Managing NTFS Permissions

While there are not many built-in cmdlets to manage NTFS permissions, there is a growing list of open source PowerShell modules adding these. One promising module is written by Raimund Andree, a German Microsoft engineer who will also speak at the upcoming PowerShell Conference EU (www.psconf.eu).

If you use PowerShell 5 or have installed PowerShellGet (www.powershellgallery.com), this is how you can download and install the module „NTFSSecurity“ from the PowerShell Gallery:

# review module details
Find-Module -Repository PSGallery -Name NTFSSecurity | Select-Object -Property * | Out-GridView

# download module
Install-Module -Repository PSGallery -Name NTFSSecurity -Scope CurrentUser

To view all new cmdlets, try this:

 
PS C:\> Get-Command -Module NTFSSecurity

CommandType     Name                                               Version

-----------     ----                                               -------    
Cmdlet          Add-NTFSAccess                                     4.2.3
Cmdlet          Add-NTFSAudit                                      4.2.3
Cmdlet          Clear-NTFSAccess                                   4.2.3
Cmdlet          Clear-NTFSAudit                                    4.2.3
Cmdlet          Copy-Item2                                         4.2.3
Cmdlet          Disable-NTFSAccessInheritance                      4.2.3
Cmdlet          Disable-NTFSAuditInheritance                       4.2.3
Cmdlet          Disable-Privileges                                 4.2.3
Cmdlet          Enable-NTFSAccessInheritance                       4.2.3
Cmdlet          Enable-NTFSAuditInheritance                        4.2.3
Cmdlet          Enable-Privileges                                  4.2.3
Cmdlet          Get-ChildItem2                                     4.2.3
Cmdlet          Get-DiskSpace                                      4.2.3
Cmdlet          Get-FileHash2                                      4.2.3
Cmdlet          Get-Item2                                          4.2.3
Cmdlet          Get-NTFSAccess                                     4.2.3
Cmdlet          Get-NTFSAudit                                      4.2.3
Cmdlet          Get-NTFSEffectiveAccess                            4.2.3
Cmdlet          Get-NTFSHardLink                                   4.2.3
Cmdlet          Get-NTFSInheritance                                4.2.3
Cmdlet          Get-NTFSOrphanedAccess                             4.2.3
Cmdlet          Get-NTFSOrphanedAudit                              4.2.3
Cmdlet          Get-NTFSOwner                                      4.2.3
Cmdlet          Get-NTFSSecurityDescriptor                         4.2.3
Cmdlet          Get-NTFSSimpleAccess                               4.2.3
Cmdlet          Get-Privileges                                     4.2.3
Cmdlet          Move-Item2                                         4.2.3
Cmdlet          New-NTFSHardLink                                   4.2.3
Cmdlet          New-NTFSSymbolicLink                               4.2.3
Cmdlet          Remove-Item2                                       4.2.3
Cmdlet          Remove-NTFSAccess                                  4.2.3
Cmdlet          Remove-NTFSAudit                                   4.2.3
Cmdlet          Set-NTFSInheritance                                4.2.3
Cmdlet          Set-NTFSOwner                                      4.2.3
Cmdlet          Set-NTFSSecurityDescriptor                         4.2.3
Cmdlet          Test-Path2                                         4.2.3
 

Once you find your way into the cmdlets, adding or setting NTFS permissions is now a snap:

$path = 'c:\test1'

mkdir $path

Get-NTFSAccess -Path $Path | 
  Add-NTFSAccess -Account training14\student14 -AccessRights CreateFiles -AccessType Allow

One caveat: you need Administrator privileges to change NTFS permissions, even for file system elements that you own.

Twitter This Tip! ReTweet this Tip!