I have a large list of folders within a single folder directory. My network rules are set where ntfs permissions are not inherited. I need to assign read and write permissions to each individual folder for the same 4 users to each of these individual folders is there a script for this?
Thanks for your assistance!
All you need is to get to your goal is here:
# Get parameters, examples, full and Online help for a cmdlet or function
(Get-Command -Name Get-Acl).Parameters
Get-help -Name Get-Acl -Examples
Get-help -Name Get-Acl -Full
Get-help -Name Get-Acl -Online
(Get-Command -Name Set-Acl).Parameters
Get-help -Name Set-Acl -Examples
Get-help -Name Set-Acl -Full
Get-help -Name Set-Acl -Online
(Get-Command -Name Get-NTFSAccess).Parameters
Get-help -Name Get-NTFSAccess -Examples
Get-help -Name Get-NTFSAccess -Full
Get-help -Name Get-NTFSAccess -Online
(Get-Command -Name Add-NTFSAccess).Parameters
Get-help -Name Add-NTFSAccess -Examples
Get-help -Name Add-NTFSAccess -Full
Get-help -Name Add-NTFSAccess -Online
PowerShell – Editing permissions on a file or folder
I've been trying to figure out how to change permissions on a folder in PowerShell. I've looked at the Get-Acl and Set-Acl, but I can only use them to copy the settings from a pre-existing object. How do I manually configure permissions?
This is actually a quite common question, so I thought I'd write a quick post on the subject.
https://blogs.msdn.microsoft.com/johan/2008/10/01/powershell-editing-permissions-on-a-file-or-folder
Weekend Scripter: Use PowerShell to Get, Add, and Remove NTFS Permissions
Managing file and folder permissions in Windows PowerShell is not that easy, and there are numerous articles and blog posts describing how it works by using the .NET classes. This is far from being comfortable, and there is one major and one minor restriction:
• Path length
• Generic rights
This post introduces the NTFSSecurity module, which provides a bunch of cmdlets for managing permissions on NTFS drives. It does not use the Windows PowerShell way to access the file system, and it works around the MAX_PATH, which is 260 characters. (For more information, see Naming Files, Paths, and Namespaces). This is achieved thanks to AlphaFS.
https://blogs.technet.microsoft.com/heyscriptingguy/2014/11/22/weekend-scripter-use-powershell-to-get-add-and-remove-ntfs-permissions
Related
I want to replace the following CMD command with a Powershell command:
Icacls.exe "%SystemDrive%\xxx" /grant *S-X-X-XX-XXX:(CI)(OI)(F) /t /c
I also know how to do this with Icacls, but I think there is a nicer way to do it with the PowerShell.
I would be happy if someone could help me in this regard. :-)
Thanks.
The built-in help files, provide you the guidance for this.
Set-Acl Changes the security descriptor of a specified item, such
as a file or a registry key.
# Get specifics for a module, cmdlet, or function
(Get-Command -Name Get-Acl).Parameters
(Get-Command -Name Get-Acl).Parameters.Keys
<#
# Results
Path
InputObject
LiteralPath
Audit
AllCentralAccessPolicies
Filter
Include
Exclude
...
#>
Get-help -Name Get-Acl -Examples
<#
# Results
Get-Acl C:\Windows
Get-Acl -Path "C:\Windows\k*.log" |
Format-List -Property PSPath, Sddl
Get-Acl -Path "C:/Windows/k*.log" -Audit |
ForEach-Object { $_.Audit.Count }
Get-Acl -Path "HKLM:\System\CurrentControlSet\Control" |
Format-List
Get-Acl -InputObject (Get-StorageSubsystem -Name S087)
#>
Get-help -Name Get-Acl -Full
Get-help -Name Get-Acl -Online
(Get-Command -Name Set-Acl).Parameters
(Get-Command -Name Set-Acl).Parameters.Keys
<#
# Results
Path
InputObject
LiteralPath
AclObject
CentralAccessPolicy
ClearCentralAccessPolicy
Passthru
Filter
Include
Exclude
...
