PowerShell for Windows Admins

May 28 2014   1:39PM GMT

File system ACLs–function to add ACL

Richard Siddaway Richard Siddaway Profile: Richard Siddaway

NTFS permissions

I thought that today I’d start putting together a function to add an ACL to a file system object. The starting point is the code that stepped through the process in an earlier post:


function add-acl {
param (
[ValidateScript({Test-Path -Path $_ })]


[ValidateSet(“Read”, “Write”, “ListDirectory”, “ReadandExecute”, “Modify”, “FullControl”)]
[string]$permission = “Read”,



$fsr = [System.Security.AccessControl.FileSystemRights]::$permission
if ($deny) {
$alwdny = [System.Security.AccessControl.AccessControlType]::Deny
else {
$alwdny = [System.Security.AccessControl.AccessControlType]::Allow
$acr = New-Object -TypeName System.Security.AccessControl.FileSystemAccessRule -ArgumentList $trusteeName, $fsr, $alwdny

$acl = Get-Acl -Path $path
Set-Acl -Path $path -AclObject $acl -Passthru

The parameters supply the path to the object, the trustee receiving the permissions, the permission and if its being denied.

The function creates the appropriate objects for the file system rights and access control type and then creates an access rule.

Get-Acl is used to fetch the current acl to which the new access rule is added. Set-Acl is used to overwrite the ACL.

One thing that hasn’t been covered is the Inheritance flags – they will be added in the next iteration of the function.

 Comment on this Post

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: