Setting Folder Permissions

​

There's been a few instances where setting folder permissions has been required and I've found the following useful.

​

For instructions on how to deploy from MDT (here)

<#

.Synopsis
Change FOLDER permission for Authenticated User

​

.Description

​​

.Version

#>

​

#Declares Inheritance
$inherNone = [System.Security.AccessControl.InheritanceFlags]::None
$propNone = [System.Security.AccessControl.PropagationFlags]::None

$inherCnIn = [System.Security.AccessControl.InheritanceFlags]::ContainerInherit
$propInOn = [System.Security.AccessControl.PropagationFlags]::InheritOnly

$inherObIn = [System.Security.AccessControl.InheritanceFlags]::ObjectInherit
$propNoPr = [System.Security.AccessControl.PropagationFlags]::NoPropagateInherit

 

#Declare Auth User

$user = "Authenticated users"

#Path to Folder
$path = "C:\SomeFolder"

​

#Return current permissions

(get-acl C:\SomeFolder).Access 

​

#Removes Inheritance
$aclInh = get-acl $path
$aclInh.SetAccessRuleProtection($true,$true)
Set-Acl $path $aclInh

​

#Remove Permissions 

$getAcl = Get-Acl $path
$fileAcc = New-Object System.Security.AccessControl.FileSystemAccessRule("$User","FULL","$inherCnIn ,$inherObIn","None","Allow")
$getAcl.SetAccessRule($fileAcc)
$getAcl.removeAccessRuleAll($fileAcc)
Set-Acl $path $getAcl

#Add Permissions
$getAcl = Get-Acl $path
$fileAcc = New-Object System.Security.AccessControl.FileSystemAccessRule("$user","READ","$inherCnIn,$inherObIn", "None","Allow")
$getAcl.SetAccessRule($fileAcc)
Set-Acl $path $getAcl

​

 

#Add a DENY permission
$getAcl = Get-Acl $path
$fileAcc = New-Object System.Security.AccessControl.FileSystemAccessRule("$user","READ","$inherCnIn,$inherObIn","None","deny")
$getAcl.SetAccessRule($fileAcc)
Set-Acl $path $getAcl