Setting folder ACL with PowerShell

Welcome Forums General PowerShell Q&A Setting folder ACL with PowerShell

Viewing 1 reply thread
  • Author
    • #239360
      Topics: 3
      Replies: 6
      Points: 51
      Rank: Member


      I’m using the following to set user rights on a folder:

      $acl = Get-Acl $folder
      $AccessRule = New-Object System.Security.AccessControl.FileSystemAccessRule("mydomain\joeuser","FullControl","Allow")
      $acl | Set-Acl $folder

      This works fine, however I don’t want to grant joeuser full control, only standard read/execute rights. The following should be checked in the Properties for the folder: Read & execute, List folder contents, and Read.

      If I change “FullControl” to “Read” in the above code, I end up with Special permissions where Read is the only checked item.

      Any suggestions greatly appreciated.

    • #239831
      Topics: 7
      Replies: 121
      Points: 587
      Helping Hand
      Rank: Major Contributor

      Try playing with this, adjust to your liking:

      $FolderAuditRules = "Traverse, ExecuteFile, ListDirectory, ReadData, CreateFiles, WriteData, CreateDirectories, AppendData, DeleteSubdirectoriesAndFiles, Delete, ChangePermissions, TakeOwnership"

      $AccessRule = New-Object System.Security.AccessControl.FileSystemAccessRule("mydomain\joeuser", $FolderAuditRules)

Viewing 1 reply thread
  • You must be logged in to reply to this topic.