PowerShell Script Files – Set-Acl
With Set-Acl (Access Control List) you can actually change permissions on files or folders, thus adjust who can see sensitive information. If you are new to this cmdlet I recommend that you start with the safer, easier Get-Acl before you risk creating a rogue script which locks you out of important areas of the file system.
♣
Example: Set-Acl Copy Permissions
The Set-Acl cmdlet changes the security descriptor of a file, to match the values in a security descriptor that you supply. You can also employ Set-Acl for amending folder or registry permissions. The best technique that I have found is to use Get-Acl to do the fetching and Set-Acl to do the applying new permissions.
For safety reasons it’s better to create a test folder and copy a few unimportant files, rather than risk a novice script running amok on important data files.
Preliminary Steps
- Have a refresher on Get-Acl
- Create a new folder, for example C:\Romeo
- Copy a few unimportant files into your example folder, or else create a few new files with Notepad.
Assumption you have two files. C:\Romeo\OldUser.txt and C:\Romeo\NewPerson.txt
# PowerShell Example Set-Acl Copy Permissions
Clear-Host
$Source = "C:\Romeo\OldUser.txt"
$Destination = "C:\Romeo\NewPerson.txt"
Get-Acl $Source | Set-Acl -path $Destination
Learning Points
Note 1: The reason that I used the variable $Source and $Destination is to remind you to change the values of these paths before running this script on your machine.
Note 2: If you are in anyway uncertain what will happen, remember the -confirm and -whatIf parameters, they are made for situation like this – learning something new which could cripple your machine.
# PowerShell Set-Acl Copy Permissions
Clear-Host
$Source = "C:\Romeo\OldUser.txt"
$Destination = "C:\Romeo\NewPerson.txt"
Get-Acl $Source | Set-Acl -path $Destination -confirm
Challenge: Use the Windows Explorer to see the actual files, and also use the Advanced button on the property sheet to change permissions on the source file, then run the above example script again.
This is just to check that the script really is copying the permissions from one file to the other.
Recommended: Solarwinds’ Permissions Analyzer – Free Active Directory Tool
I like the Permissions Monitor because it enables me to see WHO has permissions to do WHAT at a glance. When you launch this tool it analyzes a users effective NTFS permissions for a specific file or folder, and takes into account network share access, then displays the results in a nifty desktop dashboard!
Think of all the frustration that this free SolarWinds utility saves when you are troubleshooting authorization problems for user’s access to a resource. Give this permissions monitor a try – it’s free!
Download SolarWinds’ Free Permissions Analyser – Active Directory Tool
Research Set-Acl Parameters
# PowerShell Set-Acl Parameters
Clear-Host
Get-Help Set-Acl -full
Checking the help file will reveal useful parameters, for instance the -force switch maybe useful for your task. In addition to the file system you can also use Set-Acl to change permissions on registry keys.
Background Research
In addition to pure PowerShell Set-Acl research I strongly recommend that open Windows Explorer and look at not only the location of the files, but also at the permissions.
If you right-click any file or folder, select properties and check the permissions. For further detail click Edit, see screenshot to the right.
Another useful technique is to use CACLS
Guy Recommends: A Free Trial of the Network Performance Monitor (NPM) v11.5
SolarWinds’ Network Performance Monitor will help you discover what’s happening on your network. This utility will also guide you through troubleshooting; the dashboard will indicate whether the root cause is a broken link, faulty equipment or resource overload.
What I like best is the way NPM suggests solutions to network problems. Its also has the ability to monitor the health of individual VMware virtual machines. If you are interested in troubleshooting, and creating network maps, then I recommend that you try NPM now.
Download a free trial of Solarwinds’ Network Performance Monitor
Researching Similar PowerShell Content Cmdlets
# PowerShell Content Cmdlet Research
Clear-Host
Get-Command -Noun Acl
This reveals the sister command Get-Acl. Incidentally, many of PowerShell’s Get verbs also have a ‘Set’ companion cmdlet.
See a Review of Solarwinds Permissions Analyzer (Free) »
Summary of PowerShell’s Set-Acl Cmdlet
Set-Acl is rather different from the mainstream PowerShell cmdlets, it’s designed to modify the access control list of a file, to match the values you supply through the sister command Get-Acl. You can also employ Set-Acl for amending folder or registry permissions.
If you like this page then please share it with your friends
See more PowerShell share examples including WMI
• PowerShell WMI • Create Win32_Share • WMI Shares • Free Permissions Analyzer Tool
• Get-Acl • PowerShell Share Error Codes • Win32_ComputerSystem • PowerShell 3.0 CIM
• Windows PowerShell • Free WMI Monitor • Cacls • Query • PowerShell Printer Scripts
Please email me if you have a example scripts. Also please report any factual mistakes, grammatical errors or broken links, I will be happy to correct the fault.