I’m having some trouble finding the correct command for setting some permissions.
On of our vendor applications creates a folder named C:\ProgramData\Teleservices
Inside the C:\ProgramData\Teleservices folder the Authenticated Users group need Full Control on all newly created folders and files only, like in the screenshot which I added as an example, but I’m struggling to get the correct command.
Do I really need the -Inheritance parameter ? Also, what is are the parameters for the the checkboxes when using the GUI in Windows Explorer for setting permissions:
Replace all child object permission entries with inheritable permission entreis from this object
Only apply these permissions to objects and/or containers within this container
Normally I just add the user or groups and set the basic permissions like Full Control/Modify/Read etc and select one of the options in the Applies to: dropdown list, like in the second screenshot.
EDIT: How do I insert powershell code into a topic ?
If you use the Preformatted Text button on the toolbar “<\>” or Press Ctrl+e it will create a code block into which you can paste your code - just replace the “type or paste code here” with your code
and Run selection, I get the error: The specified path does not exist.
When I change $envAllUsersProfile to $env:AllUsersProfile then the command runs perfectly. I’m a bit confused now what to use in the final script, $env or $env: with the colon ?
Thanks for the suggestion, but I tried that already, but does not work either. See the screenshot. The specified path does not exist, but I created the C:\ProgramData\Teleservices folder myself in Windows Explorer.
The problem is that I just want to test all my commands which I put in the Invoke-AppDeployToolkit.ps1 script by selecting the command and then press the “Run selection (F8)” button in PowerShell ISE. I do this on a packaging vm where the complete PSADT v4 is on and imported in the powershell profile ( Intellisense on PSADT in PowerShell ISE • Christian Nyhuus)
This sets Full control for the Authenticated Users group for subfolders and files only. So all new folders within the C:\ProgramData\Teleservices folder, the Authenticated Users group will have Full control permissions.
Well done @MRE and thanks for sharing your workings, great for other users to see this
A couple of (PowerShell variable) tips:
If you are using variables within a string (such as $envAllUsersProfile), You discovered the normal PowerShell behaviour - if you use single quotes '$envAllUsersProfile' the variable is not expanded (it effectively acts as a piece of ‘dumb’ text), whereas if you use double quotes "$envAllUsersProfile\Teleservices" the result is the variable is expanded so you get the actual path returned e.g. C:\ProgramData\Teleservices.
If the expanded variable contains spaces this can cause some complications, so it is often better to wrap the variable within $() - This is handy when you want to use the expanded variable in a string (maybe within a log)
So I’d suggest getting in the habit of using this when you are creating a string like this, as it reduces issues later - example: "$($envAllUsersProfile)\Teleservices"
P.S. As you have kind of already found $envAllUsersProfile is the PSADT toolkit environment variable for C:\ProgramData\ $env:AllUsersProfile is the standard PowerShell variable for C:\ProgramData\
You can learn more about PSADT variables in the reference page here:
or you can specifically find environment vairables lower in the page (here for reference: Variables · PSAppDeployToolkit)
Finally, There are many features of the modern PSADT (v4.x) that the don’t work that well in PowerShell ISE (as PowerShell ISE is a dormant Microsoft product so doesn’t know how to handle some of the modern PowerShell capabilities being used in later version of PSADT).
I’d strongly advise using a more modern editor such a Visual Studio Code. This is updated regularly (new version at least every month). This Microsoft app / tool is available free, here:
@Adrian_Scott Thanks for the suggestions. I will look into that and I remember using the $() before in my scripts. What you are saying is: always use $() for your variables ?
I’m working in an entirely closed environment so VS Code is no option unfortunately
Sort of…
always use $() for your variables when including them as part of a string
so for example, you don’t need to use it when used on it’s own
if (Test-Path $envAllUsersProfile) {
# Path exists
Write-Output "The path exists"
} else {
# Path does not exist
Write-Output "The path does not exist"
}
Where as if you are using it as part of a string (inside double quotes is a good indicator), I’d suggest wrapping in $() - Consider also if you are making the variable part of an output string as in my output below
if (Test-Path "$($envAllUsersProfile)\Teleservices") {
# Path exists
Write-Output "The path $($envAllUsersProfile) exists"
} else {
# Path does not exist
Write-Output "The path $($envAllUsersProfile) does not exist"
}
