I have a folder, and I am trying to grant full permissions to another user, like so:
$Acl = Get-Acl "C:\MyFolder"
$AccessRule = New-Object system.security.accesscontrol.filesystemaccessrule("bobby","FullControl", "Allow")
$Acl.AddAccessRule($AccessRule)
Set-Acl -AclObject $Acl "C:\MyFolder"
The owner of the folder is "Joe".
The powershell script runs under the "SyncProcess" account.
If Joe is the owner of the folder, the script fails with the error message:
Set-Acl : The security identifier is not allowed to be the owner of this object
If I change the owner of the folder manually to SyncProcess, then the script runs fine without error.
My question is, why does Set-Acl try to change the owner? I am not trying to change the owner, nor do I want to. I read the script to mean, get the current Acl, add the full control permission access rule for Bobby, and then update the folder. I don't think I am doing anything here to change the owner?
if I add $Acl | fl both before and after the AddAccessRule method call, the Owner is the same in both, unchanged. Whe does Set-Acl think the owner is changing?
Thanks.
$Acl = Get-Acl "C:\MyFolder"
$AccessRule = New-Object system.security.accesscontrol.filesystemaccessrule("bobby","FullControl", "Allow")
$Acl.AddAccessRule($AccessRule)
Set-Acl -AclObject $Acl "C:\MyFolder"
The owner of the folder is "Joe".
The powershell script runs under the "SyncProcess" account.
If Joe is the owner of the folder, the script fails with the error message:
Set-Acl : The security identifier is not allowed to be the owner of this object
If I change the owner of the folder manually to SyncProcess, then the script runs fine without error.
My question is, why does Set-Acl try to change the owner? I am not trying to change the owner, nor do I want to. I read the script to mean, get the current Acl, add the full control permission access rule for Bobby, and then update the folder. I don't think I am doing anything here to change the owner?
if I add $Acl | fl both before and after the AddAccessRule method call, the Owner is the same in both, unchanged. Whe does Set-Acl think the owner is changing?
Thanks.