Change NTFS folder Owner using Powershell

In this post a quick way of changing the owner of a ntfs folder is illustrated.

Step1: Get the Acl’s of the folder on which we want to change the owner.
[C:\Users\SivaMulpuru]
PS:1 >$acl = Get-Acl C:\Scripts

List the Acl’s
[C:\Users\SivaMulpuru]
PS:2 >$acl | FL

Path : Microsoft.PowerShell.Core\FileSystem::C:\Scripts
Owner : SivaMulpuru-PC\SivaMulpuru
Group : SivaMulpuru-PC\None
Access : BUILTIN\Administrators Allow FullControl
Everyone Allow FullControl
NT AUTHORITY\SYSTEM Allow FullControl
Audit :

As you can see the owner is set to my user account (SivaMulpuru) and in this case we want to change it to local builtin administrator account

Step2: Set the owner to BuiltIn Admin Account using the SetOwner property.
[C:\Users\SivaMulpuru]
PS:3 >$acl.SetOwner([System.Security.Principal.NTAccount] “Administrators”)

List the Acl’s again
[C:\Users\SivaMulpuru]
PS:4 >$acl | FL

Path : Microsoft.PowerShell.Core\FileSystem::C:\Scripts
Owner : BUILTIN\Administrators
Group : SivaMulpuru-PC\None
Access : BUILTIN\Administrators Allow FullControl
Everyone Allow FullControl
NT AUTHORITY\SYSTEM Allow FullControl
Audit :

we are not done yet, even though the Acl’s list Admin as the owner the value is not effective because the changes are not committed.

Step3: Set-Acl (Very Critical)
[C:\Users\SivaMulpuru]
PS:5 >Set-Acl C:\Scripts $acl

Troubleshooting Tip

If you receive the following error, try running powershell as administrator.
Set-Acl : The security identifier is not allowed to be the owner of this object.

Script

###########################################################################
#
#
NAME: Change Owner of NTFS Container
#
#
AUTHOR: SivaMulpuru
#
#
COMMENT:
#
#
VERSION HISTORY:
#
1.0 6/29/2011 – Initial release
#
#
##########################################################################
$acl = Get-Acl C:\Scripts
$acl.SetOwner([System.Security.Principal.NTAccount] Administrators)
Set-Acl C:\Scripts $acl

#Moving further, Add Access rules
$acl.AddAccessRule((New-Object System.Security.AccessControl.FileSystemAccessRule(Domain-Grp,Modify, ContainerInherit, ObjectInherit, None, Allow)))
Set-Acl C:\Scripts $acl

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s