Hi to all. I have used Powershell to remove inheritance on a number of folders (see example below).
$folders =
"E:\Share\Folder\sub-folder",
"E:\Share\Folder2\sub-folder"
foreach($folder IN $folders) {
$acl = Get-ACL -Path $folder
$acl.SetAccessRuleProtection($True, $True)
Set-Acl -Path $folder -AclObject $acl
}
I then applied NTFS permissions to "E:\Share\Folder1\sub-folder" allowing members of specific Active Directory Groups 'Modify' permissions. This all appeared fine until I tested using a standard user account. Even though they were a member of the AD Security Group they received access denied when attempting to access the folder.
This had me scratching my head.
If I manually browse to directory->Properties->advanced in Windows Explorer and then tick "Replace all child object permission entries with inheritable permission entries from this object" the user is then able to access "E:\Share\Folder1\sub-folder"
So I need the same effect of the checkbox "Replace all child object permission entries with inheritable permission entries from this object" (directory->Properties->advanced in Windows Explorer) without re-enabling inheritance.
I tried the command below but this just re-enabled inheritance and stripped off the explicit NTFS permissions I had applied earlier.
icacls "E:\Share\Folder1\sub-folder" /reset /T /C
Does anyone know how to mimic ticking the checkbox using Powershell or a batch file without enabling inheritance?
Kind Regards,
Phil.