Setting the Owner on a folder with Powershell

Good morning everyone,

I have been using Set-Owner.ps1 in a few user account creation scripts for their home folders, but I run into an issue on setting the Owner (and NTFS permissions) at remote sites due to replication not happening fast enough.

My solution was to switch from using the new user account’s sAMAccountName, directly to the SID of the user, since the errors I kept receiving on the remote server were in relation to not being able to translate the sAMAccountName.

This was easy enough for the NTFS permissions, but Set-Owner seemed to specifically be designed to accept a Principal Name. I did some digging and found some info on stack exchange talking about setting owner, and it had the following:

$Account = New-Object -TypeName System.Security.Principal.NTAccount -ArgumentList $username
$ACL = $null
$ACL = Get-Acl -Path $\serverhomefolderpath
$ACL.SetOwner($Account)
Set-Acl -Path $\serverhomefolderpath -AclObject $ACL

I did some research on System.Security.Principal, and found that Principal has a SecurityIdentifier class. I ended up swapping at in and came up with this:

$Account = New-Object -TypeName System.Security.Principal.SecurityIdentifier -ArgumentList $userSID
$ACL = $null
$ACL = Get-Acl -Path $\serverhomefolderpath
$ACL.SetOwner($Account)
Set-Acl -Path $\serverhomefolderpath -AclObject $ACL

And it seems to be working. But I am worried that I’m missing something because of how much stuff Set-Owner.ps1 is doing internally that I am just skipping. Anyone have any thoughts on this?

Thanks!!

submitted by /u/Raynefire
[link] [comments]

Leave a Reply