Find largest files and directories with PowerShell

gci . -r | sort Length -desc | select fullname -f 10

Get-ChildItem -Path 'C:\SomeFolder' -Recurse -Force -File | Select-Object -Property FullName,@{Name='SizeGB';Expression={$_.Length / 1GB}},@{Name='SizeMB';Expression={$_.Length / 1MB}},@{Name='SizeKB';Expression={$_.Length / 1KB}} | Sort-Object { $_.SizeKB } -Descending | Out-GridView


PowerShell and NTFS permissions


Adding and Resetting NTFS Permissions

Whether you want to add a new NTFS access rule to a file or turn off inheritance and add new rules, here is a sample script that illustrates the trick and can serve you as a template.

The script creates a test file, then defines a new access rule for the current user. This rules allows read and write access. The new rule is added to the existing security descriptor. In addition, inheritance is turned off.

# create a sample file to apply security rules to
$Path = “$env:temp\examplefile.txt”
$null = New-Item -Path $Path -ItemType File -ErrorAction SilentlyContinue

# use current user or replace with another user name
$username = “$env:USERDOMAIN\$env:USERNAME”

# define the new access rights
$colRights = [System.Security.AccessControl.FileSystemRights]’Read, Write’
$InheritanceFlag = [System.Security.AccessControl.InheritanceFlags]::None
$PropagationFlag = [System.Security.AccessControl.PropagationFlags]::None
$objType =[System.Security.AccessControl.AccessControlType]::Allow
$objUser = New-Object System.Security.Principal.NTAccount($username)

# create new access control entry
$objACE = New-Object System.Security.AccessControl.FileSystemAccessRule `
($objUser, $colRights, $InheritanceFlag, $PropagationFlag, $objType)

# get existing access control list for a file or folder
$objACL = Get-Acl -Path $Path

# add rule

# disable inheritance (if needed)
$objACL.SetAccessRuleProtection($true, $false)

# apply changed access control list to file
Set-Acl -Path $Path -AclObject $objACL

# show file in the File Explorer
explorer.exe “/SELECT,$Path”

Once completed, the script opens the test file in the File Explorer and selects it. You can then right-click the file and choose Properties > Security to view the new settings.

To find out the available access rights, in the ISE editor type in this line:


This will automatically open the context menu and lists all available settings.