#>
Get-help -Name Set-Acl -Examples
<#
# Results
$DogACL = Get-Acl -Path "C:\Dog.txt"
Set-Acl -Path "C:\Cat.txt" -AclObject $DogACL
Get-Acl -Path "C:\Dog.txt" |
Set-Acl -Path "C:\Cat.txt"
$NewAcl = Get-Acl File0.txt
Get-ChildItem -Path "C:\temp" -Recurse -Include "*.txt" -Force |
Set-Acl -AclObject $NewAcl
#>
Get-help -Name Set-Acl -Full
Get-help -Name Set-Acl -Online
There are other modules via the Microsoft PowerShellGallery.com for you to leverage as well.
Find-Module -Name '*acl*', '*ntfs*' |
Format-Table -AutoSize
<#
# Results
Version Name Repository Description
------- ---- ---------- -----------
1.0.1 ACL-Permissions PSGallery A couple of ACL utilities, for repairing c...
1.30.1.28 ACLReportTools PSGallery Provides Cmdlets for reporting on Share ACLs.
1.7 ACLHelpers PSGallery Modules to help work with ACLs (Access Control Rights)
1.0.1.0 ACLCleanup PSGallery A set of tools to help you clean your files...
0.1.2 ACLTools PSGallery Module for managing NTFS Acls on files and folders
...
0.4 FileAclTools PSGallery Tools for quickly fixing file system ACLs
...
4.2.6 NTFSSecurity PSGallery Windows PowerShell Module for managing file ...
1.4.1 cNtfsAccessControl PSGallery The cNtfsAccessControl module contains DSC re...
1.0 NTFSPermissionMigration PSGallery This module is used as a wrapper to the popular ...
#>
So, for what you are showing
# Review current settings
Get-Acl -Path $env:SystemDrive |
Format-List -Force
<#
# Results
Path : Microsoft.PowerShell.Core\FileSystem::C:\Windows\system32
Owner : NT SERVICE\TrustedInstaller
Group : NT SERVICE\TrustedInstaller
Access : CREATOR OWNER Allow 268435456
NT AUTHORITY\SYSTEM Allow 268435456
NT AUTHORITY\SYSTEM Allow Modify, Synchronize
BUILTIN\Administrators Allow 268435456
BUILTIN\Administrators Allow Modify, Synchronize
BUILTIN\Users Allow -1610612736
BUILTIN\Users Allow ReadAndExecute, Synchronize
NT SERVICE\TrustedInstaller Allow 268435456
NT SERVICE\TrustedInstaller Allow FullControl
APPLICATION PACKAGE AUTHORITY\ALL APPLICATION PACKAGES Allow ReadAndExecute, Synchronize
APPLICATION PACKAGE AUTHORITY\ALL APPLICATION PACKAGES Allow -1610612736
APPLICATION PACKAGE AUTHORITY\ALL RESTRICTED APPLICATION PACKAGES Allow ReadAndExecute, Synchronize
APPLICATION PACKAGE AUTHORITY\ALL RESTRICTED APPLICATION PACKAGES Allow -1610612736
Audit :
Sddl : O:S-1-5-80-956008885-34...
#>
Description
The Set-Acl cmdlet changes the security descriptor of a specified
item, such as a file or a registry key, to match the values in a
security descriptor that you supply.
To use Set-Acl, use the Path or InputObject parameter to identify the
item whose security descriptor you want to change. Then, use the
AclObject or SecurityDescriptor parameters to supply a security
descriptor that has the values you want to apply. Set-Acl applies the
security descriptor that is supplied. It uses the value of the
AclObject parameter as a model and changes the values in the item's
security descriptor to match the values in the AclObject parameter.
Parameters
-AclObject Specifies an ACL with the desired property values. Set-Acl changes the ACL of item specified by the Path or InputObject parameter
to match the values in the specified security object.
You can save the output of a Get-Acl command in a variable and then
use the AclObject parameter to pass the variable, or type a Get-Acl
command.
