Using PowerShell to set file system permissions: ACL

 

To add a user with write permissions to an existing folder, the following script can be used:

Add Permission

$folder="C:\Myfolder"
$username="Username"
$permission="Modify"

$Acl = Get-Acl $folder
$Ar = New-Object  system.security.accesscontrol.filesystemaccessrule($username,$permission,'ContainerInherit,ObjectInherit', 'None', 'Allow')
$Acl.SetAccessRule($Ar)
Set-Acl $folder $Acl

The script reads the current permissions and writes them to the $Acl variable, then creates a permission object with the user and the desired permissions and stores it in the $Ar variable. Finally, the created object ($Ar) is added to the previously read permissions and these are then written to the folder: Set-Acl

With "ContainerInherit and ObjectInherit the permission on the folder and its files is set.

For example, "FullControl" could be used as a permission instead of "Modify".

Interrupt inheritance

    $Acl.SetAccessRuleProtection($True, $True)

Remove permission

    $aclRemove = $acl.Access | ?{ $_.IdentityReference -eq 'BUILTIN\Users' }
    if ($acesToRemove) {
        $acl.RemoveAccessRuleAll($aclRemove )
    }
positive Bewertung({{pro_count}})
Rate Post:
{{percentage}} % positive
negative Bewertung({{con_count}})

THANK YOU for your review!

Questions / Comments


By continuing to browse the site, you agree to our use of cookies. More Details