i have worked a little bit with ACLs in Powershell and it is a little bit tricky. So i will roundup the code and the most important information for you guys.
This code snippet is a little example how to set the rights for a given folder.
# directory to update $directory = "C:\Temp\test" # group object 'sAMAccountName' to add to NTFS permission $addGroup = "example_access_read" # Configure the access object values - chosen by matrix $access = [System.Security.AccessControl.AccessControlType]::Allow $rights = [System.Security.AccessControl.FileSystemRights]"Read,ReadAndExecute,ListDirectory" $inheritance = [System.Security.AccessControl.InheritanceFlags]"ContainerInherit,ObjectInherit" $propagation = [System.Security.AccessControl.PropagationFlags]::None $ace = New-Object System.Security.AccessControl.FileSystemAccessRule($addGroup,$rights,$inheritance,$propagation,$access) # Retrieve the directory ACL and add a new ACL rule $acl = Get-Acl $directory $acl.AddAccessRule($ace) $acl.SetAccessRuleProtection($false,$false) Set-Acl $directory $acl
As you can see we need to define the $access, the $rights and a constellation for $inheritance and $propagation. The first 2 inputs are trivial as you can see. For the last two variables i have made a little table to simplify the conditions. Whether you want different objects (files/folders) or a different depth to be get applied by this rule you have to enter a different constellation for both variables:
With this information it is quite easy to set and migrate the ACLs of Files/Folders and so on. Hopefully it will help you!