PowerShell and NTFS permissions

from powershell.com

Adding and Resetting NTFS Permissions

Whether you want to add a new NTFS access rule to a file or turn off inheritance and add new rules, here is a sample script that illustrates the trick and can serve you as a template.

The script creates a test file, then defines a new access rule for the current user. This rules allows read and write access. The new rule is added to the existing security descriptor. In addition, inheritance is turned off.

# create a sample file to apply security rules to
$Path = “$env:temp\examplefile.txt”
$null = New-Item -Path $Path -ItemType File -ErrorAction SilentlyContinue

# use current user or replace with another user name
$username = “$env:USERDOMAIN\$env:USERNAME”

# define the new access rights
$colRights = [System.Security.AccessControl.FileSystemRights]’Read, Write’
$InheritanceFlag = [System.Security.AccessControl.InheritanceFlags]::None
$PropagationFlag = [System.Security.AccessControl.PropagationFlags]::None
$objType =[System.Security.AccessControl.AccessControlType]::Allow
$objUser = New-Object System.Security.Principal.NTAccount($username)

# create new access control entry
$objACE = New-Object System.Security.AccessControl.FileSystemAccessRule `
($objUser, $colRights, $InheritanceFlag, $PropagationFlag, $objType)

# get existing access control list for a file or folder
$objACL = Get-Acl -Path $Path

# add rule

# disable inheritance (if needed)
$objACL.SetAccessRuleProtection($true, $false)

# apply changed access control list to file
Set-Acl -Path $Path -AclObject $objACL

# show file in the File Explorer
explorer.exe “/SELECT,$Path”

Once completed, the script opens the test file in the File Explorer and selects it. You can then right-click the file and choose Properties > Security to view the new settings.

To find out the available access rights, in the ISE editor type in this line:


This will automatically open the context menu and lists all available settings.


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s