As part of our deployment process, we need to give an IIS app pool identity write permissions on a log folder.
There are a few articles describing how to set permissions using powershell, but getting the incantation exactly right was a bit tricky.
So, for future reference, here it is:
function Set-RightsForAppPoolOnLogFolder($appPoolName, $session) { Write-Host "Setting app pool identity write rights on log folder" Invoke-Command -Args $appPool -Session $session -ErrorAction Stop -ScriptBlock { param($appPoolName) $logFolder = "D:\Logs" $acl = Get-Acl $logFolder $identity = "IIS AppPool\$appPoolName" $fileSystemRights = "Write" $inheritanceFlags = "ContainerInherit, ObjectInherit" $propagationFlags = "None" $accessControlType = "Allow" $rule = New-Object System.Security.AccessControl.FileSystemAccessRule($identity, $fileSystemRights, $inheritanceFlags, $propagationFlags, $accessControlType) $acl.SetAccessRule($rule) Set-Acl $logFolder $acl } }