Adding write permissions to a folder using powershell

Graham Hay

As part of our deployment process, we need to give an IIS app pool identity write permissions on a log folder.

There are a few articles describing how to set permissions using powershell, but getting the incantation exactly right was a bit tricky.

So, for future reference, here it is:

function Set-RightsForAppPoolOnLogFolder($appPoolName, $session) {
  Write-Host "Setting app pool identity write rights on log folder"
  
  Invoke-Command -Args $appPool -Session $session -ErrorAction Stop -ScriptBlock {
    param($appPoolName)
    
    $logFolder = "D:\Logs"
    $acl = Get-Acl $logFolder
    $identity = "IIS AppPool\$appPoolName"
    $fileSystemRights = "Write"
    $inheritanceFlags = "ContainerInherit, ObjectInherit"
    $propagationFlags = "None"
    $accessControlType = "Allow"
    $rule = New-Object System.Security.AccessControl.FileSystemAccessRule($identity, $fileSystemRights, $inheritanceFlags, $propagationFlags, $accessControlType)
    $acl.SetAccessRule($rule)
    Set-Acl $logFolder $acl
  }
}

3 thoughts on “Adding write permissions to a folder using powershell

  1. Pingback: Adding a domain user to a local group using PowerShell « Look on my works, ye Mighty, and despair!
  2. Rob Bell's avatar Rob Bell June 17, 2015 / 11:16 am

    What is the $session parameter?

    Reply

Leave a reply to Rob Bell Cancel reply