Get and set folder permission, powershell elevated privileges

01/11/2012 03:10

get-acl -path $webConfigPath

#Equivalent of elevated privileges in C#
         $webConfig=[xml] (get-content -path ($webConfigPath + "\web.config"))
#Setting permission for IIS - only application pool account, because IIS_USRS group contains some invalid members
$appPoolAccount=(Get-SPManagedAccount "Domain\AITCFSPSvc")
$userName = $appPoolAccount.UserName #"Domain\AITCFSPSvc"

$Acl = Get-Acl $mediaFolderPath


#find if user is already in a list. Two matches because of '\' character in $userName

$iisUser=$acl.Access|where-object {$_.IdentityReference -match $user[0] -and $_.IdentityReference -match $user[1]}
if($iisUser -eq $null)

    $AccessRule = New-Object$userName,"FullControl","Allow")

    #or possibly $Acl.RemoveAccessRuleAll() as well.
    Set-Acl -Path $mediaFolderPath -AclObject $Acl
    #$Acl |fl
    write-host $userName " permissions for " $mediaFolderPath " were succesfuly set."

write-host "User " $userName " already has permissions for " $mediaFolderPath "."