of the whole  this folder  subfolders and files    Is there some unlisted flag for System Security AccessControl PropagationFlags that will set this properly   Here s what I m working with so far    Folders   Get-childItem c  TEMP   InheritanceFlag    System Security AccessControl InheritanceFlags   ContainerInherit -bor  System Security AccessControl InheritanceFlags   ObjectInherit  PropagationFlag    System Security AccessControl PropagationFlags   InheritOnly  objType    System Security AccessControl AccessControlType   Allow   foreach   TempFolder in  Folders    echo  Loop Iteration   Folder    TempFolder FullName   acl   Get-Acl  Folder  permission    domain user   Modify    InheritanceFlag   PropagationFlag   objType  accessRule   New-Object System Security AccessControl FileSystemAccessRule  permission   acl SetAccessRule  accessRule  Set-Acl  Folder  acl

User · Accepted Answer

I think your answer can be found on this page   From the page      This Folder  Subfolders and Files    InheritanceFlags ContainerInherit   InheritanceFlags ObjectInherit  PropagationFlags None

User · Answer

Here s the MSDN page describing the flags and what is the result of their various combinations   Flag combinations   gt  Propagation results                                           No Flags   gt  Target folder  ObjectInherit   gt  Target folder  child object  file   grandchild object  file   ObjectInherit and NoPropagateInherit   gt  Target folder  child object  file   ObjectInherit and InheritOnly   gt  Child object  file   grandchild object  file   ObjectInherit  InheritOnly  and NoPropagateInherit   gt  Child object  file   ContainerInherit   gt  Target folder  child folder  grandchild folder  ContainerInherit  and NoPropagateInherit   gt  Target folder  child folder  ContainerInherit  and InheritOnly   gt  Child folder  grandchild folder  ContainerInherit  InheritOnly  and NoPropagateInherit   gt  Child folder  ContainerInherit  and ObjectInherit   gt  Target folder  child folder  child object  file   grandchild folder  grandchild object  file   ContainerInherit  ObjectInherit  and NoPropagateInherit   gt  Target folder  child folder  child object  file   ContainerInherit  ObjectInherit  and InheritOnly   gt  Child folder  child object  file   grandchild folder  grandchild object  file   ContainerInherit  ObjectInherit  NoPropagateInherit  InheritOnly   gt  Child folder  child object  file     To have it apply the permissions to the directory  as well as all child directories and files recursively  you ll want to use these flags   InheritanceFlags ContainerInherit   InheritanceFlags ObjectInherit  PropagationFlags None   So the specific code change you need to make for your example is    PropagationFlag    System Security AccessControl PropagationFlags   None

User · Answer

Just because you re in PowerShell don t forgot about good ol  exes   Sometimes they can provide the easiest solution e g    icacls exe  folder  grant  domain user  OI  CI  M

User · Answer

Here s a table to help find the required flags for different permission combinations       -----------------------------------------------------------------------------------------------------------------------------------------------------------                        folder only    folder  sub-folders and files    folder and sub-folders    folder and files    sub-folders and files    sub-folders       files             ------------- ------------- ------------------------------- ------------------------ ------------------ ----------------------- ------------- -------------          Propagation    none           none                             none                      none                InheritOnly              InheritOnly    InheritOnly           Inheritance    none           Container Object                 Container                 Object              Container Object         Container      Object              -----------------------------------------------------------------------------------------------------------------------------------------------------------   So  as David said  you ll want  InheritanceFlags ContainerInherit   InheritanceFlags ObjectInherit PropagationFlags None

User · Answer

Here s some succinct Powershell code to apply new permissions to a folder by modifying it s existing ACL  Access Control List      Get the ACL for an existing folder  existingAcl   Get-Acl -Path  C  DemoFolder     Set the permissions that you want to apply to the folder  permissions    env username   Read Modify    ContainerInherit ObjectInherit    None    Allow     Create a new FileSystemAccessRule object  rule   New-Object -TypeName System Security AccessControl FileSystemAccessRule -ArgumentList  permissions    Modify the existing ACL to include the new rule  existingAcl SetAccessRule  rule     Apply the modified access rule to the folder  existingAcl   Set-Acl -Path  C  DemoFolder    Each of the values in the  permissions variable list pertain to the parameters of this constructor for the FileSystemAccessRule class   Courtesy of this page

[powershell] Setting Inheritance and Propagation flags with set-acl and powershell

Examples related to powershell

Examples related to permissions

Examples related to file-permissions