Set-ItemPermission

SYNOPSIS

Allow you to easily change permissions on files or folders

SYNTAX

EnableInheritance

Set-ItemPermission [-Path] <String> [-EnableInheritance] [<CommonParameters>]

DisableInheritance

Set-ItemPermission [-Path] <String> [-User] <String[]> [-Permission] <String[]> [[-PermissionType] <String>]
 [[-Inheritance] <String[]>] [[-Propagation] <String>] [[-Method] <String>] [<CommonParameters>]

DESCRIPTION

Allow you to easily change permissions on files or folders for a given user or group. You can add, remove or replace permissions, set inheritance and propagation.

EXAMPLES

EXAMPLE 1

Will grant FullControl permissions to 'John' and 'Users' on 'C:\Temp' and its files and folders children.

PS C:\>Set-ItemPermission -Path 'C:\Temp' -User 'DOMAIN\John', 'BUILTIN\Utilisateurs' -Permission FullControl -Inheritance ObjectInherit,ContainerInherit

EXAMPLE 2

Will grant Read permissions to 'John' on 'C:\Temp\pic.png'

PS C:\>Set-ItemPermission -Path 'C:\Temp\pic.png' -User 'DOMAIN\John' -Permission 'Read'

EXAMPLE 3

Will remove all permissions to 'John' on 'C:\Temp\Private'

PS C:\>Set-ItemPermission -Path 'C:\Temp\Private' -User 'DOMAIN\John' -Permission 'None' -Method 'RemoveAll'

PARAMETERS

-Path

Path to the folder or file you want to modify (ex: C:\Temp)

Type: String
Parameter Sets: (All)
Aliases: File, Folder

Required: True
Position: 1
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-User

One or more user names (ex: BUILTIN\Users, DOMAIN\Admin) to give the permissions to. If you want to use SID, prefix it with an asterisk * (ex: *S-1-5-18)

Type: String[]
Parameter Sets: DisableInheritance
Aliases: Username, Users, SID, Usernames

Required: True
Position: 2
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-Permission

Permission or list of permissions to be set/added/removed/replaced. To see all the possible permissions go to 'http://technet.microsoft.com/fr-fr/library/ff730951.aspx'.

Permission DeleteSubdirectoriesAndFiles does not apply to files.

Type: String[]
Parameter Sets: DisableInheritance
Aliases: Acl, Grant, Permissions, Deny

Required: True
Position: 3
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-PermissionType

Sets Access Control Type of the permissions. Allowed options: Allow, Deny Default: Allow

Type: String
Parameter Sets: DisableInheritance
Aliases: AccessControlType

Required: False
Position: 4
Default value: Allow
Accept pipeline input: False
Accept wildcard characters: False

-Inheritance

Sets permission inheritance. Does not apply to files. Multiple options can be specified. Allowed options: ObjectInherit, ContainerInherit, None Default: None

None - The permission entry is not inherited by child objects, ObjectInherit - The permission entry is inherited by child leaf objects. ContainerInherit - The permission entry is inherited by child container objects.

Type: String[]
Parameter Sets: DisableInheritance
Aliases:

Required: False
Position: 5
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-Propagation

Sets how to propagate inheritance. Does not apply to files. Allowed options: None, InheritOnly, NoPropagateInherit Default: None

None - Specifies that no inheritance flags are set. NoPropagateInherit - Specifies that the permission entry is not propagated to child objects. InheritOnly - Specifies that the permission entry is propagated only to child objects. This includes both container and leaf child objects.

Type: String
Parameter Sets: DisableInheritance
Aliases:

Required: False
Position: 6
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-Method

Specifies which method will be used to apply the permissions. Allowed options: Add, Set, Reset.

Add - adds permissions rules but it does not remove previous permissions, Set - overwrites matching permission rules with new ones, Reset - removes matching permissions rules and then adds permission rules, Remove - Removes matching permission rules, RemoveSpecific - Removes specific permissions, RemoveAll - Removes all permission rules for specified user/s Default: Add

Type: String
Parameter Sets: DisableInheritance
Aliases: ApplyMethod, ApplicationMethod

Required: False
Position: 7
Default value: Add
Accept pipeline input: False
Accept wildcard characters: False

-EnableInheritance

Enables inheritance on the files/folders.

Type: SwitchParameter
Parameter Sets: EnableInheritance
Aliases:

Required: True
Position: 2
Default value: False
Accept pipeline input: False
Accept wildcard characters: False

CommonParameters

This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.

INPUTS

None

You cannot pipe objects to this function.

OUTPUTS

None

This function does not return any objects.

NOTES

Original Author: Julian DA CUNHA - [email protected], used with permission

RELATED LINKS

https://psappdeploytoolkit.com