I have the powershell script below that add a specific group to a specific folder (from a csv).
The issue I have is its not recursive so the permission is only written to the root folder.
What can I do to make it change the perissions all the way down?
$csv = Import-Csv -Path "C:\temp\perms.csv"
ForEach ($item In $csv) {
$acl = Get-Acl $item.folder
$AddPerm = New-Object System.Security.AccessControl.FileSystemAccessRule($item.group,"fullcontrol","Allow")
$acl.SetAccessRule($AddPerm)
$acl | Set-Acl $item.folder
Write-Host -ForegroundColor Green "Group $($item.group) created!"
}
You must use the [System.Security.AccessControl.FileSystemAccessRule] constructor overload that allows you to specify [System.Security.AccessControl.InheritanceFlags] flags, namely this one:
$addPerm =
[System.Security.AccessControl.FileSystemAccessRule]::new(
$item.group, # identity
'FullControl', # fileSystemRights
'ContainerInherit, ObjectInherit', # inheritanceFlags
'None', # propagationFlags (default)
'Allow' # type
)
$acl.AddAccessRule($addPerm)
.AddAccessRule() rather than .SetAccessRule() under the assumption that you want to add a rule to the existing ones.