<#====================================================================

Copyright © 2015, September. Michael Pomfret

The following updates the SharePoint Service Account Group file permissions.

====================================================================#>

Write-Host “”

Write-Host “=======================================================================================”

Write-Host “SharePoint 2013 – Updating file permissions for the SharePoint Service Account Group…”

Write-Host “=======================================================================================”

Write-Host “Not Completed”

$ProgramFiles = ${env:ProgramFiles}

$CommonProgramFiles = ${env:COMMONPROGRAMFILES}

$Windir = ${env:windir}

$Systemdrive = ${env:systemdrive}

$AllUsersProfile = ${env:AllUsersProfile}

#%COMMONPROGRAMFILES%\Microsoft Shared\Web Server Extensions\15\LOGS

# Modify No Inheritance

# This directory contains setup and runtime tracing logs. If this directory is altered, diagnostic logging will not function correctly. All SharePoint 2013 service accounts must have write permission to this directory.

$FolderPath = $CommonProgramFiles + “\Microsoft Shared\Web Server Extensions\15\LOGS”

#Get NTFS permissiongs

$Acl = Get-Acl $FolderPath

#Disable inheritance and clear permissions

$Acl.SetAccessRuleProtection($True, $False)

$Acl = (Get-Item $FolderPath).GetAccessControl(‘Access’)

$rule = New-Object System.Security.AccessControl.FileSystemAccessRule(“xxx_SP_ServiceAccounts”, ‘Modify’,’ContainerInherit,ObjectInherit’, ‘None’, ‘Allow’)

$Acl.SetAccessRule($rule)

Set-Acl -path $FolderPath -AclObject $Acl