PowerShell Set-Acl Cmdlet

PowerShell Script Files – Set-Acl

With Set-Acl (Access Control List) you can actually change permissions on files or folders, thus adjust who can see sensitive information.  If you are new to this cmdlet I recommend that you start with the safer, easier Get-Acl before you risk creating a rogue script which locks you out of important areas of the file system.


Example: Set-Acl Copy Permissions

The Set-Acl cmdlet changes the security descriptor of a file, to match the values in a security descriptor that you supply.  You can also employ Set-Acl for amending folder or registry permissions.  The best technique that I have found is to use Get-Acl to do the fetching and Set-Acl to do the applying new permissions.

For safety reasons it’s better to create a test folder and copy a few unimportant files, rather than risk a novice script running amok on important data files.

Preliminary Steps

  • Have a refresher on Get-Acl
  • Create a new folder, for example C:\Romeo
  • Copy a few unimportant files into your example folder, or else create a few new files with Notepad.

Assumption you have two files.  C:\Romeo\OldUser.txt and C:\Romeo\NewPerson.txt

# PowerShell Example Set-Acl Copy Permissions
$Source = "C:\Romeo\OldUser.txt"
$Destination = "C:\Romeo\NewPerson.txt"
Get-Acl $Source | Set-Acl -path $Destination

Learning Points

Note 1:  The reason that I used the variable $Source and $Destination is to remind you to change the values of these paths before running this script on your machine.

Note 2:  If you are in anyway uncertain what will happen, remember the -confirm and -whatIf parameters, they are made for situation like this – learning something new which could cripple your machine.

# PowerShell Set-Acl Copy Permissions
$Source = "C:\Romeo\OldUser.txt"
$Destination = "C:\Romeo\NewPerson.txt"
Get-Acl $Source | Set-Acl -path $Destination -confirm

Challenge:  Use the Windows Explorer to see the actual files, and also use the Advanced button on the property sheet to change permissions on the source file, then run the above example script again.

This is just to check that the script really is copying the permissions from one file to the other.

PowerShell Set-Acl cmdlet

Research Set-Acl Parameters

# PowerShell Set-Acl Parameters
Get-Help Set-Acl -full

Checking the help file will reveal useful parameters, for instance the -force switch maybe useful for your task.  In addition to the file system you can also use Set-Acl to change permissions on registry keys.

Background Research

In addition to pure PowerShell Set-Acl research I strongly recommend that open Windows Explorer and look at not only the location of the files, but also at the permissions.

If you right-click any file or folder, select properties and check the permissions. For further detail click Edit, see screenshot to the right.

Another useful technique is to use CACLS

Guy Recommends:  A Free Trial of the Network Performance Monitor (NPM)Review of Orion NPM v11.5 v11.5

SolarWinds’ Network Performance Monitor will help you discover what’s happening on your network.  This utility will also guide you through troubleshooting; the dashboard will indicate whether the root cause is a broken link, faulty equipment or resource overload.

What I like best is the way NPM suggests solutions to network problems.  Its also has the ability to monitor the health of individual VMware virtual machines.  If you are interested in troubleshooting, and creating network maps, then I recommend that you try NPM now.

Download a free trial of Solarwinds’ Network Performance Monitor

Researching Similar PowerShell Content Cmdlets

# PowerShell Content Cmdlet Research
Get-Command -Noun Acl

This reveals the sister command Get-Acl.  Incidentally, many of PowerShell’s Get verbs also have a ‘Set’ companion cmdlet. 

See a Review of Solarwinds Permissions Analyzer (Free) »

Summary of PowerShell’s Set-Acl Cmdlet

Set-Acl is rather different from the mainstream PowerShell cmdlets, it’s designed to modify the access control list of a file, to match the values you supply through the sister command Get-Acl.  You can also employ Set-Acl for amending folder or registry permissions.

If you like this page then please share it with your friends


See more PowerShell share examples including WMI

PowerShell WMI   • Create Win32_Share   • WMI Shares   • Free Permissions Analyzer Tool

Get-Acl  • PowerShell Share Error Codes   • Win32_ComputerSystem  • PowerShell 3.0 CIM

Windows PowerShell  • Free WMI Monitor  • Cacls   • Query   • PowerShell Printer Scripts

Please email me if you have a example scripts.  Also please report any factual mistakes, grammatical errors or broken links, I will be happy to correct the fault.