How to Manage Permissions to Folders or Files in Windows (PowerShell)

How to Manage Permissions to Folders or Files in Windows (PowerShell)

This sample demonstrates how to bulk get and set the security permission for folders and files using PowerShell.

Scenario

If you want to get or set security permission of a folder or a file, it’s easy for you to right click the folder of file and click the Properties option to view or set the permission. But if you need to check or set security permission for many folders or files, you may spend much time in finishing it. The sample will help you to check or set security permissions for one or more folders and files using the PowerShell script.

Script

This script contains the following advanced functions:

Get-OSCDirectoryOrFilePermission
Set-OSCDirectoryPermission
Set-OSCFilePermission

You can use this script in the following ways:

Method 1:

Download the script and copy it to your computer.
1. Open the script file by using Notepad or any other script editors.
2. Scroll down to the end of the script file, and then add the code to call the functions.
3. Save the file and then run the script on the computer.

Method 2:

Rename scriptname.ps1 to scriptname.psm1 (PowerShell Module file)
Run the Import-Module cmdlet to import this module file in PowerShell Console.
Import-Module filepath\scriptname.psm1

To obtain the detailed information about how to use the functions, run the following command to retrieve the help information:

Get-Help functionName -detailed

For example:

Get-Help Get-OSCDirectoryOrFilePermission -detailed

Notes:

To run script:

Open the PowerShell Console and run as administrator.
Import-Module <Your script file path>\ ManagePermissionToFolderOrFile.psm1

Here are some code snippets for your reference:

Code to get security permissions of folders and files:

PowerShell
Edit|Remove
powershellIf($foldersOrFiles)
{
    $foldersOrFiles | ForEach-Object{
        If($_ -and (-not($_ -match "^\s+$")))
        {
            If(Test-Path -Path $_)
            {
                Get-Acl -path $_ | Format-List
            }
            Else
            {
                Write-Error ($_ + " " + $Message.SpInvalidPath) 
            }
        }
        Else
        {
            Write-Error $Message.PathEmpty
        }
    }
}
 

If($foldersOrFiles) 
{ 
    $foldersOrFiles | ForEach-Object{ 
        If($_ -and (-not($_ -match "^\s+$"))) 
        { 
            If(Test-Path -Path $_) 
            { 
                Get-Acl -path $_ | Format-List 
            } 
            Else 
            { 
                Write-Error ($_ + " " + $Message.SpInvalidPath)  
            } 
        } 
        Else 
        { 
            Write-Error $Message.PathEmpty 
        } 
    } 
}

Code to set security permissions to folders:

PowerShell
Edit|Remove
powershell$aclFolder= Get-Acl -path $Path   
$aclFolder.SetAccessRuleProtection($true, $true)
$ruleFolder =  New-Object System.Security.AccessControl.FileSystemAccessRule($Account,$FileSystemRights,$InheritanceFlags,$PropagationFlags,$AccessControlType)
 
Try
{
    If($Type -eq "Add")
    {
        $aclFolder.AddAccessRule($ruleFolder)
    }
    Else
    {
        If($Type -eq "Remove")
        {
            $aclFolder.RemoveAccessRule($ruleFolder) | Out-Null
        }
    }
}
Catch
{
    Throw $_.Exception.Message
}
 
Set-Acl -path $Path -AclObject $aclFolder

$aclFolder= Get-Acl -path $Path    
$aclFolder.SetAccessRuleProtection($true, $true) 
$ruleFolder =  New-Object System.Security.AccessControl.FileSystemAccessRule($Account,$FileSystemRights,$InheritanceFlags,$PropagationFlags,$AccessControlType) 
  
Try 
{ 
    If($Type -eq "Add") 
    { 
        $aclFolder.AddAccessRule($ruleFolder) 
    } 
    Else 
    { 
        If($Type -eq "Remove") 
        { 
            $aclFolder.RemoveAccessRule($ruleFolder) | Out-Null 
        } 
    } 
} 
Catch 
{ 
    Throw $_.Exception.Message 
} 
  
Set-Acl -path $Path -AclObject $aclFolder

Code to set security permissions to files:

PowerShell
Edit|Remove
powershell$aclFile= Get-Acl -path $Path   
$aclFile.SetAccessRuleProtection($true, $true)
$ruleFile =  New-Object System.Security.AccessControl.FileSystemAccessRule($Account,$FileSystemRights,$AccessControlType)
 
Try
{
    If($Type -eq "Add")
    {
        $aclFile.AddAccessRule($ruleFile)
    }
    Else
    {
        If($Type -eq "Remove")
        {
            $aclFile.RemoveAccessRule($ruleFile) | Out-Null
        }
    }
}
Catch
{
    Throw $_.Exception.Message
}
    
Set-Acl -path $Path -AclObject $aclFile
 

$aclFile= Get-Acl -path $Path    
$aclFile.SetAccessRuleProtection($true, $true) 
$ruleFile =  New-Object System.Security.AccessControl.FileSystemAccessRule($Account,$FileSystemRights,$AccessControlType) 
  
Try 
{ 
    If($Type -eq "Add") 
    { 
        $aclFile.AddAccessRule($ruleFile) 
    } 
    Else 
    { 
        If($Type -eq "Remove") 
        { 
            $aclFile.RemoveAccessRule($ruleFile) | Out-Null 
        } 
    } 
} 
Catch 
{ 
    Throw $_.Exception.Message 
} 
     
Set-Acl -path $Path -AclObject $aclFile

Examples

Example 01: Get the security permissions of specific folders and files.
Command: Get-OSCDirectoryOrFilePermission -Path “Folder01Path, Folder02Path,… File01Path, File02Path,…”

Example 02: Set the specific security permissions to folders.
Command: Set-OSCDirectoryPermission -FoldersPath < FoldersPath > -Type <Type> -Account <AccountName> -FileSystemRights <FileSystemRightName> [-InheritanceFlags <InheritanceFlagName>] [-PropagationFlags <PropagationFlagName>]

-AccessControlType <AccessControlType>
Screenshot:

Example 02: Set the specific security permissions to files.
Command: Set-OSCFilePermission -FilesPath <FilesPath> -Type <Type> -Account <AccountName> -FileSystemRights <FileSystemRightName> -AccessControlType <AccessControlType>
Screenshot:

Prerequisites

Windows PowerShell 2.0

Additional Resources

Technical Resource:
TechNet Library: Get-Acl

TechNet Library: Set-Acl

MSDN Library: FileSystemAccessRule