10.3. Broken File and Folder Permissions

In a normal installation, the ASGARD Agent folder uses specific permissions. The ASGARD Agent regularly checks for broken permissions and tries to fix them. If this process fails, check and change the permissions manually.

2023/03/31 12:02:35 ASGARD_THOR: Error: failed to repair permissions: set security info: Access is denied.

The following PowerShell script can help with this process. Test the script before deploying it in your environment. Keep the -WhatIf flag enabled to see what the script would do if permissions are broken. If the expected changes are correct, remove the -WhatIf arguments. The script requires administrative permissions.

 1$asgardAgent = "C:\Windows\System32\asgard2-agent"
 2$asgardAgentTemp = "C:\Windows\Temp\asgard2-agent"
 3
 4if (Get-Item -Path $asgardAgent | Get-Acl | where {$_.Access.IsInherited -eq $false}) {
 5    Write-Host "ASGARD Agent folder permission broken. Trying to fix: $asgardAgent"
 6    # Set the new Access Rule to inherit permissions
 7    $newAcl = Get-Acl -Path $asgardAgent
 8    $newAcl.SetAccessRuleProtection($false, $true)
 9    Set-Acl $asgardAgent -AclObject $newAcl -WhatIf
10}
11if (Get-Item -Path $asgardAgentTemp | Get-Acl | where {$_.Access.IsInherited -eq $false}) {
12    Write-Host "ASGARD Agent folder permission broken. Trying to fix: $asgardAgentTemp"
13    # Set the new Access Rule to inherit permissions
14    $newAcl = Get-Acl -Path $asgardAgentTemp
15    $newAcl.SetAccessRuleProtection($false, $true)
16    Set-Acl $asgardAgentTemp -AclObject $newAcl -WhatIf
17}
18get-childitem -path $asgardAgent -Recurse -Depth 1 | Get-Acl | where {$_.Access.IsInherited -eq $false} | % {
19    $fullPath = Convert-Path $_.Path
20    Write-Host "ASGARD Agent folder permission broken. Trying to fix: $fullPath"
21    # Set the new Access Rule to inherit permissions
22    $newAcl = Get-Acl -Path $_.Path
23    $newAcl.SetAccessRuleProtection($false, $true)
24    Set-Acl $_.Path -AclObject $newAcl -WhatIf
25}

Tip

After you change the permissions of the asgard2-agent folder, the agent might correct the permissions again. Only use this script if the agent shows errors that permissions cannot be set.