Adding and Resetting NTFS Permissions
Whether you want to add a new NTFS access rule to a file or turn off inheritance and add new rules, here is a sample script that illustrates the trick and can serve you as a template.
The script creates a test file, then defines a new access rule for the current user. This rules allows read and write access. The new rule is added to the existing security descriptor. In addition, inheritance is turned off.
# create a sample file to apply security rules to
$Path = “$env:temp\examplefile.txt”
$null = New-Item -Path $Path -ItemType File -ErrorAction SilentlyContinue
# use current user or replace with another user name
$username = “$env:USERDOMAIN\$env:USERNAME”
# define the new access rights
$colRights = [System.Security.AccessControl.FileSystemRights]’Read, Write’
$InheritanceFlag = [System.Security.AccessControl.InheritanceFlags]::None
$PropagationFlag = [System.Security.AccessControl.PropagationFlags]::None
$objUser = New-Object System.Security.Principal.NTAccount($username)
# create new access control entry
$objACE = New-Object System.Security.AccessControl.FileSystemAccessRule `
($objUser, $colRights, $InheritanceFlag, $PropagationFlag, $objType)
# get existing access control list for a file or folder
$objACL = Get-Acl -Path $Path
# add rule
# disable inheritance (if needed)
# apply changed access control list to file
Set-Acl -Path $Path -AclObject $objACL
# show file in the File Explorer
Once completed, the script opens the test file in the File Explorer and selects it. You can then right-click the file and choose Properties > Security to view the new settings.
To find out the available access rights, in the ISE editor type in this line:
This will automatically open the context menu and lists all available settings.