Setting folders ACL for local groups

Question

i need to grant permissions of a couple of local folders for a specific local group. I'm using System.Security.AccessControl.FileSystemAccessRule. And it looks like this:

$aclFolders =  Join-Path -Path $env:windir -ChildPath "\temp\"
$group = "sql\IIS_IUSRS"
$Acl = Get-Acl $aclFolders
$Ar = New-Object System.Security.AccessControl.FileSystemAccessRule($group, "FullControl", "ContainerInherit,ObjectInherit", "None", "Allow")
$Acl.SetAccessRule($Ar)
Set-Acl $aclFolders $Acl

sql\IIS_IUSRS is a local group If I run the script on it (or even with sql\Administrators) i get this:

Exception calling "SetAccessRule" with "1" argument(s): "Some or all identity references could not be translated." At C:\projects\dsc.quickstart\sitecore-web-role\install.ps1:16 char:1 + $Acl.SetAccessRule($Ar) + ~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : NotSpecified: (:) [], MethodInvocationException + FullyQualifiedErrorId : IdentityNotMappedException

I'm wondering if that function would only work with users and not also with groups. Thanks for your help in advance.

Answer 1

On W10 systems rolled out in their own language it fails as well. "Everyone" is not translated to "Iedereen" So for standard SID's better Use the GUI

$acl = Get-Acl -Path <FolderName> 

$objSID = New-Object System.Security.Principal.SecurityIdentifier ("S-1-1-0")
$objUser = $objSID.Translate( [System.Security.Principal.NTAccount])
$Name = $objUser.Value


Write-Host $Name #will show translated sid in local language
        $InheritanceFlag = @([System.Security.AccessControl.InheritanceFlags]::ContainerInherit,[System.Security.AccessControl.InheritanceFlags]::ObjectInherit)
        $PropagationFlag = [System.Security.AccessControl.PropagationFlags]::None
        $rule = New-Object System.Security.AccessControl.FileSystemAccessRule ("$Name","FullControl",$InheritanceFlag,$PropagationFlag,"Allow")
        $acl.SetAccessRule($rule)
        Set-Acl -Path <FolderName> -AclObject $acl -Verbose -ErrorAction Stop