Using PowerShell to set file system permissions: ACL

To add a user with write permissions to an existing folder, the following script can be used:

Add Permission

$folder="C:\Myfolder"
$username="Username"
$permission="Modify"

$Acl = Get-Acl $folder
$Ar = New-Object  system.security.accesscontrol.filesystemaccessrule($username,$permission,'ContainerInherit,ObjectInherit', 'None', 'Allow')
$Acl.SetAccessRule($Ar)
Set-Acl $folder $Acl

The script reads the current permissions and writes them to the $Acl variable, then creates a permission object with the user and the desired permissions and stores it in the $Ar variable. Finally, the created object ($Ar) is added to the previously read permissions and these are then written to the folder: Set-Acl

With "ContainerInherit and ObjectInherit the permission on the folder and its files is set.

For example, "FullControl" could be used as a permission instead of "Modify".

Interrupt inheritance

    $Acl.SetAccessRuleProtection($True, $True)

Remove permission

    $aclRemove = $acl.Access | ?{ $_.IdentityReference -eq 'BUILTIN\Users' }
    if ($acesToRemove) {
        $acl.RemoveAccessRuleAll($aclRemove )
    }

^{({{pro_count}})}

Rate Post:
{{percentage}} % positive

^{({{con_count}})}

THANK YOU for your review!

Publication: 2023-05-08 from Bernhard | Übersetzung Deutsch |🔔 | Comments:0

➨ PowerShell text file and csv read / write | ➦ PowerShell | PowerShell: Prevent screen saver, lock: Move mouse regularly ➨

Questions / Comments

Table of Contents

Add Permission
Interrupt inheritance
Remove permission

[Deutsch]

➦ PowerShell ➨ PowerShell: Prevent screen saver, lock: Move mouse regularly