0

I have this script file which is currently doing setting the 'Authenticated Users' permissions for an executable to 'ReadAndExecute' - it works fine on Windows 10, but it needs to work on Windows 7 - and it's not:

$file = (Resolve-Path 'c:\Dir\file.exe').Path; 
$acl = (Get-Item $file).GetAccessControl('Access'); 
acl.SetAccessRuleProtection($True, $True); 
$ar = New-Object System.Security.AccessControl.FileSystemAccessRule('Authenticated Users', 'Write', 'None', 'None', 'Allow'); 
$acl.RemoveAccessRuleAll($ar); 
$ar = New-Object System.Security.AccessControl.FileSystemAccessRule('Authenticated Users', 'Modify', 'None', 'None', 'Allow'); 
$acl.RemoveAccessRuleAll($ar); 
$ar = New-Object System.Security.AccessControl.FileSystemAccessRule('Authenticated Users', 'ReadAndExecute', 'None', 'None', 'Allow'); 
$acl.SetAccessRule($ar); 
Set-ACL -Path $file -AclObject $acl;

This runs, but it doesn't set the permissions for Authenticated Users, if I change the GetAccessControl call to not have the 'Access' parameter, on Win7 I get this error:

The security identifier is not allowed to be the owner of this object.

Is there anyway to achieve what I'm trying to do?

Extra requirements:

  • I cannot install another app on the machine, consider it a vanilla install of Win 7
  • It has to run non-interactively - as it's part of an unattended install script
Improve this question
3
  • Have you tried just using the Set-ACL cmdlet?
    – EBGreen
    Commented Mar 29, 2018 at 13:25
  • @EBGreen - No I hadn't - I'll try that now
    – Charlotte Skardon
    Commented Apr 2, 2018 at 7:00
  • Although - I'm not sure how to use it to do what I'm trying to do - from what I see I need an AclObj - and all the stuff in the middle is just getting the Acl - the last line is where I call Set-ACL - should I do it another way?
    – Charlotte Skardon
    Commented Apr 2, 2018 at 7:03

0

Reset to default

You must log in to answer this question.

Browse other questions tagged .