Using PowerShell to replace icacls

Hi, it’s me again! I’m very comfortable with icacls, but I’m beginning to realize that I need to transition over to PowerShell for file system administration.

In my business, a little paranoia goes a long way. Before I perform an expensive file operation, I like to make sure that everything is ok and make sure that I can revert back if something goes wrong. I usually run these two commands before making a big ACL change:

icacls "\\mydomain\users02" /verify /t /c /q
icacls "\\mydomain\users02" /t /c /q /save z:\users02_acl_backup.txt

The first one finds files whose ACL is not in canonical form or with a length inconsistent with the ACE count. The second allows me to back up ACL’s into a text file for later use with /restore if things go bad.

How would you accomplish these in PowerShell?

You can run these in powershell just fine. Unless you install the NTFSsecurity module, I think you’ll find working with ACLs in powershell overly complex and cumbersome. The registry is another area where reg.exe is so much simpler in many areas.

1 Like