9.3. Broken file and folder permissions

The ASGARD Agent folder has in a normal installation specific permissions set. The ASGARD Agent checks regularly for broken permissions and tries to fix them. If for some reason this process fails, you have to check and change the permissions manually.

2023/03/31 12:02:35 ASGARD_THOR: Error: failed to repair permissions: set security info: Access is denied.

To do this we wrote a little PowerShell script which can help you with this process. Please test the script before you deploy it in your environment. To do this, you can leave the -WhatIf flag to see what the script would do if the permissions are broken. If you are content with the potential changes, remove the -WhatIf arguments. The script needs administrative permissions.

 1$asgardAgent = "C:\Windows\System32\asgard2-agent"
 2$asgardAgentTemp = "C:\Windows\Temp\asgard2-agent"
 3
 4if (Get-Item -Path $asgardAgent | Get-Acl | where {$_.Access.IsInherited -eq $false}) {
 5    Write-Host "ASGARD Agent folder permission broken. Trying to fix: $asgardAgent"
 6    # Set the new Access Rule to inherit permissions
 7    $newAcl = Get-Acl -Path $asgardAgent
 8    $newAcl.SetAccessRuleProtection($false, $true)
 9    Set-Acl $asgardAgent -AclObject $newAcl -WhatIf
10}
11if (Get-Item -Path $asgardAgentTemp | Get-Acl | where {$_.Access.IsInherited -eq $false}) {
12    Write-Host "ASGARD Agent folder permission broken. Trying to fix: $asgardAgentTemp"
13    # Set the new Access Rule to inherit permissions
14    $newAcl = Get-Acl -Path $asgardAgentTemp
15    $newAcl.SetAccessRuleProtection($false, $true)
16    Set-Acl $asgardAgentTemp -AclObject $newAcl -WhatIf
17}
18get-childitem -path $asgardAgent -Recurse -Depth 1 | Get-Acl | where {$_.Access.IsInherited -eq $false} | % {
19    $fullPath = Convert-Path $_.Path
20    Write-Host "ASGARD Agent folder permission broken. Trying to fix: $fullPath"
21    # Set the new Access Rule to inherit permissions
22    $newAcl = Get-Acl -Path $_.Path
23    $newAcl.SetAccessRuleProtection($false, $true)
24    Set-Acl $_.Path -AclObject $newAcl -WhatIf
25}

Tip

After you changed the permissions of the asgard2-agent folder, the agent might correct the permissions again and set them accordingly. Only use this script if the agent is showing errors that permissions can not be set.