Setting folder ACL with PowerShell

Welcome Forums General PowerShell Q&A Setting folder ACL with PowerShell

Viewing 1 reply thread
  • Author
    Posts
    • #239360
      Participant
      Topics: 2
      Replies: 3
      Points: 30
      Rank: Member

      Hi.

      I’m using the following to set user rights on a folder:

      $acl = Get-Acl $folder
      $AccessRule = New-Object System.Security.AccessControl.FileSystemAccessRule("mydomain\joeuser","FullControl","Allow")
      $acl.SetAccessRule($AccessRule)
      $acl | Set-Acl $folder

      This works fine, however I don’t want to grant joeuser full control, only standard read/execute rights. The following should be checked in the Properties for the folder: Read & execute, List folder contents, and Read.

      If I change “FullControl” to “Read” in the above code, I end up with Special permissions where Read is the only checked item.

      Any suggestions greatly appreciated.

    • #239831
      Participant
      Topics: 6
      Replies: 104
      Points: 486
      Helping Hand
      Rank: Contributor

      Try playing with this, adjust to your liking:

      $FolderAuditRules = "Traverse, ExecuteFile, ListDirectory, ReadData, CreateFiles, WriteData, CreateDirectories, AppendData, DeleteSubdirectoriesAndFiles, Delete, ChangePermissions, TakeOwnership"

      $AccessRule = New-Object System.Security.AccessControl.FileSystemAccessRule("mydomain\joeuser", $FolderAuditRules)

Viewing 1 reply thread
  • You must be logged in to reply to this topic.