So, first post on this site and I thought I’d start things off with a little bit of PowerShell. Until recently I’d managed to make use of other means for modifying ACLs however thanks to some recent work with System Centre Orchestrator I thought I’d try to push myself down the Powershell route.

For my particular needs I simply required the ability to provide a new ACL and apply this to the root of a user’s home folder. Many guides on working with ACLs and PowerShell suggest starting with the Get-ACL command, however in my case I wasn’t interested in finding the existing information but starting from scratch.

Let’s create a new ACL and give it the variable name of $HomeACL:

$HomeAcl=New-ObjectSystem.Security.AccessControl.DirectorySecurity

The first thing that I want to do is to modify the owner settings to the builtin administrators group:

$HomeAcl.SetAccessRuleProtection($true,$false)

Let’s create the variables for two entries that we require:

$UserRule=New-ObjectSystem.Security.AccessControl.FileSystemAccessRule (“Username1″,“modify”,“containerinherit, objectinherit”,“None”,“allow”)

$AdminRule=New-ObjectSystem.Security.AccessControl.FileSystemAccessRule (“administrators”,“Full”,“containerinherit, objectinherit”,“None”,“allow”)

And apply the variables to the ACL…

$HomeAcl.SetAccessRule($UserRule)

$HomeAcl.SetAccessRule($AdminRule)

So that’s our Access Control List nicely created with the settings that we require, the last thing that we need to do is to apply this to a folder. For the sake of example I’m using the directory “C:\Testdir”. To finalise your settings simply use:

set-acl“C:\TestDir”$HomeAcl

There, that doesn’t seem too bad for my first post! Here’s hoping that somebody finds it useful!