get/set privilege not effective

Topics: Developer Forum, User Forum
Aug 6, 2010 at 7:45 AM

Hello guys,

 i'm writing a securityscript that'll reset the access rights as the should be on a directory tree on wich some users have (sadly) to have full-access

 Psh is launched with adm privileges through the 2k8 rum panel under an accound that have dom adm and backup operator privileges.

 i'm testing on a "worst case scenario" test tree on wich i broke (on purpose) the acls to a state where nobody got access (no DACL at all).

 Even if i give to PSh :






set-privilege $priv;


SeBackupPrivilege                        Enabled

SeRestorePrivilege                       Enabled

SeTakeOwnershipPrivilege            Enabled

SeSecurityPrivilege                       Enabled


get-acl and set-acl behaves like these rigths were not effective :


Set-Acl : Attempted to perform an unauthorized operation.

At line:1 char:8

+ Set-Acl <<<<  -AclObject $myacl C:\test_tree

    + CategoryInfo          : PermissionDenied: (C:\test_tree:String) [Set-Acl], UnauthorizedAccessException

    + FullyQualifiedErrorId : System.UnauthorizedAccessException,Microsoft.PowerShell.Commands.SetAclCommand


hummmmmmm any idea ?

Does the original get-acl and set-acl cmdlets drops these privileges ?

This is clearly defeating the pupose of the backup/restore privileges...


i'm starting to get a little suspitious....


anyone can help or have ideas please ?


Thanks a lot