While there are not many built-in cmdlets to manage NTFS permissions, there is a growing list of open source PowerShell modules adding these. One promising module is written by Raimund Andree, a German Microsoft engineer who will also speak at the upcoming PowerShell Conference EU (www.psconf.eu).
If you use PowerShell 5 or have installed PowerShellGet (www.powershellgallery.com), this is how you can download and install the module „NTFSSecurity“ from the PowerShell Gallery:
# review module details Find-Module -Repository PSGallery -Name NTFSSecurity | Select-Object -Property * | Out-GridView # download module Install-Module -Repository PSGallery -Name NTFSSecurity -Scope CurrentUser
To view all new cmdlets, try this:
PS C:\> Get-Command -Module NTFSSecurity CommandType Name Version ----------- ---- ------- Cmdlet Add-NTFSAccess 4.2.3 Cmdlet Add-NTFSAudit 4.2.3 Cmdlet Clear-NTFSAccess 4.2.3 Cmdlet Clear-NTFSAudit 4.2.3 Cmdlet Copy-Item2 4.2.3 Cmdlet Disable-NTFSAccessInheritance 4.2.3 Cmdlet Disable-NTFSAuditInheritance 4.2.3 Cmdlet Disable-Privileges 4.2.3 Cmdlet Enable-NTFSAccessInheritance 4.2.3 Cmdlet Enable-NTFSAuditInheritance 4.2.3 Cmdlet Enable-Privileges 4.2.3 Cmdlet Get-ChildItem2 4.2.3 Cmdlet Get-DiskSpace 4.2.3 Cmdlet Get-FileHash2 4.2.3 Cmdlet Get-Item2 4.2.3 Cmdlet Get-NTFSAccess 4.2.3 Cmdlet Get-NTFSAudit 4.2.3 Cmdlet Get-NTFSEffectiveAccess 4.2.3 Cmdlet Get-NTFSHardLink 4.2.3 Cmdlet Get-NTFSInheritance 4.2.3 Cmdlet Get-NTFSOrphanedAccess 4.2.3 Cmdlet Get-NTFSOrphanedAudit 4.2.3 Cmdlet Get-NTFSOwner 4.2.3 Cmdlet Get-NTFSSecurityDescriptor 4.2.3 Cmdlet Get-NTFSSimpleAccess 4.2.3 Cmdlet Get-Privileges 4.2.3 Cmdlet Move-Item2 4.2.3 Cmdlet New-NTFSHardLink 4.2.3 Cmdlet New-NTFSSymbolicLink 4.2.3 Cmdlet Remove-Item2 4.2.3 Cmdlet Remove-NTFSAccess 4.2.3 Cmdlet Remove-NTFSAudit 4.2.3 Cmdlet Set-NTFSInheritance 4.2.3 Cmdlet Set-NTFSOwner 4.2.3 Cmdlet Set-NTFSSecurityDescriptor 4.2.3 Cmdlet Test-Path2 4.2.3
Once you find your way into the cmdlets, adding or setting NTFS permissions is now a snap:
$path = 'c:\test1' mkdir $path Get-NTFSAccess -Path $Path | Add-NTFSAccess -Account training14\student14 -AccessRights CreateFiles -AccessType Allow
One caveat: you need Administrator privileges to change NTFS permissions, even for file system elements that you own.
ReTweet this Tip!
Why isn't this part of 5.x? NTFS security should have been part of PowerShell since day 1. Frustrating that this stuff is in a downloaded module.