Set windows folder permission/security via script

Zman771 used Ask the Experts™
I'm running windows home server and want to set up custom folder security/permissions (give a user read access to a folder).  I can do this via the normal windows security dialogue, but unfortunately WHS seems to overwrite my custom permissions after a certain amount of time.  

is there a way to set this permission via a script or command line so that I can run it as a scheduled task?
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Most Valuable Expert 2011
Top Expert 2011


xcacls should be able to do this.....
How to use Xcacls.exe to modify NTFS permissions
Please advise if you need help with the syntax of the script/command....

With PowerShell, this is really simple : just use get-acl and set-acl cmdlet. You have a quick introduction here :

Note that this works on registry too. You can also use cacls.exe with a vbscript. If you prefer vbs I can give you a script sample using this tool.


I was able to use PowerShell to modify the permissions but I can't seem to figure out how to save the script so I can schedule it via windows Scheduled Tasks.  
11/26 Forrester Webinar: Savings for Enterprise

How can your organization benefit from savings just by replacing your legacy backup solutions with Acronis' #CyberProtection? Join Forrester's Joe Branca and Ryan Davis from Acronis live as they explain how you can too.

Save your script in a .ps1 file, then follow instruction in this post :


worked like a charm, except for one small issue.  the post says to run the following command:
powershell -command "& 'MyScript.ps1' "
but if the file is in the same directory you have to run
powershell -command "& '.\MyScript.ps1' "

other than that this is perfect.  thanks!

You're Welcome. Glad this workeD for you.


i came across one issue.  when i run the script, the user's permissions come as "Special Permissions" instead of "Full Control" or "Read & Execute".  i've tried several different $permission settings but it doesn't seem to work.  any suggestions?

$acl = Get-Acl d:\shares\Videos
$permission = "USERNAME","FullControl","Allow"
$accessRule = New-Object System.Security.AccessControl.FileSystemAccessRule $permission
$acl | Set-Acl d:\shares\Videos

Open in new window


I fixed it.  turns out the permissions were only being applied to the folder and not the subfolders and files.  
$directory = "d:\shares\Videos"
$inherit = []"ContainerInherit, ObjectInherit"
$propagation = []"None"
$acl = Get-Acl $directory
$accessrule = New-Object"USERNAME", "Read", $inherit, $propagation, "Allow")
set-acl -aclobject $acl $directory

Open in new window

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial