Windows ACLs with AWS Storage Gateway


We are currently using AWS Storage Gateway to get an on-prem SMB mount from an S3 bucket. We have the Storage Gateway running as an on-prem VM and AD-joind and access the SMB share from Windows 10 devices. The problem we are currently facing, is setting the Windows ACLs via Powershell. I'm mounting the SMB share on my local Windows client, and then try to Windows ACLs via Powershell, but it seems nearly impossible to get things working. I can successfully set permissions via Powershell on a folder (or file), but as soon as I want to inherit permissions or reset ACLs from subfolders(and the files in the subfolders), it doesn't work.

My question: Is there anybody with experience/knowledge of setting Windows ACLs programmatically to an SMB mount of the on-prem AWS Storage Gateway? There were already to many hours of work running into nearly nothing...

Thanks and regards!

asked 2 years ago275 views
1 Answer


As you may already aware, to set new Windows access rules using PowerShell, you would need to get the ACL for specified folder/file using Get-Acl and then use Set-Acl.

There doesn't seem to be a native PowerShell command to manage Inheritance and Propagation. You would want to use preserveInheritance and isProtected .NET class parameters to manage permissions with the inheritance. here is an example. Further, you can use these .NET methods 1 and 2 to manage the Container, Object Inheritance and propagation. For example, $inheritpermissions = []"ContainerInherit".

To reset the ACLs, you can add your user to admin user list on the SMB file share. Then, with that user, you can take ownership of the file/folder using SetOwner and then change the permissions. You may also look into using takeown command.

profile pictureAWS
answered 2 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions