[Bug] EnableInheritance / DisableInheritance parameters in Set-ADTItemPermission require admin rights #1691
Description
Prerequisites
- Ensure you write a short, descriptive title after [Bug] above.
- Make sure to search for any existing issues before filing a new one.
- Verify you are able to reproduce the issue with the latest released version
PSAppDeployToolkit version
main / 4.1.4
Describe the bug
Using either -EnableInheritance or -DisableInheritance from a non-elevated session results in an error running Set-Acl -LiteralPath $LiteralPath -AclObject $Acl:
Set-ADTItemPermission : The process does not possess the 'SeSecurityPrivilege' privilege which is required for this operation.
This is unexpected when my user has full ownership of the folder (e.g. %USERPROFILE%
Temp or C:\Temp).
There may well be good reason for this, however I can achieve what -EnableInheritance does (removes explicit permissions and enables inheritance) via icacls.exe without needing admin rights, e.g:
icacls.exe C:\Temp /reset
Steps to reproduce
- Import module into non-elevated PowerShell
New-Item "$env:USERPROFILE\Test"Set-ADTItemPermission -LiteralPath "$env:USERPROFILE\Test" -EnableInheritance
Environment data
🖖