Author Posts

May 23, 2018 at 2:35 pm

Hi All,

Is it possible to use Powershell to set access permissions for a specific file type within an existing shared folder on a server (server 2008 R2)?

I have a situation where a folder, filled with lots of different file types, is being shared and I'm being asked if I can limit access on just the .ini files within that folder, without changing it for all files in that directory. Problem is, there's more than 60 .ini files there, so I'd have to change the permissions on each file, individually, and additional .ini files may be created in the future.

I'm wondering if there's an Access Control List that could be created, or something, using Powershell to accomplish this goal?

Thanks very much for all help, in advance.

May 23, 2018 at 4:06 pm

Yes you can is the short answer.

Get-childitem to get the list of files
Get-acl for reading the acl
Set-acl for setting the acl

May 23, 2018 at 4:15 pm

I'd use this module

May 23, 2018 at 6:59 pm

Thanks for the reply. I installed the NTFSSecurity module and went through all of the documentation for it, but it still isn't clear how to set access permissions on a specific file type, such as only .ini files within the directory.

Even with using the Get-ChildItem cmdlet, I can sort by extension, but I have no idea how to apply NTFS permissions to those extensions:
Get-ChildItem -Path \\server\data | Sort-Object Extension > list_sorted_by_extension.txt

If someone could provide a good example I would be grateful. I feel like I'm close.

Thanks again,

May 24, 2018 at 1:16 pm

One way of doing it.

$listOfFiles = Get-ChildItem -Path c:\tmp

foreach($l in $listOfFiles)
{
    if($l.Extension -eq '.ini')
    {
        # Set the ACL here
        
        # This will just output the fullpath so you can see an example
        Write-Output $l.FullName
    }
}

May 25, 2018 at 3:00 pm

Thank you very much for the example. I was able to get a list of .ini files in the directory with what you gave me, but I'm struggling, trying to change the NTFS Security permissions to read and execute, just for the .ini files, while allowing read/write for all other files in that directory, recursively.

Please forgive me...I'm really not trying to ask all of you to write my script for me. I'm a Cisco guy, starting to dabble with PowerShell and, so far, I've been doing simple Active Directory user scripts and such. THe other day, management came to me and said they were concerned about people having the ability to change the contents of .ini files in a folder, but need them to be able to write to other files there.

I am immensely grateful for the help you're all providing me.

May 25, 2018 at 3:03 pm

Someone else had told me that "GCI *.ini" should do better. And that I cannot apply permissions to non existing files, so I would need to run this on a schedule (or implement a file system watcher), though I would't know how to go about his, either. Once this is set, a file system watcher sounds like it would be nice for future .ini files created in that folder.

May 25, 2018 at 3:06 pm

Thanks. Yeah, I read both pages complete and it helped me grasp NTFSSecurity concepts, though it doesn't specify how to apply the permission changes to the specific files that I filter with Get-ChildItem.