I am trying to create a PowerShell script that grants folder permissions to NETWORK SERVICE on different cultures. The main problem is that the NETWORK SERVICE, while present in all installations of Windows, has different names in different cultures, and I don't know how to handle this.
Here is the script I'm using:
$appPath = "C:\SomeFolder"
$Acl = (Get-Item $appPath).GetAccessControl('Access')
$Ar = New-Object System.Security.AccessControl.FileSystemAccessRule("NETWORK SERVICE", "FullControl", "ContainerInherit,ObjectInherit", "None", "Allow")
$Acl.SetAccessRule($Ar)
Set-Acl $appPath $Acl
Now this script works just fine on English versions of Windows. However, when trying to run it on a German version of Windows, I get the following error message (translated from German):
Exception calling "SetAccessRule" with "1" argument(s): "Some or all identity
references could not be translated."
At C:\Experimental Files\GrantFolderPermissions.ps1:7 char:1
+ $Acl.SetAccessRule($Ar)
+ ~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [], MethodInvocationException
+ FullyQualifiedErrorId : IdentityNotMappedException
How can I best handle this so this script will work culture independently?
Use the well-known SID to determine the account name:
$sid = [Security.Principal.SecurityIdentifier]'S-1-5-20'
$acct = $sid.Translate([Security.Principal.NTAccount]).Value
$ace = New-Object Security.AccessControl.FileSystemAccessRule($acct, 'FullControl', 'ContainerInherit,ObjectInherit', 'None', 'Allow')