I’m a Linux guy tasked with doing a Windows thing so I’m out of my element, but basically I need to recursively remove all existing rights to all directories, subdirectories, and files starting at a parent, and replace them with full access for domain admin and read only for domain users.
I’ve went at it the best I could using google and trying to draw from my limited powershell experience from roughly 4 years ago but I’m hitting dead ends on every script a find that is supposed to solve this problem, and I can’t get past the errors. Strangely enough it will sometimes do it for one folder, and it has also done it on all of them once to the point I thought it was working, but it is inconsistent and inconsistency doesn’t even sound possible to me but it’s happened before my eyes.
Here is what I have so far: https://pastebin.com/A6cSjyUg
Here is the only error output I am recieving: Cannot convert argument “0”, with value: “System.Security.AccessControl.DirectorySecurity”, for “SetAccessControl” to type “System.Security.AccessControl.FileSecurity”: “Cannot convert the “System.Security.AccessControl.DirectorySecurity” value of type “Syste m.Security.AccessControl.DirectorySecurity” to type “System.Security.AccessControl.FileSecurity”.” At D:codesetpermsv2.ps1:26 char:42 + (get-item $dir.fullname).SetAccessControl <<<< ($acl) + CategoryInfo : NotSpecified: (:) , MethodException + FullyQualifiedErrorId : MethodArgumentConversionInvalidCastArgument
I get that error on every iteration of the loop. Does anybody have any ideas? Set-Acl related solutions fail on me every single time with permission issues, regardless of the elevation I run from.