I am trying to set file permissions so users from two Windows installations can access certain files from a shared NTFS hard disk, withouth resorting to give "Everyone" permissions.
From within an installation I can get rights for its local user(s), but I can't give permissions to the other user by SID:
icacls * /grant *S-1-5-21-3699620855-3856482933-2467390241-1001:R /T
*S-1-5-21-3699620855-3856482933-2467390241-1001: No mapping between account names and security IDs was done.
Apparently Windows has to have record of the SID somehow. Is there a way to force it to give permissions to a "foreign" SID?
Best Answer
I was able to find this powershell function that purports to do exactly what you want:
All credit goes to Settings NTFS Permissions by SID in PowerShell by Remko Weijnen.
This would require PowerShell 3.0+ due to its use of
Get-Acl
andSet-Acl
.