Version 4.2.4 released on August 13 2018

Source are available on GitHub: https://github.com/raandree/NTFSSecurity

This module is also available on the PowerShell gallery.

Introduction

Managing permissions with PowerShell is only a bit easier than in VBS or the command line as there are no cmdlets for most day-to-day tasks like getting a permission report or adding permission to an item. PowerShell only offers Get-Acl and Set-Acl but everything in between getting and setting the ACL is missing. This module closes the gap.
 

Documentation

For documentation plese refer to:
NTFSSecurity Tutorial 1 - Getting, adding and removing permissions
NTFSSecurity Tutorial 2 - Managing NTFS Inheritance and Using Privileges


Comments, feature requests and bug reports are very welcome: raandree@live.com or even better create an issue on GitHub

Installation

Just create the folder "NTFSSecurity" in one of the standard module folders and copy the files attached in there. The standard module folders are in the environment variable %PSModulePath%, for example C:\Users\<username>\Documents\WindowsPowerShell\Modules.
 
For example, all the files in the zip file have to be in "C:\Users\raandree\Documents\WindowsPowerShell\Modules\NTFSSecurity". If you did this then the module should be listed in "Get-Module -ListAvailable" and can be imported using "Import-Module NTFSSecurity".
An even easier way is to install from the PowerShell gallery using "Install-Module -Name NTFSSecurity".

Description

The module provides 10 cmdlets to manage permissions on the file system, like adding and removing ACEs, setting the inheritance, getting the current permissions or even get the effective permissions for a certain user.
The available cmdlets are listed below with a short description. More information can be retreived in the PowerShell using Get-Help.
The name / SID translation is done by the Security2 class, the source code is available on CodePlex as well.
All cmdlets have at least one parameter that supports the pipeline. They can all work with pipeline input coming from Get-ChildItem but some do more with what comes form the pipeline. For excample you can remove permission by piping what Get-NTFSAccess returns to Remove-NTFSAccess  :
PowerShell
Edit|Remove
#Get permissions from all files or folders in the current folder 
dir | Get-NTFSAccess 
 
#to read and also remove only the explicitly assigned ones 
dir | Get-NTFSAccess -ExcludeInherited | Remove-NTFSAccess 
 The pipeline support can also be used to backup and restore permissions of one or many items:
PowerShell
Edit|Remove
#to backup permissions just pipe what Get-NTFSAccess returns to Export-Csv 
dir | Get-NTFSAccess -ExcludeInherited | Export-Csv permissions.csv 
 
#to retore the permissions pipe the imported data to Get-NTFSAccess 
#As the imported data also contains the path you do not need to specify the item 
Import-Csv .\permissions.csv | Get-NTFSAccess 
All cmdlets can handle SIDs and also SamAccountNames. The output contains always both unless a SID is not resolvable. 
The types.ps1xml file is extending the common objects with some useful information and the format.ps1xml file formats all the output in almost the same way like the Get-ChildItem output.
 
By implementing the [Process Privilege http://processprivileges.codeplex.com/] project the cmdlets can activate the required privileges for setting the ownership for example.
 


Add-NTFSAccess

Adds a specific ace to the current object. This can be done in just one line:
PowerShell
Edit|Remove
Get-Item .\VMWare | Add-NTFSAccess -Account Contoso\JohnD -AccessRights FullControl

Get-NTFSAccess

Gives you a list of all permissions . normally you are interested not in the inherited permissions so the switch ExcludeInherited can be useful
PowerShell
Edit|Remove
Get-Item F:\backup | Get-NTFSAccess –ExcludeInherited
 
Filtering works with Where-Object
PowerShell
Edit|Remove
Get-Item F:\backup | Get-NTFSAccess | Where-Object { $_.ID -like "*users*" }

Get-NTFS Orphaned  Access

Lists all permissions that can no longer be resolved. This normally happens if the account is no longer available so the permissions show up as a SID and not as an account name.

To remove all non-resolvable or orphaned permissions you can use the following line. But be very careful with that as maybe the account is not resolvable due to a network problem.
PowerShell
Edit|Remove
dir -Recurse | Get-NTFSOrphanedAccess | Remove-NTFSAccess

Remove- NTFSAccess

Removes the permission for a certain account. As the pipeline is supported it takes also
PowerShell
Edit|Remove
ACEs coming from Get-NTFSAccess or Get-NTFSOrphanedAccess


 Get-NTFSEffectiveAccess    

Shows the permissions an account actually has on a file or folder. If no parameter is specified it shows the effective permissions for the current user. However you can supply a user by using the SID or account name
PowerShell
Edit|Remove
Get-Item F:\backup | Get-NTFSEffectiveAccess -Account S-1-5-32-545

Get-NTFSInheritance

Shows if inheritance is blocked

Enable-NTFSInheritance

It can be a problem if certain files or folders on a volume have inheritance disabled. Making sure that inheritance is enabled can be done using this cmdlets:
PowerShell
Edit|Remove
Get-Item .\Data -Recurse | Enable-NTFSAccessInheritance

Disable-NTFSInheritance

See Enable-NTFSInheritance
 

Get-NTFSOwner

Shows the owner of a file or folder
PowerShell
Edit|Remove
dir -Recurse | Get-NTFSOwner

Set-NTFSOwner

Sets the owner to a specific account like:
 
PowerShell
Edit|Remove
Get-Item .\Data | Set-NTFSOwner -Account builtin\administrators

Version