I currently have to change permissions for all local users on cmd.exe. So far I have taken the ownership of the file and changed the permissions in the way i need it.
My problem is, that I cant figure out, how to give the ownership back to TrustedIntstaller.
Below you can see the code I worked out so far. It changes the permissions and throws no errors, but after the script ran the owner is still set to System.
Iam using the Powershell App Deployment Toolkit and the script was executed as system-user.
Any help is appreciated. If there are other (better) ways of changing permissions in Windows-Folder please let me know as well.
$acl_old = get-acl "$envSystem32Directory\cmd.exe" $owner_old = $acl_old.Owner Execute-Process -Path "takeown.exe" -Parameters "/f C:\windows\system32\cmd.exe" Execute-Process -Path "icacls.exe" -Parameters "$envSystem32Directory\cmd.exe /grant:r *S-1-2-0:(RX)" $new_permission = get-acl "$envSystem32Directory\cmd.exe" $new_owner_object = New-Object -TypeName System.Security.Principal.NTAccount -ArgumentList "$owner_old" $new_permission.SetOwner($new_owner_object) set-acl -Path $envSystem32Directory\cmd.exe -AclObject $new_permissions