TABLE 1 Type: Object
Position: 1 Default value: None Accept
pipeline input: True (ByValue) Accept wildcard characters: False
So, you just do something like this... as per the above examples
$AclSettings = 'WhatEverSettingsYouWant'
Set-Acl -Path $env:SystemDrive -AclObject $AclSettings
A similar question on StackOverflow is here:
Setting Inheritance and Propagation flags with set-acl and
Powershell
Then there is this guidance:
Here's the MSDN page describing the flags and what is the result of
their various combinations.
https://msdn.microsoft.com/en-us/library/ms229747(v=vs.100).aspx
InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit
PropagationFlags.None
Here's some succinct PowerShell code to apply new permissions to a
folder by modifying its existing ACL (Access Control List).
# Get the ACL for an existing folder
$existingAcl = Get-Acl -Path 'C:\DemoFolder'
# Set the permissions that you want to apply to the folder
$permissions = $env:username, 'Read,Modify', 'ContainerInherit,ObjectInherit', 'None', 'Allow'
# Create a new FileSystemAccessRule object
$rule = New-Object -TypeName System.Security.AccessControl.FileSystemAccessRule -ArgumentList $permissions
# Modify the existing ACL to include the new rule
$existingAcl.SetAccessRule($rule)
# Apply the modified access rule to the folder
$existingAcl | Set-Acl -Path 'C:\DemoFolder'
<#
Each of the values in the $permissions variable list pertain to the parameters of this constructor for the FileSystemAccessRule class.
#>
Is it possible to change owner and permissions of registry key without any third party utility only in-build windows tools, like cmd or powershell?
Simple answer.
Yes.
There are .exe's (that you can use with or without PowerShell) and cmdlets to use.
It's your choice.
Built-in cmdlets that do exactly this. Use the help files to see examples
Get-Command -Name '*acl*' | Format-Table -AutoSize
# get function / cmdlet details
(Get-Command -Name Get-ADUser).Parameters
Get-help -Name Get-Acl-Full
Get-help -Name Get-Acl-Online
Get-help -Name Get-Acl-Examples
(Get-Command -Name Set-ADUser).Parameters
Get-help -Name Set-Acl-Full
Get-help -Name Set-Acl-Online
Get-help -Name Set-Acl-Examples
Can anyone show me how to get the newest test.txt file from two different directories, C: and T: and store it into a variable?
So there are two identical files that exist, one on each drive. Which is newer? Store the newest into a variable to use later!
Thanks so much
As for...
How do you sort files by date modified using powershell?
You can get examples of how to do this by using the help files.
# Get a list of all functions
Get-Command -CommandType Function |
Out-GridView -PassThru -Title 'Available functions'
# Get a list of all commandlets
Get-Command -CommandType Cmdlet |
Out-GridView -PassThru -Title 'Available cmdlets'
# get function / cmdlet details
(Get-Command -Name Get-ChildItem).Parameters
Get-help -Name Get-ChildItem -Examples
Get-help -Name Get-ChildItem -Full
Get-help -Name Get-ChildItem -Online
(Get-Command -Name Sort-Object).Parameters
Get-help -Name Sort-Object -Examples
Get-help -Name Sort-Object -Full
Get-help -Name Sort-Object -Online
# Get paarameter that accept pipeline input
Get-Help Get-ChildItem -Parameter * |
Where-Object {$_.pipelineInput -match 'true'} |
Select *
Get-Help about_*
Get-Help about_Functions
Something like this should do it:
$fileList = Get-ChildItem -Path c:\temp -Recurse file.txt | Sort-Object LastwriteTime -Descending | select -first 1
The will raise the most recent one to the top of the list (using Sort-Object) and then if you select the first in the list you've got your most recent file.
I just started working with PowerShell and I want to know how to transfer files between a local server and a remote server.
Currently I do not have Administrator access to either server (I know I'm going to need it), how do I target the Get cmdlt? Do I use a URL?
It's vital that you get up to speed on the topic. Take the time to jump over to MS Virtual academy
or MS Channel9
or YouTube and take a quick training course on the topic.
What you are asking for is covered in them as well as in the PowerShell Help files, which include examples on how to do this.
