Search the Community
Showing results for tags 'Inherit'.
-
After much of tests i was able to write a Powershell Script, that replace, all inherits of all folders and subfolders (even the one with long names), without taking the Ownership ! Reasons: - Taking the Ownership of a Windows Folder can make much Problems ! (I dont like solutions, that can make more problems than they solve, and i even dont like it, if people say, dont change Permissions of systemfolders blabla - Me, the Owner of my Harddrive, like to have R/W Permissions to all Folders, but some folders get there permission inherit from a Top Folder, and so, i wasnt able to set their permissions... so many commands iacls, dir -ad, some powershell commands and ways, just didn´t do it, but i was able to to it (R4 never gives up...) 1) You need to allow Powershellscripts - in a Powershell console (with Adminrights) run: Set-ExecutionPolicy RemoteSigned (maybe "unrestricted could do the job too, you can set it back to restricted later) 2) Then run the script (with Adminrights too) 3) THis could take a while !!! Some really rare folders (probably Symbolic NTFS Links, Junctions or Similar) give Errormessages, - you can ignore it ! cd "C:\" foreach ($i in Get-ChildItem -Recurse -Force| ?{ $_.PSIsContainer}) { echo $i.FullName $acl=Get-ACL $i.FullName $acl.SetAccessRuleProtection($True, $True) Set-Acl $i.FullName -AclObject $acl } (this little success brings me some steps forward, in getting a clean os, - next step is setting r/w permissions for buildIN Admin, and then check the 1355 dll´s i identified, that can be called by regsvr32) - (maybe i could replace reginherits too...) mfg R4D3 Edit: Uhm, sorry my Script seems to switch all folderinherits like 180 degree (good for folders with inherits, but not for folders without - SetAccessRuleProtection($True, $False) seems to be better, and with giving Adminrights this hopefully does it: Edit: Just moved $acl.SetAccessRuleProtection($True, $True) before the new rule (cause, first the existing inherits must be replaced with local one, before the new-Object Rule, took them off and give Built-In Admin permissions.... cd "C:\" foreach ($i in Get-ChildItem -Recurse -Force| ?{$_.PSIsContainer}){ echo $i.FullName $acl=Get-ACL $i.FullName $person=[System.Security.Principal.NTAccount]"BUILTIN\Administrators" $access=[System.Security.AccessControl.FileSystemRights]"FullControl" $inheritance=[System.Security.AccessControl.InheritanceFlags]"ObjectInherit" $propagation=[System.Security.AccessControl.PropagationFlags]"None" $type=[System.Security.AccessControl.AccessControlType]"Allow" $acl.SetAccessRuleProtection($True, $True) $rule=New-Object System.Security.AccessControl.FileSystemAccessRule($person,$access,$inheritance,$propagation,$type) $acl.AddAccessRule($rule) $acl.SetAccessRule($rule) Set-Acl $i.FullName -AclObject $acl }