I wish to disable ACL inheritance on a group of subfolders, while retaining existing permissions.
To this end, I'm running this snippet:
gci | % {
$Acl = Get-Acl $_
$Acl.SetAccessRuleProtection($true, $true)
Set-Acl $_ $Acl
}
For each subfolder, an error occurs:
Set-Acl : Cannot set the ACL because the method that it needs to invoke, SetSecurityDescriptor, does not exist.
I found this similar question, but it's not quite an exact duplicate. OP intends to clear all permissions; I would like to retain them.
Also: OP states "I got rid of the error message," but doesn't reveal how he managed to do so
How can I use PowerShell to accomplish this?
There are a number of problems with Set-Acl. I typically try to rely on .NET for ACL work:
try {
$FileSystemObject = (Get-Item '.\accessibilitycpl.dll')
$Acl = $FileSystemObject.GetAccessControl()
$Acl.SetAccessRuleProtection($true,$false)
$FileSystemObject.SetAccessControl($Acl)
} catch {
## Catch exceptions!
}