Configuring NTFS Permissions using PowerShell

Here are some quick examples on configuring NTFS permissions using PowerShell. The first example is using the takeown.exe and icacls.exe commands driven by PowerShell, and the second example is using the takeown.exe and native Get-Acl and Set-Acl PowerShell cmdlets.

Credits: Thanks to Gary Blok for showing me the Get-Acl and Set-Acl PowerShell cmdlets.

Option #1 – Having PowerShell use takeown.exe and icacls.exe

# Configure folder to change permssions on
$Path = "C:\Demo"

# Optional - Backing up the Access Control Lists (ACLs) 
& icacls.exe @($Path, "/save", "`"C:\Windows\Temp\NTFS.acl`"", "/T")

# Assign yourself as an owner of the folder
& takeown.exe @("/F", $Path, "/R")

# Grant the builtin administrators group full control permissions to the folder
& icacls.exe @($Path, "/grant", "`"BUILTIN\Administrators`":(F)", "/T")

Option #2 – Combining takeown.exe and Native Get-Acl and Set-Acl cmdlets

# Configure folder to change permssions on
$Path = "C:\Demo"

# Assign yourself as an owner of the folder
& takeown.exe @("/F", $Path, "/R")

# Grant the builtin administrators group full control permissions to the folder
$ACL = Get-Acl -Path $Path
$AR = New-Object System.Security.AccessControl.FileSystemAccessRule("BUILTIN\Administrators", "FullControl", "Allow")
$ACL.SetAccessRule($AR)
Set-Acl -Path $Path -AclObject $ACL
About the author

Johan Arwidmark

0 0 votes
Article Rating
Subscribe
Notify of
guest
2 Comments
Newest
Oldest Most Voted
Inline Feedbacks
View all comments
Kelly
Kelly
2 months ago

Thanks Johan, Here is what I have been using below, This looks to have stopped being updated but still works. #Install Module for NTFS Security # Check if Module is installed If(-not (Get-InstalledModule NTFSSecurity -ErrorAction silentlycontinue)) #If not installed install it {Set-PSRepository -Name 'PSGallery' -InstallationPolicy Trusted Install-Module -Name NTFSSecurity -RequiredVersion 4.2.4 -ErrorAction silentlycontinue } #Import Module  Import-Module NTFSSecurity -Force -ErrorAction silentlycontinue # Strips inheritance, Clears out all permissions, Adds back ReadAndExecute for Auth Users and Full to Administrators. Disable-NTFSAccessInheritance -Path C:\Users\Public\Documents\Offline Clear-NTFSAccess -Path C:\Users\Public\Documents\Offline Add-NTFSAccess -Path C:\Users\Public\Documents\Offline -Account 'NT AUTHORITY\Authenticated Users' -AccessRights 'ReadAndExecute, Synchronize' -PassThru Add-NTFSAccess -Path C:\Users\Public\Documents\Offline -Account 'BUILTIN\Administrators'… Read more »


>