Get and set folder permission, powershell elevated privileges
get-acl -path $webConfigPath
#Equivalent of elevated privileges in C#
[void][System.Reflection.Assembly]::LoadWithPartialName("Microsoft.Sharepoint")
[Microsoft.SharePoint.SPSecurity]::RunWithElevatedPrivileges(
{
$webConfig=[xml] (get-content -path ($webConfigPath + "\web.config"))
}
)
#Setting permission for IIS - only application pool account, because IIS_USRS group contains some invalid members
$mediaFolderPath="c:\media\video"
$appPoolAccount=(Get-SPManagedAccount "Domain\AITCFSPSvc")
$userName = $appPoolAccount.UserName #"Domain\AITCFSPSvc"
$user=$userName.Split('\')
$Acl = Get-Acl $mediaFolderPath
#find if user is already in a list. Two matches because of '\' character in $userName
$iisUser=$acl.Access|where-object {$_.IdentityReference -match $user[0] -and $_.IdentityReference -match $user[1]}
if($iisUser -eq $null)
{
$AccessRule = New-Object system.security.accesscontrol.filesystemaccessrule($userName,"FullControl","Allow")
$Acl.SetAccessRule($AccessRule)
#$Acl.RemoveAccessRule($AccessRule)
#or possibly $Acl.RemoveAccessRuleAll() as well.
Set-Acl -Path $mediaFolderPath -AclObject $Acl
#$Acl |fl
write-host $userName " permissions for " $mediaFolderPath " were succesfuly set."
}
write-host "User " $userName " already has permissions for " $mediaFolderPath "."