Whether you want to add a new NTFS access rule to a file or turn off inheritance and add new rules, here is a sample script that illustrates the trick and can serve you as a template.
The script creates a test file, then defines a new access rule for the current user. This rules allows read and write access. The new rule is added to the existing security descriptor. In addition, inheritance is turned off.
# create a sample file to apply security rules to $Path = "$env:temp\examplefile.txt" $null = New-Item -Path $Path -ItemType File -ErrorAction SilentlyContinue # use current user or replace with another user name $username = "$env:USERDOMAIN\$env:USERNAME" # define the new access rights $colRights = [System.Security.AccessControl.FileSystemRights]'Read, Write' $InheritanceFlag = [System.Security.AccessControl.InheritanceFlags]::None $PropagationFlag = [System.Security.AccessControl.PropagationFlags]::None $objType =[System.Security.AccessControl.AccessControlType]::Allow $objUser = New-Object System.Security.Principal.NTAccount($username) # create new access control entry $objACE = New-Object System.Security.AccessControl.FileSystemAccessRule ` ($objUser, $colRights, $InheritanceFlag, $PropagationFlag, $objType) # get existing access control list for a file or folder $objACL = Get-Acl -Path $Path # add rule $objACL.AddAccessRule($objACE) # disable inheritance (if needed) $objACL.SetAccessRuleProtection($true, $false) # apply changed access control list to file Set-Acl -Path $Path -AclObject $objACL # show file in the File Explorer explorer.exe "/SELECT,$Path"
Once completed, the script opens the test file in the File Explorer and selects it. You can then right-click the file and choose Properties > Security to view the new settings.
To find out the available access rights, in the ISE editor type in this line:
This will automatically open the context menu and lists all available settings.
