Fixing MDT deployment share permissions using PowerShell

You probably know that a bug in MDT versions since MDT 2013 Update 1 have way too high security permissions being set on the deployment share created via Deployment Workbench – Only administrators can access them. Here is a script that sets them to a working level. If needed, modify the script to fit your environment, for example, your build account is probably not the VIAMONSTRA\MDT_BA account 🙂

# Check for elevation
Write-Host "Checking for elevation"

If (-NOT ([Security.Principal.WindowsPrincipal] [Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole(`
    [Security.Principal.WindowsBuiltInRole] "Administrator"))
    Write-Warning "Oupps, you need to run this script from an elevated PowerShell prompt!`nPlease start the PowerShell prompt as an Administrator and re-run the script."
    Write-Warning "Aborting script..."

# Configure NTFS Permissions for the MDT Build Lab deployment share
$DeploymentShareNTFS = "E:\MDTBuildLab"
icacls $DeploymentShareNTFS /grant '"Users":(OI)(CI)(RX)'
icacls $DeploymentShareNTFS /grant '"Administrators":(OI)(CI)(F)'
icacls $DeploymentShareNTFS /grant '"SYSTEM":(OI)(CI)(F)'
icacls "$DeploymentShareNTFSCaptures" /grant '"VIAMONSTRA\MDT_BA":(OI)(CI)(M)'

# Configure Sharing Permissions for the MDT Build Lab deployment share
$DeploymentShare = "MDTBuildLab$"
Grant-SmbShareAccess -Name $DeploymentShare -AccountName "EVERYONE" -AccessRight Change -Force
Revoke-SmbShareAccess -Name $DeploymentShare -AccountName "CREATOR OWNER" -Force
About the author

Johan Arwidmark

5 3 votes
Article Rating
Notify of
1 Comment
Oldest Most Voted
Inline Feedbacks
View all comments
10 days ago

I know it's an old post, but helped me troubleshoot issues today. Thanks!