Setting permissions using ICACLS and PowerShell

Posted on Posted in Microsoft General, Scripts

 

Although PowerShell offers cmdlets to get access control lists (ACL) and modify then, I found it not that convenient. The ICACLS command can also be used within PowerShell to set permissions. Here are some basic examples how to use ICACLS with PowerShell to set the permissions.

Please note that for PowerShell, the ` token is used before the ( and ) character since PowerShell needs to know that this is character is part of ICACLS and not PowerShell.

/T is used to also apply the permissions to subfolders.

Remove inheritance:

icacls D:\TestFolder /inheritance:d

Full access:

icacls D:\TestFolder /grant domain\username:`(F`) /T

Remove user:

icacls D:\TestFolder /remove:g domain\username /T

Read:

icacls D:\TestFolder /grant domain\username:`(R`) /T

Modify (create/write/delete):

icacls D:\TestFolder /grant domain\username:`(M`) /T

Leave a Reply

Your email address will not be published. Required fields are marked *