Managing NTFS permissions

Every file and folder in an NTFS filesystem has an Access Control List (ACL). The ACL contains a set of Access Control Entries (ACEs). Each ACE defines a permission to a file or folder for an account. For example, the Sales AD global group could be given full control of a file.

Permissions can also be inherited from parent folders. If you create a new folder and then create a file within that folder, the new file inherits permissions from the parent folder and from any further parent folder(s) by default. You can manage the ACL list to add or remove permissions and you can modify inheritance.

There's limited PowerShell support for managing NTFS permissions. PowerShell does have the Get-ACL and Set-ACL cmdlets, but creating ...

Get Windows Server 2019 Automation with PowerShell Cookbook - Third Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.