Windows permissions

The filesystem and registry providers both support Get-Acl and Set-Acl, which allow the different access control lists to be modified.

Working with permissions in PowerShell involves a mixture of PowerShell commands and .NET objects and methods.

While some values and classes differ between the different providers, many of the same concepts apply.

The following snippet creates a set of files and folders in C:Temp. These files and folders are used in the examples that follow:

New-Item C:TempACL -ItemType Directory -Force
1..5 | ForEach-Object {
    New-Item C:TempACL$_ -ItemType Directory -Force
    'content' | Out-File "C:TempACL$_$_.txt"

    New-Item C:TempACL$_$_ -ItemType Directory -Force
    'content' | Out-File "C:TempACL$_$_$_.txt"
}

The Get-Acl command is used to retrieve an existing Access Control List (ACL) for an object. Set-Acl is used to apply an updated ACL to an object.

If Get-Acl is used against a directory, the ACL type is DirectorySecurity; for a file, the ACL type is FileSecurity and, for a registry key, the ACL type is RegistrySecurity.

Alternatives to .NET classes

The NtfsSecurity module found in the PowerShell Gallery may be an easier alternative to the native methods discussed in this section.

Table of Contents for Windows permissions

Create new playlist

Sign In

Sign Up

Table of Contents for
Windows permissions