Is there a simple way to change all the current Users / Lists / Groups within the UAC of a folder (or set of folders) to Read Only / File Read?
We need this for our Archives. I already have a PowerShell script that will move the folders into the Archive locations, but would like to add an option to make the entire project read only in the same process.
As i'm not Adding or Removing any groups or users, im hoping there might be a quick option rather than Getting all of the groups and applying the change one by one through a loop.
I have tried to use the Update-PWFolderSecurity cmdlet but it wants me to provide the MemberType and Name
Am i on the right track with my thinking here? Again essentially what i'm trying to do is change all of the current Userlists / users / Groups to read only, essentially changing the checkbox items to Folder Read, File Read but leaving the groups themselves unchanged.
New-PWLogin -BentleyIMS $PWfolders = Get-PWFolders -FolderPath '\Archives\' -slow -Verbose foreach($folder in $PWfolders){ $UAC = Get-PWFolderSecurity -InputFolder $folder #loop through each item in the UAC and reset to Folder Read and File Read foreach($items in $UAC){ Update-PWFolderSecurity -InputFolder $folder } }
Something like the following should work. There is no need to use the -Slow switch parameter when getting the folders. Hope this helps.
$FolderPath = 'Archives' $PWfolders = Get-PWFolders -FolderPath $FolderPath -Verbose $ProjectAccessString = '----r------' $DocumentAccessString = '----r--R---' foreach($folder in $PWfolders){ # break $UAC = Get-PWFolderSecurity -InputFolder $folder #loop through each item in the UAC and reset to Folder Read and File Read foreach($item in $UAC){ # break $Splat_Update = @{ InputFolder = $folder MemberType = $item.Type MemberName = $item.Name } if($item.SecurityType -eq 'Document'){ $Splat_Update.DocumentSecurity = $true $Splat_Update.MemberAccessString = $DocumentAccessString } else { $Splat_Update.FolderSecurity = $true $Splat_Update.MemberAccessString = $ProjectAccessString } Update-PWFolderSecurity @Splat_Update -Verbose } }
Answer Verified By: Robert Golding
Thanks Brian, works perfectly and exactly what i was trying to do!
I'm not too concerned with Inheritance for this particular instance. I assumed it would break it since we're applying permissions to folders, you cant set permissions plus have inheritance right?.
A nice option would be to nice to skip inherited folders as the end result would be the same (read only as its inherited and from above), but that's probably a topic for a different question.
If you update line 8 as follows then you will only be updating access control on folders where it is currently set. Subfolders will inherit that without explicitly setting it on every folder.
$UAC = $Folder | Get-PWFolderSecurity | Where-Object -Property InheritingFrom -eq 'none (folder own permissions)'
Works perfectly! Thanks guys, much appreciated
nice, thanks for that