Set Permissions

From psadt | Evergreen Application Management
Jump to navigation Jump to search

About

Powershell.png

PowerShell function to set permissions on files, folders, or registry keys.


Function

Files

# Set Variables
$CurrentPath = Split-Path -Parent $MyInvocation.MyCommand.Definition
$RegPath = "HKLM:\SOFTWARE\WOW6432Node\Microsoft\Office\Word\Addins\Random Office Add-In"
$UsersGrp = "Users"
$SydGrp = "All Sydney Users"

# Set registry key permissions
If (Test-Path $RegPath)
	{
	# Remove inheritance
	$acl = Get-Acl $RegPath
	$acl.SetAccessRuleProtection($true,$true)
	Set-Acl $RegPath $acl

	# Removes all access for 'Users' group
	$acl = Get-Acl $RegPath
	$acl.PurgeAccessRules([System.Security.Principal.NTAccount] $UsersGrp)
	Set-Acl $RegPath $acl

	# Add Read access for Sydney users
	$acl = Get-Acl $RegPath
	$rule = New-Object System.Security.AccessControl.RegistryAccessRule($SydGrp,"ReadKey","ContainerInherit","None","Allow")
	$acl.SetAccessRule($rule)
	Set-Acl $RegPath $acl
	}


Function

Registry

  • Where$appPath is the path to the location you want to update permissions for.
# Add Modify rights for Users to mitigate known issue writing logs
If (Test-Path $appPath)
	{
	# Remove inheritance
	$acl = Get-Acl $appPath
	$acl.SetAccessRuleProtection($true,$true)
	Set-Acl $appPath $acl

	# Add Modify access for Users
	$acl = Get-Acl $appPath
	$rule = New-Object System.Security.AccessControl.FileSystemAccessRule("Users","Modify","ContainerInherit","None","Allow")
	$acl.SetAccessRule($rule)
	Set-Acl $appPath $acl
	}