PS files and folder ACLs

Hello all,

i have worked a little bit with ACLs in Powershell and it is a little bit tricky. So i will roundup the code and the most important information for you guys.

This code snippet is a little example how to set the rights for a given folder.

# directory to update
$directory = "C:\Temp\test"
# group object 'sAMAccountName' to add to NTFS permission
$addGroup  = "example_access_read"
# Configure the access object values - chosen by matrix
$access      = [System.Security.AccessControl.AccessControlType]::Allow 
$rights      = [System.Security.AccessControl.FileSystemRights]"Read,ReadAndExecute,ListDirectory"
$inheritance = [System.Security.AccessControl.InheritanceFlags]"ContainerInherit,ObjectInherit"
$propagation = [System.Security.AccessControl.PropagationFlags]::None 
$ace         = New-Object System.Security.AccessControl.FileSystemAccessRule($addGroup,$rights,$inheritance,$propagation,$access) 
# Retrieve the directory ACL and add a new ACL rule
$acl = Get-Acl $directory
Set-Acl $directory $acl

As you can see we need to define the $access, the $rights and a constellation for $inheritance and $propagation. The first 2 inputs are trivial as you can see. For the last two variables i have made a little table to simplify theĀ conditions. Whether you want different objects (files/folders) or a different depth to be get applied by this rule you have to enter a different constellation for both variables:


With this information it is quite easy to set and migrate the ACLs of Files/Folders and so on. Hopefully it will help you!




Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s