Security

https://docs.microsoft.com/en-us/powershell/module/microsoft.powershell.security

Get-Acl – Gets the security descriptor for a resource, such as a file or registry key

https://docs.microsoft.com/en-us/powershell/module/microsoft.powershell.security/get-acl

Get-Acl \\fs1\projects\10_helloworld | fl

(Get-Acl \\fs1\projects\10_helloworld).Access

The returned object will be of type System.Security.AccessControl.DirectorySecurity. It has then access to methods from System.Security.AccessControl like SetAccessRuleProtection and PurgeAccessRules

https://docs.microsoft.com/en-us/dotnet/api/system.security.accesscontrol.objectsecurity

Give full control to a user

$acl = Get-Acl $folder
$AccessRule = New-Object System.Security.AccessControl.FileSystemAccessRule($user,"FullControl","Allow")
$acl.SetAccessRule($AccessRule)
$acl | Set-Acl $folder

Removes all acls for a user

$acl = Get-Acl $folder
$usersid = New-Object System.Security.Principal.Ntaccount ("Everyone")
$acl.PurgeAccessRules($usersid)
$acl | Set-Acl $folder

Set-Acl – Changes the security descriptor of a specified item, such as a file or a registry key.

https://docs.microsoft.com/en-us/powershell/module/microsoft.powershell.security/set-acl

Unsorted

https://blog.netwrix.com/2018/04/18/how-to-manage-file-system-acls-with-powershell-scripts/

# file: folder
# owner: administrator
# group: domain\040admins
user::rwx
user:domain\040admins:rwx
group::rwx
group:bareos:r-x
group:administrator:rwx
group:domain\040admins:rwx
mask::rwx
other::---
default:user::rwx
default:user:administrator:rwx
default:group::r-x
default:group:bareos:r-x
default:group:administrator:rwx
default:group:domain\040admins:r-x
default:mask::rwx
default:other::---

`default:`user	CREATOR OWNER
`default:group`	CREATOR GROUP