Manage NTFS Permissions Using PowerShell
View NTFS Permissions With
- Display NTFS Permissions in PowerShell
- Get ACL on Files Recursively in PowerShell
Managing NTFS permissions with a GUI is time-consuming, especially when working with many users or groups. However, specific PowerShell cmdlets can retrieve and assign NTFS permissions.
This article will discuss managing NTFS permissions with the
View NTFS Permissions With
Get-ACL in PowerShell
An access control list (or ACL) is a list of access control entries (ACE) wherein each list contains an ACE that identifies a trustee and specifies access rights.
A securable object’s security descriptor can be one of two types: DACL or SACL. A DACL identifies the users and groups allowed or denied access, while a SACL controls access.
PowerShell allows us to quickly view NTFS permissions using the
Get-ACL cmdlet. We will learn how to use the cmdlet to view NTFS permissions for a file or folder in the following sections.
Display NTFS Permissions in PowerShell
Traditionally, we would view an ACL by right-clicking on a folder, clicking on
Properties, selecting the
Security tab, and clicking the
Advanced button. We can see an example of how the GUI displays permissions below.
The following examples in this article assign a path to the variable
$dir = "C:\Windows\Temp" Get-Acl -Path $dir
Path Owner Access ---- ----- ------ Temp DESKTOP-7GI1260\KentMarion BUILTIN\Administrators Allow FullControl...
However, running the
Get-Acl command with the
-Path parameter will only display and output the Access Control List on the folder level. What if we wanted to check the Access Control List on the file level?
Get ACL on Files Recursively in PowerShell
One of the advantageous functions of PowerShell is the use of the Pipeline. PowerShell pipelines combine a series of several commands using a pipeline operator (
We can use the pipeline method to get the Access Control List on the file level.
We need to use the command
Get-ChildItem to achieve this scenario. The
Get-ChildItem command fetches all files and folders inside a directory.
Let us use our previous
$dir variable as an example.
$dir = "C:\Windows\Temp" Get-ChildItem $dir -Recurse | Get-Acl | Format-List | Out-File "C:\PS\output.txt"
In the example above, the
-Recurse switch parameter is important to loop through all the files and perform the
Get-Acl command. By doing the snippet above, we will be able to get all of the access control list permissions of all files in the
It is also suggested to use the
Out-File command to export all details under one text file, especially if you have many files in your targeted folder.