Set Folder Permissions using a PowerShell script

A common Admin task is Setting permissions on folders for new Users or Groups. doing this manually can be pretty boring and timeconsuming. This script automates these steps through PowerShell.

The parameters that I’ve added to the script are:

  • -Path Folder to Create (Required)
  • -User User who should have access (Required)
  • -Permission Specify Permission for User, Default set to Modify (Optional)
  • -help Prints the HelpFile (Optional)

The script sets the folderpermissions for a User or a group on a folder and if the folder doesn’t exist, it creates the folder and adds the specified permissions.

Running the Script on one folder gives the user or group permissions on the folder and on child folders. If you run the script recurse, it will break the inheritance for the specified User/Group and set the permissions specified on each folder.

Here are 2 examples on running the script.


./SetFolderPermission.ps1 -path C:\User -Access APA\MyGroup -Permission Write

Get-ChildItem -path C:\User -recurse | 
Where { $_.Attributes -match "d"} | 
ForEach { 
./SetFolderPermission.ps1 -path $_.Fullname -Access APA\MyGroup -Permission Read 
}

If you want to display the HelpText simply type:


./SetFolderPermission.ps1 -help

Here’s a link to the script

Rating 4.40 out of 5
[?]

19 thoughts on “Set Folder Permissions using a PowerShell script

  1. nice script it does not appear to be able to st permissions on files though (only folders)

  2. Hi Todd.

    Yes, the script only sets permissions on folder level, if there are files within the folder they should inherit the permissions from the folder.

  3. Niklas,
    Very nice script. Do you know if there is a way to modify the script to set a maximum security level? For example, if I have a user with FullControl, and I want to modify the user’s permissions to (only) ReadandExecute.

  4. Please disregard my last post. I see that your script already does this. I was attempting to modify the permissions for the users group. But, since the users group is actually ‘BUILTIN\Users’, the $_.IdentityReference was never equal to $Access. So, it was jumping to $GetACL.AddAccessRule($AccessRule). Once I figued this out, it works like a charm. Thanks for the great script!

  5. Niklas,

    I just started working with PowerShell …. I can’t believe i waited this long and kept doing things with VBScript! anyway ….. I tested your script and works nicely, good job.

    I have several questions:

    a) If i wanted to run the script remotely to create individual folders based on a user’s list the script is reading (I extracted it from AD) to create individual user folders within an existing or non-existing share on a remote server, what would it be the best way? in the past using VBScript this what I have done:

    Option Explicit
    Dim intRow, objExcel, objSheet, strPathExcel
    Dim strHomeFolder, strHome, strUser
    Dim objFSO, objShell, intRunError

    strHome = “\\ServerName\ShareName\”
    strPathExcel = “C:\ExcelFile.xlsx”
    intRow = 3 ‘ Row 1 contains headings
    ‘ Open the Excel spreadsheet
    Set objFSO = CreateObject(“Scripting.FileSystemObject”)
    Set objExcel = CreateObject(“Excel.Application”)
    Set objSheet = objExcel.Workbooks.Open(strPathExcel)
    ‘ Create a shell for cmd and CACLS
    Set objShell = CreateObject(“Wscript.Shell”)

    ‘ Here is the loop that cycles through the cells
    Do Until (objExcel.Cells(intRow,1).Value) = “”
    strUser = objExcel.Cells(intRow, 1).Value
    Call HomeDir ‘ I decided to use a subroutine
    intRow = intRow + 1
    Loop
    objExcel.Quit ‘ Clears up Excel

    Sub HomeDir()
    strHomeFolder = strHome & strUser
    If strHomeFolder “” Then
    If Not objFSO.FolderExists(strHomeFolder) Then
    On Error Resume Next
    objFSO.CreateFolder strHomeFolder
    If Err.Number 0 Then
    On Error GoTo 0
    Wscript.Echo “Cannot create: ” & strHomeFolder
    End If
    On Error GoTo 0
    End If
    If objFSO.FolderExists(strHomeFolder) Then

    ‘ Assign user permission to home folder.
    intRunError = objShell.Run(“%COMSPEC% /c Echo Y| cacls “_
    & strHomeFolder & ” /e /c /g Administrators:f “_
    & strUser & “:F”, 2, True)
    If intRunError 0 Then
    Wscript.Echo “Error assigning permissions for user ” & strUser & ” to home folder ” &
    strHomeFolder
    End If
    End If
    End If
    End Sub
    objExcel.Quit
    WScript.Quit

    The previous script works and I do want to emulate the same with your script.

    b) is there a better way to do this such as pulling the data directly from AD? using som type of AD query or Wmi calling?

  6. Hi,

    I am new to poweshell scripting, i wanted to set the permissionss of local users/group remotely on some machines.

    Just wanted to know whether the remore/target machine requires .net framwork for this script to work.

    Thanks…Munib

  7. Nice script thanks. just a quick one…if i wanted to use a CSV file to provide a list of usernames that would then be created by your script how would i go about this?

  8. I can get the script to run just fine on a folder that is off the root, but my issue is, I need to make the change to just one folder that is located in the the Program Files.

    I have no control over this application, I just know that I need to give a user permission access to the venders folder.

    Any advice on how to make this work?

    Thanks,

  9. Great script – but one “typo” that had me in fits until I found it. In your help text, and in your detail text at the top of this page, you list one of your parameters as “-User”. It should read “-Access”. If you run it with the “-User” flag, nothing happens.

  10. Awesomeness. Thank you.

    Note that I had to change this:
    Where { $_.Attributes -match “d”}

    to this:
    Where { $_.Attributes -match “Directory”}

    because beforehand it was still picking up some files. I did a cursory investigation and I think it was because those files had a Rea*d*only attribute, but that’s only an assumption. Anyway, it works as desired now – thank you very very much.

  11. I echo previous comments on a BIG THANK YOU!

    Stumbled upon your script looking for a technet article on Get-ChildItem, this saved me a good half day of work ironing out a script.

  12. Thank you! (apparently, a simple thank you is too short of a comment, so I had to type a little something more.)

  13. Just want to say Thanks! Here it is 3 years later and your Site still comes up in the search engines. Thanks!

  14. Great script!!

    However I found that it did not set the permissions on child folders of the directory I specified.

    In this case there is only a few child folders so I can get away with doing it manually but comments above make me believe that it should be working.

    Command used was

    ./setfolderpermission.ps1 -path c:\programdata\Microsoft\windows\hyper-v -Access IPFXNUC-HV\hvadmin -Permission FullControl

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

Anti-Spam Protection by WP-SpamFree