# encoding: ascii
# api: powershell
# title: Share Perms
# description: This script removes all existing permissions and assigns the appropriate domain permissions. Also the “Owner” is set to “BUILTIN\Administrators”
# version: 0.1
# author: Littlegun
# license: CC0
# x-poshcode-id: 3642
# x-archived: 2014-08-14T04:50:43
# x-published: 2014-09-14T11:54:00
#
#
$FolderPath = "\\FilerName\ShareName"
$rootfolder = Get-ChildItem -Path $FolderPath -recurse
foreach ($file in $rootfolder) {
$file.FullName
Get-Acl $file.FullName | Format-List
$acl = Get-Acl $file.FullName
$acl.Access | %{$acl.RemoveAccessRule($_)}
$acl.SetAccessRuleProtection($True, $False)
$Rights = [System.Security.AccessControl.FileSystemRights]::FullControl
$inherit = [System.Security.AccessControl.FileSystemAccessRule]::ContainerInherit -bor [System.Security.AccessControl.FileSystemAccessRule]::ObjectInherit
$Propagation = [System.Security.AccessControl.PropagationFlags]::None
$Access = [System.Security.AccessControl.AccessControlType]::Allow
#Copy the next 2 lines and uncomment them for each GROUP that you want to add
$rule = New-Object System.Security.AccessControl.FileSystemAccessRule("DomainName\GroupName",$Rights, $inherit, $Propagation, $Access)
$acl.AddAccessRule($rule)
$rule = New-Object System.Security.AccessControl.FileSystemAccessRule("DomainName\GroupName",$Rights, $inherit, $Propagation, $Access)
$acl.AddAccessRule($rule)
#Stays in Place to set the owner
$acct=New-Object System.Security.Principal.NTAccount("Builtin\Administrators")
$acl.SetOwner($acct)
#Applies all changes above to the ACL
Set-Acl $file.FullName $acl
Get-Acl $file.FullName | Format-List
}