PowerShell Add Group to ACL

        #--------- Designed to add a SYSTEM group with full access to multiple sub-folders SWH---12/9/2014------------
        # Test 1) Create a folder called C:\Test with default groups.
        # Create three sub folders within C:\Test called A, B, C.
        # Remove inheritance on folder A and set folder ACL to have Users, System, Domain Admins, Administrators
        # Run the scripts and will see that the inheritence is not altered on A, B or C 
        # The Domain Admins group is added to folders B and C with full control because it did not exist there.
        # Test 2) After step 1 is done remove the Domain Admins Group from Folder A that does not have inheritance.
        # Run the script again and the Domain Admins groups is now added to Folder A and does not change any
        # pervious inheritiance settings on A, B or C.
        # Can easiy change the name of the group to have it apply a different group to ACL as needed.
        # Like Change "Domain Admins" to "System" throughout the script. And have tested in UNC paths.
        #------------Set Parent Folder Name ----------------
$FolderList=Get-ChildItem C:\Test
        #------------------------Loop through Each Sub Folder Name---------------------------------
  foreach ($Folder in $FolderList) {
        #------------------Grab ACL on Sub Folder-------------------------
  $MyChecker = get-acl "C:\Test\$Folder" | select AccesstoString -ExpandProperty Accesstostring 
        #--------------See if Account Exists on ACL---------------------
  if($MyChecker -like "*Domain Admins*")

        #----If Found Then Do Nothing--------- 

        # -----------------If User Account Not Found Add to Folder ACL--------------
  $acl = Get-Acl "C:\Test\$Folder" 
        $rule = New-Object System.Security.AccessControl.FileSystemAccessRule("Domain Admins","FullControl", "ContainerInherit, ObjectInherit", "None", "Allow") 
        Set-Acl "C:\Test\$Folder" $acl

Write-Host "Domain Admins Account Was was added to C:\Test\$Folder and Inheritance was not altered"


2020 | Scott W. Head  |  Sr. Systems Admin | Certified Microsoft Windows Server Administrator