- HelloID Directory Agent
- The HelloID Service account requires the following permissions:
- Write Access on the folder (NTFS permissions, so not Share permissions on the Share).
- When applicable Write Access on the folder/share itself (Share permissions, not NTFS permissions on the folder(s)).
- Some knowledge of NTFS file permissions
Managing permissions (ACL) for NTFS folders can be quite extensive, and the possibilities are very widespread. It is mostly recommended to use only Basic Permissions ['FullControl', 'Modify', 'ReadandExecute', 'Read', 'Write']. In addition to the ACL, you also need to take note of inheritance. The snippet uses the defaults when you set permissions in the UI, which is sufficient in most cases. More information can be found on the Microsoft docs: Set-ACL-Cmlet, FileSystemAccessRule or FileSystemRights Enum
This code snippet executes the following tasks:
- Define a hash table
$formObject. The keys of the hash table represent the properties of theSet-ACLcmdlet, while the values represent the values entered in the form.
To view an example of the form output, please refer to the JSON code pasted below.
{
"DisplayName": "Sales Department",
"Identity": "Sales Department",
"FileSystemRights": ["Read", "Write"],
"Path": "\\\\contoso.local\\Storage\\Projects\\Sales",
"Type": "Allow"
}❗ It is important to note that the names of your form fields might differ. Ensure that the
$formObjecthashtable is appropriately adjusted to match your form fields. More about the cmdletSet-AclSee the Microsoft Docs page
-
Verify if the provided parent folder exists
-
Calls the Set-Acl CmdLet to update the NTFS folder permissions