How to Copy NTFS permissions using PowerShell?

PowerShellMicrosoft TechnologiesSoftware & Coding

To change, add or remove security permissions on the files or folder using PowerShell you can use the Set-Acl command. The best way to set the permission is to copy the permissions from another file or folder if you need the same permissions on the destination path.

For example, I want the same folder permissions of the source C:\Shared\ to the destination folder path c:\shared1 path. You can use any destination path, it could be the remote shared UNC path.

See the difference in the above security permissions, the Shared named folder has one additional permission assigned (LABDOMAIN\Delta). We will copy the permission from one folder to another using Get-ACL of the source and Set-ACL to the destination path using the pipeline.

Get-ACL C:\Shared | Set-Acl C:\Shared1

Once the above operation is done, you can check the permission on the destination path.

You can see the delta user permission is added and other permissions are also copied. If the user already exists at the source and destination location then destination user permissions will be overwritten with the source user permission.

You can also store the Get-ACL output of the source object to the variable and assign it to the Set-ACL of the destination object. Set-ACL uses -AclObject parameter to take input of the permissions.

Example

$perm = Get-Acl C:\Shared Set-Acl C:\Shared1 -AclObject $perm

If you need to apply permission on the multiple folders or the files or the subfolders then you can use Get-ChildItem to retrieve files and folders and use the Set-ACL command as shown above.

For example, we have reference folder C:\shared permission to apply on the destination objects. First, we will copy permissions using Get-Acl command.

$perm = Get-Acl C:\Shared

Second, we will retrieve the files/folders using Get-ChildItem, and then we will use the Set-ACL command after the pipeline.

Example

Get-ChildItem C:\Temp -Recurse | Set-Acl -AclObject $perm

Before you set permissions on the multiple files and folders, it is always recommended that you use the -WhatIf parameter to know on which file or folder permissions are being applied.

Example

PS C:\> Get-ChildItem C:\Temp -Recurse | Set-Acl -AclObject $perm -WhatIf
What if: Performing the operation "Set-Acl" on target "Microsoft.PowerShell.Core\FileSystem::C:\Temp\Scripts".
What if: Performing the operation "Set-Acl" on target "Microsoft.PowerShell.Core\FileSystem::C:\Temp\vcredist_x64.exe".
What if: Performing the operation "Set-Acl" on target "Microsoft.PowerShell.Core\FileSystem::C:\Temp\W2K12-KB3191565-x64.msu".
What if: Performing the operation "Set-Acl" on target "Microsoft.PowerShell.Core\FileSystem::C:\Temp\WindowsSensor.exe".
What if: Performing the operation "Set-Acl" on target "Microsoft.PowerShell.Core\FileSystem::C:\Temp\WindowsSensor_7E3A9735FA064249A7005E9BE8CDD
What if: Performing the operation "Set-Acl" on target "Microsoft.PowerShell.Core\FileSystem::C:\Temp\Scripts\MyModules".
What if: Performing the operation "Set-Acl" on target "Microsoft.PowerShell.Core\FileSystem::C:\Temp\Scripts\MyModules\MyModules.psm1".
raja
Published on 28-Sep-2020 11:46:31
Advertisements