I'm trying to change the owner of multiple directories and also change permissions. I am able to successfully change the permissions by getting the acl on the dir/file, creating a file system access rule, adding the rule and
then setting the acl. For setting the owner, I get-acl on the filename, create an NTAccount, translate into security identifier to make sure the account is valid, then I use SetOwner on the acl, and invoke set-acl which fails with the following
error: "Set-Acl : The security identifier is not allowed to be the owner of this object".
Here is an example of my code for setting the owner:
$acl = Get-Acl -path $fileName
$account = New-Object System.Security.Principal.NTAccount("DomainExample",$userName)
$accountSid = $account.Translate([System.Security.Principal.SecurityIdentifier])
$acl.SetOwner($account) // this works ok and sets the owner in memory I suppose
Set-Acl -path $fileName -aclObject $acl // this fails with the error mentioned above
I am running the PowerShell terminal as a user who has permissions to give
ownership. Also if I use the Windows GUI, it works fine. Any ideas/help will
be greatly appreciated.