beawolf - Fotolia
Automation can save IT admins from repetitive and manual operations tasks. One common way to achieve this automation -- particularly in Windows environments -- is with PowerShell scripts.
An access control list maintains and organizes users' rights to OS objects, such as a file. But to set ACL folder permissions can be a mind-numbing task, especially when admins must edit multiple folders on a share, or find all the ACL folders that have users and replace those users with groups. This is a common management task Windows admins perform on file shares.
To script away this tedium with PowerShell, Microsoft's native automation and configuration management tool, first retrieve existing ACL permissions for the desktop folder with the command below.
This command should return an output that looks similar to the one below.
To see which users have access to the desktop folder, we need the information in the Access property. Run the command below.
We can see in the output below that identities SYSTEM, Administrators and Anthony all have full control of the desktop folder.
Create an ACL folder permissions entry
To add an entry to that list, create a .NET object -- specifically a FileSystemAccessRule. Run the following command to discover which type of object the existing rules are.
This should return an output that looks similar to this one.
With that information, we can look at the various constructors -- the ways in which an object can be created -- for that object type, using the static new method on the object class itself in PowerShell. Skip the parenthesis on the end, so the output shows the various definitions with their parameters.
As the output below shows, there are many ways to construct this object. We need to pass the identity, ACL folder level, inheritance, propagation and type to the new constructor so that it can create an access rule for the ACL permissions.
Try this approach out by creating a rule that grants the user Dave full control. Run the command below.
The output should look as it does below.
This gives us a rule to add to the ACL.
Add a rule to the ACL folder
To add the rule, first, create the ACL object.
Then, use a method to add the new entry to the list.
After the rule is added, apply the new ACL permissions to the original folder.
To make the code reusable, create a PowerShell function.
Editor's note: This expert answer is first in a three-part series on PowerShell automation. Stay tuned for expert answers on event log searches and PATH environment management.
Dig Deeper on Scripting, Scheduling and IT Orchestration
Related Q&A from Anthony Howell
Among many other tasks, IT teams can use PowerShell to manage and edit the PATH environment variable. Walk through these basic steps to access, add ... Continue Reading
Event log monitoring is vital to an IT environment's health and success, but finding a specific event in the flood is challenging. PowerShell enables... Continue Reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.