Managing NTFS Permissions

by Jun 4, 2015

In a previous tip we showed how you can add NTFS permission rules to a folder. To find out what kind of permissions are assignable, take a look at this:

 
PS> [System.Enum]::GetNames([System.Security.AccessControl.FileSystemRights])
ListDirectory
ReadData
WriteData
CreateFiles
CreateDirectories
AppendData
ReadExtendedAttributes
WriteExtendedAttributes
Traverse
ExecuteFile
DeleteSubdirectoriesAndFiles
ReadAttributes
WriteAttributes
Write
Delete
ReadPermissions
Read
ReadAndExecute
Modify
ChangePermissions
TakeOwnership
Synchronize
FullControl
 

Let's assume you created a folder named "protectedfolder":

$Path = 'c:\protectedFolder'

# create new folder
$null = New-Item -Path $Path -ItemType Directory

To add a new access rule for the user "Tobias" (make sure you replace the user name in the example with a username that actually exists in your environment) that grants a number of filesystem rights, run this:

# get permissions
$acl = Get-Acl -Path $path

# add a new permission
$permission = 'Tobias', 'Read,Write,Modify', 'ContainerInherit, ObjectInherit', 'None', 'Allow'
$rule = New-Object -TypeName System.Security.AccessControl.FileSystemAccessRule -ArgumentList $permission
$acl.SetAccessRule($rule)

# set new permissions
$acl | Set-Acl -Path $path

Twitter This Tip! ReTweet this Tip!