Hello,
I have a shared folder on a Windows 2003 R2 server that users are allowed full control to. I have setup permissions on the root of the share, and all sub-folders inherit the permissions. If a user wanted to change the permissions, they could, but they could easily remove the Administrator access and System access as well. So I'm looking for a script to verify that the Administrators and System accounts have access to the folders.
However, I can't seem to get it working. Logged in as a member of the Administrators group, I have setup a test folder so I have ownership over the folder. Then I remove the Administrators group from the ACL through the GUI. So I end up with a folder where I'm the owner, but have no rights to edit/view the contents.
In powershell, if I run a simple:
$acl= get-acl $folder$allinherit=[System.Security.AccessControl.InheritanceFlags]"ContainerInherit", "ObjectInherit"$allPropagation=[System.Security.AccessControl.PropagationFlags]"None"$AR= New-Object System.Security.AccessControl.FileSystemAccessRule("Administrators", "FullControl", $allInherit, $allPropagation, "Allow")$acl.SetAccessRule($AR) Set-Acl -AclObject $acl-Path $folder
I keep getting a Permission Denied error when running this. Is there anyway to add a permission to a folder when I'm the owner but don't have ACL rights? I can do it through the GUI without any errors.
Thanks for your time.
