How to add two acces rules to folder for same group using powershell

Question

I need a group to not be able to modify(/delete) a root folder but the same group has to be able to modify all the subfolders and files, using powershell (repetition/volume)

nb. end result should be two acl rules: 1. one for the current folder (readonly, can make subfolders , can delete subfolders but cannot delete root folder). 2. a second rule for the subfolders and files, in which they can delete and create and have free range over

I have a series of powershell codes that adds the ACL rule for both situations (seperately)

#subfolder rights
$existingAcl = Get-Acl -Path $pad
$permissions = $rechtendoel,'ExecuteFile,ReadData,ReadAttributes,ReadExtendedAttributes,CreateFiles,AppendData,WriteAttributes,WriteExtendedAttributes,DeleteSubdirectoriesAndFiles,Delete,ReadPermissions', 'ContainerInherit,ObjectInherit', 'InheritOnly', 'Allow'
$regel= New-Object -TypeName System.Security.AccessControl.FileSystemAccessRule -ArgumentList $permissions
$existingAcl.SetAccessRule($regel)
$existingAcl | Set-Acl -Path $pad

#rights for just the folder 

$existingAcl2 = Get-Acl -Path $pad
$rechten2 = $rechtendoel,'ExecuteFile,ReadData,ReadAttributes,ReadExtendedAttributes,CreateFiles,AppendData,WriteAttributes,WriteExtendedAttributes,DeleteSubdirectoriesAndFiles,ReadPermissions', 'None', 'None', 'Allow'
$regel2= New-Object -TypeName System.Security.AccessControl.FileSystemAccessRule -ArgumentList $rechten2
$existingAcl2.SetAccessRule($regel2)
$existingAcl2 | Set-Acl -Path $pad

However when I run both in succession (or seperate from eachother) the latter run segment overwrites the earlier rule.

Answer 1

Try using this type of method for items in sub-directories

$NewAcl = Get-Acl File0.txt
Get-ChildItem -Path "C:\temp" -Recurse -Include "*.txt" -Force | Set-Acl -AclObject $NewAcl

Reference https://docs.microsoft.com/en-us/powershell/module/microsoft.powershell.security/set-acl?view=powershell-6