How to Get Folder Permissions Using PowerShell
Managing folder permissions using PowerShell saves much time and trouble compared to GUI. With PowerShell, you can view and get permissions for hundreds of folders and subfolders without much hassle.
The task is achieved using the "Get-Acl" cmdlet, which retrieves the Access Control List. However, the process has its own challenges and shortcomings. This article provides all the relevant information you need to get PowerShell folder permissions as well as manage, remove, or change them. Let's find out!
Understanding Folder Permissions and ACLs
Folder Permissions are part of the Access Control List (ACL), which determines who can read, write, or modify files in a folder. The ACL includes permissions for each user or group. This helps ensure only the selected users have access to the right data.
With the PowerShell "Get-Acl" cmdlet, you can get permissions of files, folders, and subfolders in a directory as well as export permissions to a CSV file.
The basic PowerShell syntax to get folder permissions includes the following components:
Key Takeaways
Get-Acl: To retrieve the ACL for a file or directory, showing the permissions set on it.
$acl.Access: It gives permission for the specified directory.
Format-Table: Use the Format-Table cmdlet if the output is truncated and you want to view it in a tabular form for easy reading.
Get-ChildItem -Directory: Get-Acl only reports one folder or a directory at a time. If you want to recursively retrieve all the folders within the specified path, use Get-ChildItem -Directory parameter.
- Running PowerShell as Administrator: Many folders in the Windows directory require administrative privileges to access their permission. To avoid facing technical delays, always run PowerShell as Administrator.
- Add Filters in Scripts: Using conditions in the PowerShell script like Read, Write, and FullControl, allows you to filter specific permissions.
How to Get Folder Permissions Via PowerShell
This section walks you through how to use PowerShell to get folder permissions
1: View Permissions for a Single Folder
For instance, if there's a folder named "MyFolder1" in the Local Disk C, whose permissions you want to view, run the following command.
Get-Acl -Path C:\Myfolder1This will give you the folder's path, owner, and access list.
2: Expand the PowerShell Folder Permissions
The Get-Acl cmdlet alone doesn't show much information about the permissions. To tackle this, add the parameter "Access" or "Select" after the command.
So, run the below two commands one by one to get file permissions on PowerShell with additional details:
Get-Acl -Path C:\Myfolder1 | Select *The second one:
(Get-Acl -Path C:\Myfolder1).AccessBelow is a brief explanation of various elements in the output:
IdentityReference: Refers to the user or the entity having access to the folder.
FileSystemRights: These relate to the permissions you see it in the Security Tab of the folder
AccessControlType: Whether to Allow access or Deny it.
IsInherited: Shows if the permissions are inherited.
3: Get PowerShell File Permissions in a Tabular Form
If you are finding it difficult to comprehend the PowerShell folder permissions, you can use the "Format-Table" flag for better understanding. To get folder permissions on PowerShell in a tabular form:
(Get-Acl -Path C:\Myfolder1).Access | Format-Table4: Get Permissions for All Files and Sub-folders
The Get-Acl command alone doesn't return recursively the permissions of all the folders and files in the directory. If you want to get PowerShell permissions on all folders and subfolders in the "MyFolder" directory, use "Get-ChildItem" with the -Recurse parameter, followed by passing each folder to Get-Acl through the "ForEach" flag.
Run the below command:
Get-ChildItem -Path C:\MyFolder -Recurse | ForEach-Object {Get-Acl $_.FullName}Here is the breakdown of this syntax:
1. The Get-ChildItem: Lists all the "files and folders" in the MyFolder directory.
2. The Recurse flag: Includes the sub-folders and their content.
3. ForEach-Object: Loop through each subfolder to check its permissions.
4. Get-Acl: To retrieve the ACL for each subfolder.
5: Adding Permissions to a Folder
Now that you know how to view PowerShell folder permissions, the next step is to learn to give folder permissions to a folder. In this case, the "$accessRule" parameter is used.
For instance, if you want to grant a user "JohnDoe" the ability to read and write "MyFolder", you need to get its ACL, and then modify it to set the new ACL. Here's the basic syntax of the command to add PowerShell permissions:
$acl = Get-Acl -Path "C:\MyFolder"
$permission = "JohnDoe", "Read,Write", "Allow"
$accessRule = New-Object System.Security.AccessControl.FileSystemAccessRule $permission
$acl.SetAccessRule($accessRule)
Set-Acl -Path "C:\MyFolder" -AclObject $acl
In the above command:
$acl: Retrieves the current ACL for C:\MyFolder.
$permission: Specifies the user (JohnDoe) and the permissions (Read, Write) to allow.
$accessRule: Creates a new access rule with the specified permissions.
Set-Acl: This applies the modified ACL back to the folder.
6: Removing a PowerShell Folder Permission
Removing PowerShell permissions from a folder is almost similar to adding permissions. The only difference is in Line 4 where you execute the "RemoveAccessRule" cmdlet instead of SetAccessRule.
For instance, here is the command to remove a folder permissions using PowerShell:
$acl = Get-Acl -Path "C:\MyFolder"
$permission = "JohnDoe", "Read,Write", "Allow"
$accessRule = New-Object System.Security.AccessControl.FileSystemAccessRule $permission
$acl.SetAccessRule($accessRule)
Set-Acl -Path "C:\MyFolder" -AclObject $acl
This removes the specified Read and Write permissions for JohnDoe from C:\MyFolder. Once the permission is removed, you can add a new permission. This is how to change folder permissions using PowerShell.
The steps are complicated if you're changing permissions for one or two folders, but it is quite faster to do it for hundreds of folders in a directory.
Manage Member Permissions and Other Tasks Remotely With Ease
AirDroid Remote Support is a versatile tool that assists you in securing attended/unattended access to remote devices. It comes with an extensive list of functions to give your complete control over the connected device.
With its multi-device permission management feature, you can assign roles, tasks, and permissions for individual members or devices. This can be a game changer to effectively managing the IT activities of a small business.
Key features
- Remote Device Control: Connect to remote devices and complete your tasks seamlessly.
- Secure Unattended Access: Access to the unattended device without authorization securely.
- Manage Permissions: Get access to all the devices and assign permissions and policies for different users.
- Cross-platform Access: Complete remote access to both Windows, Mac, Android and iOS devices.
Final Remarks
Using PowerShell to get folder permissions is significantly easier and faster compared to GUI. It reduces the time to check, give access to, or remove the permissions of multiple folders with a single command. Just make sure to type in the command, including "spaces", "quotations", and other elements, carefully to avoid running into an error.
Moreover, use AirDroid Remote Support to remotely access a computer to handle tasks including PowerShell or NTFS permissions, file transfer, screen sharing, remote learning, and more.
Leave a Reply.