Adding permissions to folders on different clients

Hi,

Hope everything is going well.

There's nothing built- into SCCM to control file or folder permissions on managed devices. However, you can easily create a PowerShell script to do this and push this out using SCCM. Alternatively, you can create a package and program in SCCM that runs commands that configure permissions on files and folders.

For example, the PowerShell "set-acl" cmdlet is used to change the security descriptor of a specified item, such as a file, folder or a registry key; in other words, it is used to modify file or folder permissions. The following script sets the "FullControl" permission to "Allow" for the user "UserA" to the folder "FolderX":

$acl = Get-Acl \fs1\shared\FolderX

$AccessRule = New-Object System.Security.AccessControl.FileSystemAccessRule("UserA","FullControl","Allow")

$acl.SetAccessRule($AccessRule)

$acl | Set-Acl \fs1\shared\folder1

We could modify the example and deploy it as package to the clients, and about the detail of how to manage file system ACLs with PowerShell Scripts, please refer to this article:

https://blog.netwrix.com/2018/04/18/how-to-manage-file-system-acls-with-powershell-scripts/

Note: Non-Microsoft link, just for your reference.

Hope it helps. Thanks for your time.

Best regards,

Simon

If the response is helpful, please click "Accept Answer" and upvote it.

Note: Please follow the steps in our documentation to enable email notifications if you want to receive the related email notification for this thread.

After the way you tag questions on Q&A is updated, for any "Microsoft Configuration Manager" related problem, you can tag it with "Microsoft Intune", and then "Microsoft Configuration Manager" as the child tag.