By default, folders and files inherit permissions from their parents. To stop inheritance and make sure only the explicitly assigned permissions are valid, do two things: add the explicit permissions you need, and disable inheritance.
This example creates a new folder called "PermissionNoInheritance", then grants the current user read permissions, and administrators get full rights. Inheritance is disabled.
# create folder $Path = 'c:\PermissionNoInheritance' $null = New-Item -Path $Path -ItemType Directory -ErrorAction SilentlyContinue # get current permissions $acl = Get-Acl -Path $path # add a new permission for current user $permission = $env:username, 'Read,Modify', 'ContainerInherit, ObjectInherit', 'None', 'Allow' $rule = New-Object -TypeName System.Security.AccessControl.FileSystemAccessRule -ArgumentList $permission $acl.SetAccessRule($rule) # add a new permission for Administrators $permission = 'Administrators', 'FullControl', 'ContainerInherit, ObjectInherit', 'None', 'Allow' $rule = New-Object -TypeName System.Security.AccessControl.FileSystemAccessRule -ArgumentList $permission $acl.SetAccessRule($rule) # disable inheritance $acl.SetAccessRuleProtection($true, $false) # set new permissions $acl | Set-Acl -Path $path
