/build/static/layout/Breadcrumb_cap_w.png

Give users write access to a folder the easy way

With our Windows 7 roll out we removed users admin rights, but that have been giving some problems with older software that would like to write into the program files folder insted of the users appdata folder

An easy fix for this is this script I've created and I just wanted to share it if it could help some of you guys =)

The script set the "administrator group" as owner of the folder (I've run into problems if that wasn't done first on some folders) and then give "users" write access to the folder and all sub folders

This can be run when logged in as a user aswell, just open a cmd with administrator privileges and run the command.

from a cmd run this command:

PowerShell.exe -ExecutionPolicy Bypass -file SetACL.ps1

and the SetACL.ps1 script:

###################################################################
# Set ACL on a folder and Make Administrators owner of the folder #
# By René Meyer - 2012 #
###################################################################
Function SetACL {
param($Argument1)
Add-Content C:\CH-Group\Install\Status.txt "`n"
# Take ownership by the administrator group
    Add-Content C:\CH-Group\Install\Status.txt "Setting Administrators as owner of folder: $Argument1"
    takeown /F ""$Argument1"" /A
    $LastExitCode
    If ($LastExitCode -ne 0) {
        Add-Content C:\CH-Group\Install\Status.txt "ERROR setting 'Administrators' as owner of folder: $Argument1"
         $ErrorCounter = $ErrorCounter + 1  
    }

# Set Users to write access and SYSTEM/Administrators to Full access
    Add-Content C:\CH-Group\Install\Status.txt "Setting ACL on folder: $Argument1 (User:Write, Administrators:Full, SYSTEM:Full)"
    cacls ""$Argument1"" /T /c /E /g Users:C Administrators:F SYSTEM:F
    $LastExitCode
    If ($LastExitCode -ne 0) {
        Add-Content C:\CH-Group\Install\Status.txt "ERROR setting ACL on folder: $Argument1 (User:Write, Administrators:Full, SYSTEM:Full)"
         $ErrorCounter = $ErrorCounter + 1
    }

}
$FolderPath=read-host "Please type folder to update rights for: "

#############################
#Enable users to write to the folder           #
#############################
if (test-path "$FolderPath")
{
SetACL "$FolderPath"
}

You can also add this script to a unattended installation by replacing the last 4 lines wit:

if (test-path "C:\Program Files (x86)\Your Program path")
{
SetACL "C:\Program Files (x86)\Your Program path"
}

And remove this line:

$FolderPath=read-host "Please type folder to update rights for: "

I hope this can save you some time at least :)

 

- René


Comments

  • The only problems my company has run into with programs requiring admin rights to operate properly is Autodesk Software. I am curious if this will work with these programs. As of now, our entire Engineering department is set as local admin due to this conflict. It would be great to eliminate this issue if at all possible. - matthew.graffeo-fww 9 years ago
This post is locked

Don't be a Stranger!

Sign up today to participate, stay informed, earn points and establish a reputation for yourself!

Sign up! or login

Share

 
This website uses cookies. By continuing to use this site and/or clicking the "Accept" button you are providing consent Quest Software and its affiliates do NOT sell the Personal Data you provide to us either when you register on our websites or when you do business with us. For more information about our Privacy Policy and our data protection efforts, please visit GDPR-HQ