Adding write permissions to a folder using powershell

As part of our deployment process, we need to give an IIS app pool identity write permissions on a log folder.

There are a few articles describing how to set permissions using powershell, but getting the incantation exactly right was a bit tricky.

So, for future reference, here it is:

function Set-RightsForAppPoolOnLogFolder($appPoolName, $session) {
  Write-Host "Setting app pool identity write rights on log folder"
  
  Invoke-Command -Args $appPool -Session $session -ErrorAction Stop -ScriptBlock {
    param($appPoolName)
    
    $logFolder = "D:\Logs"
    $acl = Get-Acl $logFolder
    $identity = "IIS AppPool\$appPoolName"
    $fileSystemRights = "Write"
    $inheritanceFlags = "ContainerInherit, ObjectInherit"
    $propagationFlags = "None"
    $accessControlType = "Allow"
    $rule = New-Object System.Security.AccessControl.FileSystemAccessRule($identity, $fileSystemRights, $inheritanceFlags, $propagationFlags, $accessControlType)
    $acl.SetAccessRule($rule)
    Set-Acl $logFolder $acl
  }
}

3 thoughts on “Adding write permissions to a folder using powershell

  1. Rob Bell June 17, 2015 / 11:16 am

    What is the $session parameter?

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s