Tranquil IT Forum

Contact us
at https://forum.tranquil.it/

Add permissions to a folder

https://forum.tranquil.it/viewtopic.php?t=2439

Page 1 of 1

Add permissions to a folder

Published: June 25, 2020 - 4:46 PM
by Gaetan
Hello everyone,
During the installation of certain software, the end user will need permissions on the folder.
However, in a context where the user is not an administrator, this poses a problem.

The solution I use is as follows:
- a package that installs a PowerShell module (which is therefore made a dependency of the software)
- a script to change the permissions.

Rights are given on 1 specific folder, for authenticated users (can be changed by any other group).

The PowerShell module is NTFSSecurity, available here: https://gallery.technet.microsoft.com/s ... dbb2b84e85

The package used to install it contains this code:

Code: Select all

# -*- coding: utf-8 -*-
from setuphelpers import * 

uninstallkey = []

targetPWSH = makepath(programfiles,'WindowsPowerShell\Modules\NTFSSecurity')
folderPWSH = 'NTFSSecurity'

def install():

    #copie du module Powershell
    if (isdir(targetPWSH) != True) :
        mkdirs(targetPWSH)
        copytree2(folderPWSH,targetPWSH)
The PowerShell script used is as follows:

Code: Select all

#Autorisation d'accès au dossier pour les utilisateurs loggés
Install-Module NTFSSecurity
$Path = "CHEMIN DU DOSSIER POUR LES DROITS"

#Désactivation de l'héritage
Get-Item $Path | Disable-NTFSAccessInheritance
Add-NTFSAccess –Path $Path -Account "Utilisateurs authentifiés" -AccessRights FullControl
In the WAPT package, you simply need:
- To make your NTFSSecurity installation package a dependency,
- Place a .ps1 file with the PowerShell code at the top,
- Run the script in your def install() function with the command:

Code: Select all

run('powershell.exe -NoProfile -NonInteractive -executionpolicy bypass -File FICHIER.ps1')
Hopefully this helps.

Re: Adding permissions to a folder

Published: June 25, 2020 - 5:05 PM
by nliaudat
Or there's the good old iCalcs method:

#https://support.microsoft.com/fr-fr/hel ... ng-systems

Code: Select all

    print('Restricting permissions')
    run(r'icacls.exe "%s" /inheritance:d' % install_dir)
    run(r'icacls.exe "%s" /remove:g "*S-1-5-32-545" /t /c /q' % install_dir) #user
    run(r'icacls.exe "%s" /remove:g "*S-1-5-11" /t /c /q' %  install_dir) #authenticated user
    run(r'icacls.exe "%s" /remove:g "*S-1-5-1" /t /c /q' %  install_dir) #remote
    run(r'icacls.exe "%s" /remove:g "*S-1-1-0" /t /c /q' %  install_dir) #everybody

Re: Adding permissions to a folder

Published: June 26, 2020 - 09:18
by Gaetan
Thanks for the info =)
Does it work well when inheritance is present?

Re: Adding permissions to a folder

Published: June 26, 2020 - 09:42
by nliaudat
Perfectly:

Code: Select all

  iCACLS.exe /inheritance:e|d|r
          e - Enable inheritance
          d - Disable inheritance and copy the ACEs 
          r - Remove all inherited ACEs

Re: Adding permissions to a folder

Published: June 26, 2020 - 09:53
by Gaetan
Thanks so much.
I'll try that, it'll be simpler. ;)

Re: Adding permissions to a folder

Published: July 1, 2020 - 10:57 AM
by Gaetan
It works for me, thanks for the tip ;)

I used it like this:

Code: Select all

run(r'icacls.exe "%s" /inheritancelevel:d /grant *S-1-5-11:(M) /t /C /q' %  TargetLogiciel)
Time zone set to UTC+02:00
Page 1 of 1

Developed by phpBB® Forum Software © phpBB Limited

Official French translation © Qiaeru