Setting ACL on a File or Directory in Powershell

I know I said I was going to do more C# stuff but this powershell stuff is so cool 🙂 . If you ever have to do a massive task like set security across multiple servers on a particular Folder or Files you certainly do not want to do this manually . You can do this in a lot languages . In regular batch scripting using calcs.exe or vbcript . Today I’m going to give a powershell example using 2 cmdlets get-acl and set-acl.

So for example you had to set security on a folder c:\temp (not sure why you would want to but its just an example ) .

what you first have to do is get the ACL list from the folder like so :

$acl = Get-Acl c:\temp

next you can setup your account name that you want to add , Set the permission level (i.e. FullControl) and lastly set the allow permission or deny permission set .Lets take a look .

$permission = "domainName\Username","FullControl","Allow"

So now we use $permission in our .net class FileSystemAccessRule like so :

$accessRule = new-object System.Security.AccessControl.FileSystemAccessRule $permission

We instantiated to use the .net class and passed our variable to set our permisson but we have not set it yet .

$acl.SetAccessRule($accessRule)
$acl | Set-Acl c:\temp

Now we did . Now check your folder and it should show full control for the username you specified .

Cool huh ?

I know this may not replace a cacls.exe but it will do the job also this cmdlet (set-acl) will work on the registry provider too which calcs.exe doesn’t do .

Full program

$acl = Get-Acl c:\temp
$permission = "domain\user","FullControl","Allow"
$accessRule = New-Object System.Security.AccessControl.FileSystemAccessRule $permission
$acl.SetAccessRule($accessRule)
$acl | Set-Acl c:\temp

Hope this helps .

Chris

Advertisements