Hello all,

i have worked a little bit with ACLs in Powershell and it is a little bit tricky. So i will roundup the code and the most important information for you guys.

This code snippet is a little example how to set the rights for a given folder.

# directory to update
$directory = "C:\Temp\test"
 
# group object 'sAMAccountName' to add to NTFS permission
$addGroup  = "example_access_read"
 
# Configure the access object values - chosen by matrix
$access      = [System.Security.AccessControl.AccessControlType]::Allow 
$rights      = [System.Security.AccessControl.FileSystemRights]"Read,ReadAndExecute,ListDirectory"
$inheritance = [System.Security.AccessControl.InheritanceFlags]"ContainerInherit,ObjectInherit"
$propagation = [System.Security.AccessControl.PropagationFlags]::None 
$ace         = New-Object System.Security.AccessControl.FileSystemAccessRule($addGroup,$rights,$inheritance,$propagation,$access) 
 
# Retrieve the directory ACL and add a new ACL rule
$acl = Get-Acl $directory
$acl.AddAccessRule($ace) 
$acl.SetAccessRuleProtection($false,$false) 
Set-Acl $directory $acl

As you can see we need to define the $access, the $rights and a constellation for $inheritance and $propagation. The first 2 inputs are trivial as you can see. For the last two variables i have made a little table to simplify the conditions. Whether you want different objects (files/folders) or a different depth to be get applied by this rule you have to enter a different constellation for both variables:

With this information it is quite easy to set and migrate the ACLs of Files/Folders and so on. Hopefully it will help you!

Greetings,

~David