# get function / cmdlet details
(Get-Command -Name Copy-Item).Parameters
Get-help -Name Copy-Item -Full
Get-help -Name Copy-Item -Online
Get-help -Name Copy-Item -Examples
NAME
Copy-Item
SYNOPSIS
Copies an item from one location to another.
Example 1: Copy a file to the specified directory
PS C:\>Copy-Item "C:\Wabash\Logfiles\mar1604.log.txt" -Destination "C:\Presentation"
This command copies the mar1604.log.txt file to the C:\Presentation directory. The command does not delete the original
file.
Example 2: Copy the contents of a directory to another directory
PS C:\>Copy-Item "C:\Logfiles" -Destination "C:\Drawings" -Recurse
This command copies the entire contents of the Logfiles directory into the Drawings directory. If the LogFiles directory contains files
in
subdirectories, those subdirectories will be copied with their file trees intact. The Container parameter is set to true by default.
This preserves
# Get parameter that accepts pipeline input
Get-Help Copy-Item -Parameter * |
Where-Object {$_.pipelineInput -match 'true'} |
Select *
# Get cmdlet / function parameter aliases
(Get-Command Copy-Item).Parameters.Values |
where aliases |
select Name, Aliases | Out-GridView -PassThru -Title 'Alias results for a given cmdlet or function.'
I have a problem that I cannot seem to find any solution to online. I am trying to restructure some data structures that I ended up with after exporting some data from my old database service.
The export left me with a bunch of client folders in the format of [Client Name] -> Archive -> Archive -> [Client Files/Subfolders]. What I would like to end up with is [Client Name] -> [Client Files/Subfolders], removing the two redundant "Archive" folders in between.
Many people have suggested to me that I simply cut and paste the files from the subfolder to the client root directory, however with hundreds of client folders this would be a very long task to do. Would there be any batch cmd command or powershell command I could use to work through these folders and restructure them? Any advice is much appreciated.
Three built-in PoSH cmdlets are there for exactly these purposes.
Get-ChildItem (aka gci, dir and ls)
(Get-Command -Name Get-ChildItem).Parameters.Keys
Get-Help -Name Get-ChildItem -Full
Get-Help -Name Get-ChildItem -Examples
Move-Item (aka mi, move, and mv)
(Get-Command -Name Move-Item).Parameters.Keys
Get-Help -Name Move-Item -Full
Get-Help -Name Move-Item -Examples
Remove-Item (aka del, erase, rd, ri, rm, rmdir)
(Get-Command -Name Remove-Item).Parameters.Keys
Get-Help -Name Remove-Item -Full
Get-Help -Name Remove-Item -Examples
See details here:
Files and Folders in Windows PowerShell
We’ll start out by telling you that everything you learned last month about manipulating files and folders with WMI will work in Windows PowerShell. PowerShell has a cmdlet called Get-WMIObject that allows you to access all the classes, methods and properties of WMI. Just like with VBScript, WMI is the only way to work with files and folders remotely in Windows PowerShell. We’re not going to get into working with WMI in Windows PowerShell in this article, but we’re going to show you the PowerShell way to work with files and folders.
https://technet.microsoft.com/en-us/library/ee176988.aspx
As for this...
"removing the two redundant "Archive" folders in between."
If there is nothing in these folders of value, then the above Remove-Item should be all you need. Otherwise you move all files from the to wherever, then remove the folders.
Or just use robocopy
https://technet.microsoft.com/en-us/library/cc733145(v=ws.11).aspx
https://social.technet.microsoft.com/wiki/contents/articles/1073.robocopy-and-a-few-examples.aspx
Robocopy (Robust File Copy) is a command-line file copy utility that comes with Windows Vista / Windows 2008 or newer. Until Vista, Robocopy was a part of Windows Resource Kit Tools as a free download (http://aka.ms/robocopydownload Jump ). Unlike normal copy commands, Robocopy is designed for reliable copy or mirroring while maintaining the permissions, attributes, owner information, timestamps and properties of the objects copied.