Category Archives: Tools

Using Saved Credentials in a Powershell Script

Posted on by
Reply

Purpose

Credentials stored in plain text format in a Powershell script is a security issue that needs to be avoided. This Technote describes a way to save the password in a file as a secure string which can be read back into a script for authentication.

Procedure

Check out this great post on this subject.

https://blog.kloud.com.au/2016/04/21/using-saved-credentials-securely-in-powershell-scripts/

ICACLS Copying Permissions from One Folder to Many Folders Without using Inheritance

Posted on by
Reply

ICACLS is another great command line tool but it can be a bit quirky, especially if you use the wrong character set.

My challenge was to copy the permissions from one folder to several other folders without using inheritance. I could have done this manually, but because I had to process hundreds of folders this would have taken several hours and I would have gotten a headache from clicking the same buttons over and over again.

So I decided to use ICACLS instead (this was on Windows Server 2008 R2).

Here is the Step-by-Step approach. NOTE: Make sure to use Unicode when you generate the ICACLS input file.

  1. Manually set the permissions on your folder that will serve as a template for all other folders. Example: E:\shared\template
  2. Run icacls with the /save option to save the permssions:
  3. icacls E:\shared\template /save template.txt
  4. now using Powershell get-childitem I retrieved the names of all of the folders that require the new permissions.
  5. Get-childitem -Path <pathname>|select-object Name
  6. I then copy the results of this command into a Text Editor. Example:
  7. Get-childitem -Path E:\Targetfolders|select-object Name
  8. Open the file template.txt generated in the step above and copy the line that looks similar to this into your Clipboard:
    D:PAI(D;;DTSD;;;S-1-5-21-<SID>)(A;OICI;FA;;;SY)(A;OICI;FA;;;S-1-5-21-<SID>)(A;OICI;FA;;;S-1-5-21-<SID>)(A;OICI;FA;;;DA)(A;OICI;FA;;;BA)
  9. Paste this line underneath the folder names
  10. Save the file.
    NOTE: Make sure you save it in Unicode (UTF-16) format. If you do not then ICACLS will generate an error. I personally used my favorite editor Notepad++ and selected Encoding->Encode in ECS-2 Little Endian.
    The error will look something like this:
  11. Once this is complete you can run icacls /restore to copy the permissions
    icacls E:\Targetfolders\ /restore E:\templates\template.txt

NOTE: There may be a way to output the get-childitem results directly to a Unicode format file, but I did not have the time to research this.