Set Access Control List permissions from on a file (or object).

      Set-Acl [-path] string[] [-aclObject] ObjectSecurity
                 [-Include String] [-Exclude String]
                    [-filter string] [-passThru] [-whatIf]
                       [-confirm] [-UseTransaction] [CommonParameters]
   -Path path
       Path to the item to be changed {accepts wildcards}

       If a security object is passed to Set-Acl (either via -AclObject 
       or by passing an object from Get-Acl), and -Path is omitted,
       Set-Acl will use the path that is included in the security object.

   -AclObject ObjectSecurity
       An ACL with the desired property values.
       Often the output of a Get-Acl command saved in a variable.

   -Filter string
       A filter in the provider's format or language. 
       The exact syntax of the filter (wildcard support etc) depends on the provider.
       Filters are more efficient than -include/-exclude, because the provider
       applies the filter when retrieving the objects, rather than having 
       PowerShell filter the objects after they are retrieved.

   -include string
       Include only the specified items from the Path. e.g. "May*"
       This qualifies the -Path parameter and normally includes a wildcard.
   -Exclude string
       Omit the specified items from the Path e.g. "*SS64*"
       This qualifies the -Path parameter and normally includes a wildcard.

       Pass the object created by Set-Acl through the pipeline.
       Describe what would happen if you executed the command without
       actually executing the command.

       Prompt for confirmation before executing the command.

       Include the command in the active transaction.

       -Verbose, -Debug, -ErrorAction, -ErrorVariable, -WarningAction, -WarningVariable,
       -OutBuffer -OutVariable.

To apply a new rule to an ACL, requires an AccessRule Object of Type System.Security.AccessControl.FileSystemAccessRule

Inherited folder permissions:

 Object inherit    - This folder and files. (no inheritance to subfolders)
 Container inherit - This folder and subfolders.
 Inherit only      - The ACE does not apply to the current file/directory


Copy the security settings from Dog.txt to Cat.txt

PS C:\> $DogACL = get-acl c:\dog.txt
PS C:\> set-acl -path C:\cat.txt -AclObject $DogACL

Or the same thing with a pipeline:

PS C:\> get-acl c:\dog.txt | set-acl -path C:\cat.txt

Apply the same $Dog ACL to all the files in C:\Temp\ and all of its subdirectories:

PS C:\> get-childitem c:\temp -recurse -force | set-acl -aclobject $DogACL -whatif

Disable inheritance for the folder 'C:\DemoFolder' (If inheritance is left in place the folder will inherit all the permissions of the parent folder.)

PS C:\> $acl = Get-Acl -Path 'C:\DemoFolder'
PS C:\> $acl.SetAccessRuleProtection($true, $false)
PS C:\> $acl | Set-Acl -Path 'C:\DemoFolder'

Add a new permission for the current user:

PS C:\> $acl = Get-Acl -Path 'C:\DemoFolder'
PS C:\> $perm = $env:username, 'Read,Modify', 'ContainerInherit, ObjectInherit', 'None', 'Allow' 
PS C:\> $rule = New-Object -TypeName System.Security.AccessControl.FileSystemAccessRule -ArgumentList $perm
PS C:\> $acl.SetAccessRule($rule) 
PS C:\> $acl | Set-Acl -Path 'C:\DemoFolder'

“If it's a good idea - go ahead and do it. It’s easier to ask forgiveness than it is to get permission” ~ Grace Murray Hopper


Get-Acl - Get permission settings for a file or registry key
CACLS - Display or modify Access Control Lists (ACLs) for files and folders.
Equivalent bash command: chmod - Change access permissions

© Copyright 1999-2015
Some rights reserved