PowerShell Set permissions on a folder/directory from the command line

0

Is there a better / easier way to set permissions on a Windows folder from the command line?

I am using powershell, get-acl and set-acl.

# Set permissions on a folder using powershell, get-acl and set-acl.
# make directory before settings permissions.  setting permissions code creates file.
# if the user has no permissions on the folder run this script in a window with admin privileges.
# windows 10
# powershell 5
# change zpath and zuser
$zpath="F:\Users\Default\Documents\_NOTEPAD++ AUTOBACKUP"
$zuser="_9doug"
If(!(test-path $zpath)){New-Item -ItemType directory -Path $zpath | Out-Null}
$Acl = Get-Acl $zpath
$Ar = New-Object System.Security.AccessControl.FileSystemAccessRule($zuser, "FullControl", "ContainerInherit,ObjectInherit", "None", "Allow")
$Acl.SetAccessRule($Ar)
Set-Acl $zpath $Acl
exit

somebadhat

Posted 2019-07-08T19:42:01.570

Reputation: 607

I don’t understand. You asked how to set permissions with powershell then posted a script that does exactly that. What is your question that can’t be answered in the script or in the Microsoft documentation covering these two commands? – Appleoddity – 2019-07-08T23:02:03.840

@appleoddity You find no errors, can offer no improvements to my description of what the script does? "This script "allows" "without changing the inheritance of files and folders in the folder" access "to the folder, everything in it, and everything that will be subsequently put in it" "full control" for "zuser"." – somebadhat – 2019-07-11T21:17:07.883

Well that is what I’m asking. So, you are looking for an explanation of how the script works? Your post isn’t clear in requesting that. – Appleoddity – 2019-07-11T21:53:34.703

@Appleoddity the OP is asking if there are better ways to perform the task. – Burgi – 2020-01-10T12:05:19.643

@Burgi no. If you look at the revision history the OP did not do that at the time of my reply. It’s been edited from practically indecipherable to an actual question. – Appleoddity – 2020-01-10T13:07:05.553

@Appleoddity Ah, my apologies. It came up in review (in its current form) and looked ok to me. – Burgi – 2020-01-10T13:08:52.307

Answers

2

Windows 10 64-bit.

Use icacls. Does not require admin privileges if the user does not exist on the object.

Grant User Full Permissions:

icacls "%userprofile%\Documents\021219" /inheritance:d /grant:r %username%:(OI)(CI)F /T

Remove a user:

icacls "%userprofile%\Documents\021219" /remove %UserName%

Help:

icalcs /?

icacls command line options

Grant user full permissions from the command line.

Remove user from the command line.

somebadhat

Posted 2019-07-08T19:42:01.570

Reputation: 607

Asked: 2019-07-08T19:42:01.570

Viewed: 635 times

Active: 2020-01-04T05:56:03.850