Is there a simple way to change all the current Users / Lists / Groups within the UAC of a folder (or set of folders) to Read Only / File Read?
We need this for our Archives. I already have a PowerShell script that will move the folders into the Archive locations, but would like to add an option to make the entire project read only in the same process.
As i'm not Adding or Removing any groups or users, im hoping there might be a quick option rather than Getting all of the groups and applying the change one by one through a loop.
I have tried to use the Update-PWFolderSecurity cmdlet but it wants me to provide the MemberType and Name
The PowerShell help is relatively clear about how to use the MemberType and Name parameters. As for the userlist and group aspects of your security, the following cmdlets may help:
Update-PWFolderSecurityByGroupSwapWithWorkflow
Update-PWFolderSecurityByUserListSwap
Update-PWFolderSecurityByUserListSwapWithWorkflow
The idea would be to swap current groups and user lists with those that have the more restrictive access.
Mark Weisman | Bentley Systems
Hey Mark, Thanks for the reply.
I'm more looking to change the current groups access from whatever permissions they currently have, to read only. So essentially change the check boxes within the access control but keep the memberships the same.
As I'm not changing any memberships, i was hoping there would be a relatively straight forward. but thought id ask before trying to write a script.
Am i on the right track with my thinking here? Again essentially what i'm trying to do is change all of the current Userlists / users / Groups to read only, essentially changing the checkbox items to Folder Read, File Read but leaving the groups themselves unchanged.
New-PWLogin -BentleyIMS $PWfolders = Get-PWFolders -FolderPath '\Archives\' -slow -Verbose foreach($folder in $PWfolders){ $UAC = Get-PWFolderSecurity -InputFolder $folder #loop through each item in the UAC and reset to Folder Read and File Read foreach($items in $UAC){ Update-PWFolderSecurity -InputFolder $folder } }
Something like the following should work. There is no need to use the -Slow switch parameter when getting the folders. Hope this helps.
$FolderPath = 'Archives' $PWfolders = Get-PWFolders -FolderPath $FolderPath -Verbose $ProjectAccessString = '----r------' $DocumentAccessString = '----r--R---' foreach($folder in $PWfolders){ # break $UAC = Get-PWFolderSecurity -InputFolder $folder #loop through each item in the UAC and reset to Folder Read and File Read foreach($item in $UAC){ # break $Splat_Update = @{ InputFolder = $folder MemberType = $item.Type MemberName = $item.Name } if($item.SecurityType -eq 'Document'){ $Splat_Update.DocumentSecurity = $true $Splat_Update.MemberAccessString = $DocumentAccessString } else { $Splat_Update.FolderSecurity = $true $Splat_Update.MemberAccessString = $ProjectAccessString } Update-PWFolderSecurity @Splat_Update -Verbose } }
Answer Verified By: Robert Golding
Does this break inheritance on every folder?