Need script to assign permissions to folders

Stoly

Supreme [H]ardness
Joined
Jul 26, 2005
Messages
6,628
So I have several IIS applications. each has a folder (among other folders) that's named APP_DATA

For security reasons, I need to assign permissions to that folder on each application for IIS_IUSR.

any guides to make a script? preferably powershell.
 

socK

2[H]4U
Joined
Jan 25, 2004
Messages
3,920
Honestly easier to just call icacls than the PowerShell ACL API.

Assuming inheritance is enabled, it should just propagate downwards to whatever subfolders.

Code:
icacls 'SOME_FOLDER_PATH' /grant:r 'IIS_IUSRS:(OI)(CI)F'

or whatever permissions you want to grant.
https://ss64.com/nt/icacls.html
Or depending on the folder structure, if you want to hit a bunch of these APP_DATA folders in one go, this might be more along what you're looking for?
(Also if you want to see what folders it's going to touch first before you go and modify permissions - and you probably do, just replace the ForEach-Object part with Select-Object FullName)
Code:
Get-ChildItem "SOME_FOLDER_PATH_THAT_IS_THE_PARENT_TO_ALL_THESE_APP_DATA_FOLDERS" -Recurse -Include "APP_DATA" | ForEach-Object { icacls $_.FullName /grant:r 'IIS_IUSRS:(OI)(CI)F' }
 
Last edited:

Stoly

Supreme [H]ardness
Joined
Jul 26, 2005
Messages
6,628
Honestly easier to just call icacls than the PowerShell ACL API.

Assuming inheritance is enabled, it should just propagate downwards to whatever subfolders.

Code:
icacls 'SOME_FOLDER_PATH' /grant:r 'IIS_IUSRS:(OI)(CI)F'

or whatever permissions you want to grant.
https://ss64.com/nt/icacls.html
Or depending on the folder structure, if you want to hit a bunch of these APP_DATA folders in one go, this might be more along what you're looking for?
(Also if you want to see what folders it's going to touch first before you go and modify permissions - and you probably do, just replace the ForEach-Object part with Select-Object FullName)
Code:
Get-ChildItem "SOME_FOLDER_PATH_THAT_IS_THE_PARENT_TO_ALL_THESE_APP_DATA_FOLDERS" -Recurse -Include "APP_DATA" | ForEach-Object { icacls $_.FullName /grant:r 'IIS_IUSRS:(OI)(CI)F' }
I figured it out already by myself but thanks. Its great what you can come up at 2am with the right ammount of caffeine..

:D:D
 
Top