The filesystem and registry providers both support Get-Acl and Set-Acl, which allow the different access control lists to be modified.
Working with permissions in PowerShell involves a mixture of PowerShell commands and .NET objects and methods.
While some values and classes differ between the different providers, many of the same concepts apply.
The following snippet creates a set of files and folders in C:Temp. These files and folders are used in the examples that follow:
New-Item C:TempACL -ItemType Directory -Force
1..5 | ForEach-Object {
New-Item C:TempACL$_ -ItemType Directory -Force
'content' | Out-File "C:TempACL$_$_.txt"
New-Item C:TempACL$_$_ -ItemType Directory -Force
'content' | Out-File "C:TempACL$_$_$_.txt"
}
The Get-Acl command is used to retrieve an existing Access Control List (ACL) for an object. Set-Acl is used to apply an updated ACL to an object.
If Get-Acl is used against a directory, the ACL type is DirectorySecurity; for a file, the ACL type is FileSecurity and, for a registry key, the ACL type is RegistrySecurity.
The NtfsSecurity module found in the PowerShell Gallery may be an easier alternative to the native methods discussed in this section.