Security
https://docs.microsoft.com/en-us/powershell/module/microsoft.powershell.security
Get-Acl – Gets the security descriptor for a resource, such as a file or registry key
https://docs.microsoft.com/en-us/powershell/module/microsoft.powershell.security/get-acl
Get-Acl \\fs1\projects\10_helloworld | fl
(Get-Acl \\fs1\projects\10_helloworld).Access
The returned object will be of type System.Security.AccessControl.DirectorySecurity
. It has then access to methods from System.Security.AccessControl
like SetAccessRuleProtection
and PurgeAccessRules
https://docs.microsoft.com/en-us/dotnet/api/system.security.accesscontrol.objectsecurity
Give full control to a user
$acl = Get-Acl $folder
$AccessRule = New-Object System.Security.AccessControl.FileSystemAccessRule($user,"FullControl","Allow")
$acl.SetAccessRule($AccessRule)
$acl | Set-Acl $folder
Removes all acls for a user
$acl = Get-Acl $folder
$usersid = New-Object System.Security.Principal.Ntaccount ("Everyone")
$acl.PurgeAccessRules($usersid)
$acl | Set-Acl $folder
Set-Acl – Changes the security descriptor of a specified item, such as a file or a registry key.
https://docs.microsoft.com/en-us/powershell/module/microsoft.powershell.security/set-acl
Unsorted
https://blog.netwrix.com/2018/04/18/how-to-manage-file-system-acls-with-powershell-scripts/
# file: folder
# owner: administrator
# group: domain\040admins
user::rwx
user:domain\040admins:rwx
group::rwx
group:bareos:r-x
group:administrator:rwx
group:domain\040admins:rwx
mask::rwx
other::---
default:user::rwx
default:user:administrator:rwx
default:group::r-x
default:group:bareos:r-x
default:group:administrator:rwx
default:group:domain\040admins:r-x
default:mask::rwx
default:other::---
default: user | CREATOR OWNER |
default: | CREATOR GROUP |