Set folder Permissions with PowerShell

In a previous article we had a look on how you can set folder permissions by using VBScript and the Secedit tool which comes natively in the OS. But if you work in PowerShell, it doesn’t make sense to make a separate VBScript just to set permissions.

 

PowerShell adds permissions by using the FileSystemAccessRule class. I recommend you check the Microsoft documentation regarding the class to learn the constructors, properties and methods.

 

But let’s have a look on two PowerShell scripts. The first script gives permissions on a folder for the “Everyone” group. The code for this is:

 

$MyPah = "C:\Users\theje\Desktop\dasddas"

$Acl = Get-ACL $MyPah

$AccessRule= New-Object System.Security.AccessControl.FileSystemAccessRule("everyone","FullControl","ContainerInherit,Objectinherit","none","Allow")

$Acl.AddAccessRule($AccessRule)

Set-Acl $MyPah $Acl

The second script gives permissions on a folder for the “Authenticated Users” group:
$MyPah = "C:\Users\theje\Desktop\dasddas"

$acl  = Get-Acl -Path $MyPah

$user = New-Object -TypeName 'System.Security.Principal.SecurityIdentifier' -ArgumentList @([System.Security.Principal.WellKnownSidType]::AuthenticatedUserSid, $null)

$rule = New-Object System.Security.AccessControl.FileSystemAccessRule($user, 'FullControl', 'ContainerInherit,ObjectInherit', 'None', 'Allow')

$acl.SetAccessRule($rule)

Set-Acl -Path $MyPah -AclObject $acl

In this case, it’s a little bit more tricky because the “Authenticated Users” group must be grabbed from the WellKnownSidType. But the result is the same.
As you can see, we are granting permissions with ACL by using the Set-Acl PowerShell cmdlet. There are a lot of other uses and scenarios with granting permissions, but I hope these two examples will help you.

Leave a comment

Your email address will not be published. Required fields are marked *

15 + 3 =