다음을 통해 공유


PowerShell Troubleshooting: You don’t currently have permission to access this folder (Issue -Add-NTFSAccess)

Issue

The main limitation is that Windows Explorer design does not support the running of multiple process instances in different security contexts in an interactive user session.

See bellow the actual warning will add your Admin account to the ACL.

https://i0.wp.com/www.vitalit.si/wp-content/uploads/2017/05/img_5927e0041372e.png

Workaround 1

Create a security group, make that group a local administrator member in the file system server and add NTFS permissions to that group via Power Shell. Since Power Shell opened as Administrator does not need any elevation the cmdlets bellow will work.

https://i2.wp.com/www.vitalit.si/wp-content/uploads/2017/06/img_5930294c9cec0.png

Add-NTFSAccess -AccessRights FullControl -Account DOMAIN\Security_Group -Path “D:\Folder1\Share1\Share2” -AccessType Allow -AppliesTo ThisFolderSubfoldersAndFiles -PassThru

Workaround 2

To avoid changing permissions in a folder that’s accessible only to administrators, consider using another program that can run elevated instead of using Windows Explorer. Examples include Command Prompt, PowerShell, and the Computer Management MMC snap-in for share management.

Workaround 3

If we have an application-specific folder that’s locked down to prevent ordinary users from accessing it, we can also add permissions for a custom group and then add authorized users to that group. For example, consider a scenario in which an application-specific folder grants access only to the Administrators group and to the System account. In this situation, create a domain or a local AppManagers group, and then add authorized users to it. Then, use a utility such as icacls.exe, the security tab of the folder’s Properties dialog box, or the PowerShell Set-Acl cmdlet to grant the AppManagers group Full Control of the folder, in addition to the existing permissions.

Users who are members of AppManagers will now be able to use Windows Explorer to browse the folder without UAC having to change the folder’s permissions. Be aware that this alternative applies only to application-specific folders. We should never make any permission changes to folders that are part of the Windows operating system, such as C:\Windows\ServiceProfiles.

More info in the official Microsoft KB and we can find it in this link. Microsoft KB950934