Read this article if:
- You get a large data array
- The Agent cannot access some of the folders/files due to lack of permissions
- Your users disabled permissions inheritance for some of the folders / files
- You don't want to use Windows built-in tool to massively take ownership and massively grant access to LOCAL SYSTEM (or any other user account running the Agent)
Resilio team have designed a Powershell script to cover this case. The script goes through the target directory recursively and grants explicit "FullAccess" permission to a target user account (LOCAL SYSTEM by default). It allows the Agent to access every file and directory in your dataset once you decide to deliver it with any job.
Get the script in Resilio public Guthib repository. To download it properly from Github open the fix-permissions.ps1
file, click "Raw" button and use "Save as..." menu of your browsers.
Script usage
- Open a powershell window. It is mandatory to run it with elevated privileges ("Run as administrator") to get sufficient permissions to fix permissions.
- Type in the command (replace sample values with yours):
.\fix-permissions.ps1 -Path C:\TestFolders\TestPerms\ -SupportLongPath -Verbose 4> c:\temp\perms.log
where:-Path
specifies the path to the directory which may contain insufficient permissions-SupportLongPath
allows script to enter the directories which path is longer than standard Windows 260 symbols limit-Verbose
forces to display all successful / unsuccessful permissions changes4>
orders the script to save list of successful / unsuccessful permissions changes into a text file
Optional parameter-TargetUser myuser
. If not specified, LOCAL SYSTEM is used.
What script actually does and does not
- It goes recursively over all directories and files and checks if a file/folder can be accessed by LOCAL SYSTEM user account (or any other user specified with
-TargetUser
parameter). - If file / folder does not allow FullAccess to a target user - it explicitly sets it.
- If the script cannot set the FullAccess - it will attempt to make the current user, who runs the script, become owner of the entry, apply the change and switch back to the original owner
- If the script cannot list files in the directory, it will:
- grant the current user FullAccess to the folder
- remove all explicit "Deny" permissions for the folder
- try to list the files again - The script does not change any inheritance flags
- The script does not add any new permissions if the files or folders already have "FullAccess" permission for the
TargetUser
, regardless of this permission being explicit or inherited. - Once done, the script will display a short report about number of successful and unsuccessful permissions changes.