How to set NTFS permissions and preserve inherited

Solution 1:

You can include the existing permissions, and they will retain the IsInherited property:

# Example for adding a user to a file's permissions
$user = 'user1'
$file = 'c:\temp\test.txt'

# Get the existing permissions
$acl = get-item $file | get-acl                                            

# ADD new rules to the existing ones
$rule = [security.accesscontrol.FileSystemAccessRule]::new($user,"Read","Allow")                                                                          
$acl.AddAccessRule($rule)                                                                                                                                       
$rule = [security.accesscontrol.FileSystemAccessRule]::new($user,"write","Allow")                                                                         
$acl.AddAccessRule($rule)                                                                                                                                       

Set-Acl $file $acl

You can check with Get-Acl:

Get-Acl 'C:\temp\test.txt' | Select -ExpandProperty Access

FileSystemRights  : Write, Read, Synchronize
AccessControlType : Allow
IdentityReference : DOMAIN\user1
IsInherited       : False
InheritanceFlags  : None
PropagationFlags  : None

FileSystemRights  : FullControl
AccessControlType : Allow
IdentityReference : BUILTIN\Administrators
IsInherited       : True      ## Still inherited!
InheritanceFlags  : None
PropagationFlags  : None

How to set NTFS permissions and preserve inherited

Solution 1:

Related

Recent Posts