2020 | Scott W. Head  |  Sr. Systems Admin | Certified Microsoft Windows Server Administrator

PowerShell Set ACL

 # Using Powershell to Control NTFS Permissions - Removes Inheritance and Adds Some Required Groups and a User
 # You must have access rights to the folder to start with, does not work to take ownership if you have no rights

    
                 
 
  #-------Get User Account to Add to ACL---------- 
    $SAM=read-Host "Enter UserID"
    

    #------Grabs Folders Current ACL to Variable-------- 
    $acl = Get-Acl C:\NewFolder1
        

    #--------------------------- ($True means no Inheritance) and if the previously inherited access rules should be preserved--------- 
    #--------------------------- ($False means remove previously inherited permissions). ----------------------------------------------

    $acl.SetAccessRuleProtection($True, $False)
    

    #---------------------------Local Administrators Group Added Full Control --------------------
    $rule = New-Object System.Security.AccessControl.FileSystemAccessRule("Administrators","FullControl", "ContainerInherit, ObjectInherit", "None", "Allow") 
    $acl.AddAccessRule($rule)
    

    #---------------------------Built In System Group Added Full Control | Backups ----------------
    $rule = New-Object System.Security.AccessControl.FileSystemAccessRule("System","FullControl", "ContainerInherit, ObjectInherit", "None", "Allow") 
    $acl.AddAccessRule($rule)
    

    
    #---------------------------Domain Administrators Group Added Full Control -------------------

    #$rule = New-Object System.Security.AccessControl.FileSystemAccessRule("Domain Admins","FullControl", "ContainerInherit, ObjectInherit", "None", "Allow") 
    #$acl.AddAccessRule($rule)
    
   
#---------------------------User Directly Assigned Rights full control  ----------------------
    $rule = New-Object System.Security.AccessControl.FileSystemAccessRule($SAM,"Modify", "ContainerInherit, ObjectInherit", "None", "Allow")
    $acl.AddAccessRule($rule)
    

    #---------------------------Executes the ACL Rules on this Folder ---------------------
    Set-Acl C:\NewFolder1 $acl
    
 
  #---------------------------Get New ACL on Folder --------
    $acl = Get-Acl C:\NewFolder1
    
   
#---------------------------Diplays Current ACL to Screen ------ 
    $acl | Format-List