Setting folder ACL with PowerShell


I’m using the following to set user rights on a folder:

$acl = Get-Acl $folder
$AccessRule = New-Object System.Security.AccessControl.FileSystemAccessRule(“mydomain\joeuser”,“FullControl”,“Allow”)
$acl | Set-Acl $folder

This works fine, however I don’t want to grant joeuser full control, only standard read/execute rights. The following should be checked in the Properties for the folder: Read & execute, List folder contents, and Read.

If I change “FullControl” to “Read” in the above code, I end up with Special permissions where Read is the only checked item.

Any suggestions greatly appreciated.

Try playing with this, adjust to your liking:

$FolderAuditRules = “Traverse, ExecuteFile, ListDirectory, ReadData, CreateFiles, WriteData, CreateDirectories, AppendData, DeleteSubdirectoriesAndFiles, Delete, ChangePermissions, TakeOwnership”

$AccessRule = New-Object System.Security.AccessControl.FileSystemAccessRule(“mydomain\joeuser”, $FolderAuditRules)