In a previous tip we showed how you can add NTFS permission rules to a folder. To find out what kind of permissions are assignable, take a look at this:
PS> [System.Enum]::GetNames([System.Security.AccessControl.FileSystemRights]) ListDirectory ReadData WriteData CreateFiles CreateDirectories AppendData ReadExtendedAttributes WriteExtendedAttributes Traverse ExecuteFile DeleteSubdirectoriesAndFiles ReadAttributes WriteAttributes Write Delete ReadPermissions Read ReadAndExecute Modify ChangePermissions TakeOwnership Synchronize FullControl
Let's assume you created a folder named "protectedfolder":
$Path = 'c:\protectedFolder' # create new folder $null = New-Item -Path $Path -ItemType Directory
To add a new access rule for the user "Tobias" (make sure you replace the user name in the example with a username that actually exists in your environment) that grants a number of filesystem rights, run this:
# get permissions $acl = Get-Acl -Path $path # add a new permission $permission = 'Tobias', 'Read,Write,Modify', 'ContainerInherit, ObjectInherit', 'None', 'Allow' $rule = New-Object -TypeName System.Security.AccessControl.FileSystemAccessRule -ArgumentList $permission $acl.SetAccessRule($rule) # set new permissions $acl | Set-Acl -Path $path
