Setting Folder Permissions with Powershell

by jawhitm at 2012-09-11 00:56:53

Hello everyone,

I am trying to modify some folder permissions using powershell and so far I have not found a good way to do this. I would like to use powershell if at all possible to accomplish this.

I tried to use Set-ACL and Get-ACL but that doesn’t appear to work as I would like it to

What i am trying to do:

1. Get a list of users / groups that have access to a folder for this example lets call it C:\Testing and below it has folder Test1
2. Remove all users / groups to the folder UNLESS it is inherited from a folder higher up
3. Grant a particular user account that I specify in the script the following permissions:
- Read & Execute
- List Folder Contents
- Read

From the examples I have seen. It adds in permissions but adds them in as special permissions and for this I want to put it on the "Main permissions" where you see the check boxes next to these.

The Operating System this will be done on is on: Windows 2008 SP2 and Windows 2008 R2

Any assistance is greatly appreciated.

Thank you,

by NachumElla at 2012-09-11 03:31:34
Hello jawhitm!

About number 1 - Get-ChildItem path -recurse | where {$.psiscontainer} | select -expand fullname | ForEach-Object {Get-Acl -path $} | fl

about number 2 - havnt found a way to do that with Get-ACL…
by coderaven at 2012-09-11 05:21:25
Working with permissions in PowerShell is pretty straight forward once you learn to work with the ACL object and to create new ACE entries. I think this is pretty close to what you are looking for. The permissions "ReadAndExecute" includes "ListFolderContents" and "Read"

Make sure you modify this to fit your needs and test it! This is just an example.
#Get the ACL
$acl = Get-Acl -Path C:\Path\To\Folder
#List Users/Groups in ACL with permissions
$acl.Access | Select IdentityReference, FileSystemRights
#Remove All non-inherited Permissions
$acl.Access | ForEach-Object {if ($.IsInherited -eq $False) {$acl.RemoveAccessRule($)}}
#Add ACE to grant Group ReadAndExecute for "This Folder, Subfolders and Files"
$rule = New-Object System.Security.AccessControl.FileSystemAccessRule("DomainName\GroupName","ReadAndExecute", "ContainerInherit, ObjectInherit", "None", "Allow")
#Set the modified ACL
Set-Acl -Path \Path\To\Folder -AclObject $acl
by jawhitm at 2012-09-11 21:24:34
Oh you are the man Allan (coderaven). Absolutely 100% exactly what I was looking for and have been trying to do for days. Thank you so much.

$count = "5"
while ($count -ne "4")
write-host "Thank You" -foregroundcolor "Green"
write-host "Thank You" -foregroundcolor "Yellow"
write-host "Thank You" -foregroundcolor "Red"
write-host "Thank You" -foregroundcolor "Cyan"