Setting ACLs

I’m trying to set some ACL’s on the deployment folder via a PostDeploy.ps1 file but can’t seem to pull it off. It appears to maybe be a UAC type of issue. Here is the code I’m attempting to run in the ps1 file:

# Get an ACL object for the deployment folder.
$acl = Get-Acl .

#$acl.GetAccessRules($true, $true, [System.Security.Principal.NTAccount])

# Remove inheritance
$acl.SetAccessRuleProtection($True, $False) | Write-Host

# Setup Read/Execute permission for AppPool identity
$rule = New-Object System.Security.AccessControl.FileSystemAccessRule("IIS AppPool\ap_pms","ReadAndExecute", "ContainerInherit, ObjectInherit", "None", "Allow")

# Apply the rule
$acl.AddAccessRule($rule)

This code executes with no errors but also nothing happens. None of the ACL’s are applied. It seems it would have to run with elevated permissions, possibly as an Administrator? Not sure though? Any advice?

Ok, sorry. This works perfectly if you have the script right! Here is a working script if anyone is trying to do this kind of thing:

# Get an ACL object for the deployment folder.
$acl = Get-Acl .

# Remove inheritance
$acl.SetAccessRuleProtection($True, $False)

# Give Admins full control
$rule = New-Object System.Security.AccessControl.FileSystemAccessRule("Administrators","FullControl", "ContainerInherit, ObjectInherit", "None", "Allow")
$acl.AddAccessRule($rule)

# Setup Read/Execute permission for AppPool identity
$rule = New-Object System.Security.AccessControl.FileSystemAccessRule("IIS AppPool\ap_poolname","ReadAndExecute", "ContainerInherit, ObjectInherit", "None", "Allow")
$acl.AddAccessRule($rule)

# Apply the rules! Turns out this is important :)
Set-Acl . $acl

Hi James, glad you were able to find a solution to this.

Paul