Remove-NTFSAccess -Path C:\DOCS -Account 'corp\LMurkowski' -AccessRights FullControl -PassThru To grant permissions only at the top folder level and not to change permissions on the nested objects (folder only), use this command:Īdd-NTFSAccess c:\docs\public -Account corp\LMurkowski -AccessRights Modify -AppliesTo ThisFolderOnly Use the -PassThru parameter to make the command display new ACLs after it is executed. By default, the NTFSSecurity cmdlets do not return any data.
$acl.SetAccessRuleProtection($True, $True) # the first $True shows if the folder is protected, the second $True specifies if the current NTFS permissions have to be copied To disable folder inheritance from PowerShell: $targetrule = $rules | where IdentityReference -eq "corp\DSullivan" $rules = $acl.Access | where IsInherited -eq $false To remove the NTFS permission to access a folder for a user or a group: $rule = New-Object -TypeName -ArgumentList $perm $perm = $user, $Permiss, $InheritSettings, $PropogationSettings, $RuleType $InheritSettings = "Containerinherit, ObjectInherit" $Permiss = "Read, ReadAndExecute, ListDirectory"
So to add the permissions on an object, you have to use the following complex script: The main problem of using Set-ACL is that the cmdlet is always trying to change the resource owner, even if you just need to change the NTFS permissions. To do it, the account must be the owner of the object and have Take Ownership privilege.