Applying ACL Permissions using PowerShell Set-Acl Applying ACL Permissions using PowerShell Set-Acl powershell powershell

Applying ACL Permissions using PowerShell Set-Acl


powershell acl

Your comment describes the following behaviour:

Your PowerShell script succeeds but if you check the permissions with the explorers properties dialog, you will see the following:

permissions with unfilled checkboxes

This is pretty confusing as a PowerShell query will confirm:

PS> Get-Acl .|flPath   : Microsoft.PowerShell.Core\FileSystem::D:\temp\myfolderOwner  : clijsters\clijstersGroup  : clijsters\KeinAccess : clijsters\NEWUSER Allow  FullControl        VORDEFINIERT\Administratoren Allow  FullControl        VORDEFINIERT\Administratoren Allow  268435456        NT-AUTORITÄT\SYSTEM Allow  FullControl        [...]

Your ACL changed. If you scroll down the list of your checkboxes you will notice, that "Special permissions" is checked and if you click on "Advanced" you will notice, your permissions are set.

EDIT:
As mentioned by @AnsgarWiechers, I missed a part describing why the permissions added with New-Object System.Security.AccessControl.FileSystemAccessRule("username", "FullControl", "Allow") are listed as Special permissions.

Like described on MSDN, FileSystemAccessRule has 4 constructors, where some accept InheritanceFlags and PropagationFlags (e.g. this one fits your needs). If you use them and define inheritance behaviour, the permissions will show up as normal ones.

powershell acl

Today I was trying to compile ILSpy and encountered AL1078: Error signing assembly which is a permissions issue. An amalgamation of answers is shown.

This powershell script assigns $CurUsr to the token for the currently logged in user and $CurTgt as the folder whose permissions are being altered. Change them as required.

Add permission:

$CurTgt = "C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys"$CurUsr = [System.Security.Principal.WindowsIdentity]::GetCurrent().Name$acl = Get-Acl $CurTgt$AccessRule = New-Object System.Security.AccessControl.FileSystemAccessRule($CurUsr,"FullControl","ContainerInherit,ObjectInherit","None","Allow")$acl.SetAccessRule($AccessRule)$acl | Set-Acl $CurTgt

Remove permission:

$CurTgt = "C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys"$CurUsr = [System.Security.Principal.WindowsIdentity]::GetCurrent().Name$acl = Get-Acl $CurTgt$usersid = New-Object System.Security.Principal.Ntaccount ($CurUsr)$acl.PurgeAccessRules($usersid)$acl | Set-Acl $CurTgt

References:

Manage ACLsInheritanceCurrent User

Recent Posts
How can I color dots in a xy scatterplot according to column value?
How to update a claim in ASP.NET Identity?
What does {0} mean when initializing an object?
Accessing members of items in a JSONArray with Java
How to log SQL statements in Spring Boot?
Powershell Get-WebSite name parameter is ignored
How to detect scroll to bottom of html element
Java synchronized method
How to test controllers with CodeIgniter?
Detect Visual Composer
Matplotlib: Specify format of floats for tick labels
Rails join a list of strings with commas and "and" before the last