A friend wanted a PowerShell script that would take ownership, and set access controls, on single files and recursively with directories, even from TrustedInstaller. He did not want any process token Cmdlet/modules with it and just wanted a simple script to do it. So I wrote him a simple function that does what he wants and I figured I'd toss it up here for anyone who wants it. Code: Function Grant-FileOwnership { [CmdletBinding()] Param ( [Parameter(Mandatory = $true, ValueFromPipeline = $true, ValueFromPipelineByPropertyName = $true)][ValidateNotNullOrEmpty()][string]$Path, [ValidateSet('Administrators', 'CurrentUser')][string]$UserAccount = "$env:userdomain\$env:username", [switch]$Recurse ) Begin { $ErrorActionPreference = 'Stop' } Process { Switch ($UserAccount) { 'Administrators' { $User = "Administrators" $TakeDirectory = TAKEOWN /F $Path /A /R /D Y } 'CurrentUser' { $User = "$env:userdomain\$env:username" $TakeDirectory = TAKEOWN /F $Path /R /D Y } } If (Test-Path -Path $Path -PathType Leaf) { If ($Recurse) { Write-Error -Message "Only directories and subdirectories can be granted ownership of recursively." -Category InvalidOperation } Else { [void](TAKEOWN /F $Path /A) $ACL = Get-Acl -Path $Path $Account = New-Object System.Security.Principal.NTAccount($User) $Rights = [System.Security.AccessControl.FileSystemRights]"FullControl" $Inheritance = [System.Security.AccessControl.InheritanceFlags]"None" $Propagation = [System.Security.AccessControl.PropagationFlags]"None" $Type = [System.Security.AccessControl.AccessControlType]"Allow" $Rule = New-Object System.Security.AccessControl.FileSystemAccessRule($Account, $Rights, $Inheritance, $Propagation, $Type) $ACL.SetAccessRule($Rule) $ACL.SetOwner($Account) $ACL | Set-Acl -Path $Path } } If (Test-Path -Path $Path -PathType Container) { If ($Recurse) { [void]($TakeDirectory) $ACL = Get-Acl -Path $Path $Account = New-Object System.Security.Principal.NTAccount($User) $Rights = [System.Security.AccessControl.FileSystemRights]"FullControl" $Inheritance = [System.Security.AccessControl.InheritanceFlags]"ContainerInherit,ObjectInherit" $Propagation = [System.Security.AccessControl.PropagationFlags]"None" $Type = [System.Security.AccessControl.AccessControlType]"Allow" $Rule = New-Object System.Security.AccessControl.FileSystemAccessRule($Account, $Rights, $Inheritance, $Propagation, $Type) $ACL.SetAccessRule($Rule) $ACL.SetOwner($Account) } Else { [void](TAKEOWN /F $Path /A) $ACL = Get-Acl -Path $Path $Account = New-Object System.Security.Principal.NTAccount($User) $Rights = [System.Security.AccessControl.FileSystemRights]"FullControl" $Inheritance = [System.Security.AccessControl.InheritanceFlags]"None" $Propagation = [System.Security.AccessControl.PropagationFlags]"None" $Type = [System.Security.AccessControl.AccessControlType]"Allow" $Rule = New-Object System.Security.AccessControl.FileSystemAccessRule($Account, $Rights, $Inheritance, $Propagation, $Type) $ACL.SetAccessRule($Rule) $ACL.SetOwner($Account) $ACL | Set-Acl -Path $Path } } } End { $ACL | Format-List Write-Verbose "Ownership and access control of $Path successfully granted to $User." -Verbose } } The syntax is: Grant-FileOwnership -Path "Path to file or directory" -UserAccount -Recurse
beautiful thank you for sharing knowledge. my friend i am new to scripting where would you recommend to start learning and any books. thank you