i'm writing a securityscript that'll reset the access rights as the should be on a directory tree on wich some users have (sadly) to have full-access
Psh is launched with adm privileges through the 2k8 rum panel under an accound that have dom adm and backup operator privileges.
i'm testing on a "worst case scenario" test tree on wich i broke (on purpose) the acls to a state where nobody got access (no DACL at all).
Even if i give to PSh :
get-acl and set-acl behaves like these rigths were not effective :
Set-Acl : Attempted to perform an unauthorized operation.
At line:1 char:8
+ Set-Acl <<<< -AclObject $myacl C:\test_tree
+ CategoryInfo : PermissionDenied: (C:\test_tree:String) [Set-Acl], UnauthorizedAccessException
+ FullyQualifiedErrorId : System.UnauthorizedAccessException,Microsoft.PowerShell.Commands.SetAclCommand
hummmmmmm any idea ?
Does the original get-acl and set-acl cmdlets drops these privileges ?
This is clearly defeating the pupose of the backup/restore privileges...
i'm starting to get a little suspitious....
anyone can help or have ideas please ?
Thanks a lot