In this post http://richardsiddaway.spaces.live.com/blog/cns!43CFA46A74CF3E96!800.entry I showed how to set the permissions on AD objects such that objects inherit permissions from their parent.

I had a message sent through my blog asking how this could be applied to a file on a NTFS file system.  The first thing to note is that the file cannot be accessed through LDAP in the same way as an AD object.  Instead we have to use the NTFS permissions.  With PowerShell this is easy due to the Get-Acl cmdlet.

We start by get the ACLs for the file

PS> $acl = Get-Acl file.txt
PS> $acl.areaccessrulesprotected
True
PS> $isProtected = $false
PS> $preserveInheritance = $true
PS> $acl.SetAccessRuleProtection($isProtected, $preserveInheritance)
PS> $acl.areaccessrulesprotected
False
PS> Set-Acl -Path file.txt -AclObject $acl
PS>

The property that we are interested in is areaccessrulesprotected - true means that permissions are not inherited.  So we set a couple of boolean objects.  $isProtected = $false allows inheritance.  $preserveinheritance is actually ignored.

We then use SetAccessRuleProtection() to set the new permissions so inheritance is allowed.   Final step is to use Set-Acl to actually apply the permissions as shown.

Could I ask that if you leave me message and want a reply then please set your communication preferences to allow me to reply.

Share this post :