Powershell: Set NTFS Permissions

1. Pfad des Ordners

$ordnername = "Test"
$directoryPath = "C:\Users\Administrator\Desktop\" + $ordnername

2. Aktuelle ACL des Ordners (Discretionary Access Control List)

$acl = Get-Acl -Path $directoryPath

3. Vererbung unterbrechen, vererbte Regeln löschen

$acl.SetAccessRuleProtection($true, $false)

4. Neue ACEs erstellen (Access Control Entries)

• "FullControl": F
• "Modify": RW
• "ReadAndExecute": R
• "3","0": Anwenden auf diesen Ordner, Unterordner und Dateien

Administratoren: F

$group = "Administratoren"
$permission = "FullControl"
$ace = New-Object System.Security.AccessControl.FileSystemAccessRule($group, $permission, "3", "0", "Allow")
$acl.AddAccessRule($ace)

dl-Ordner-R: R

$group = "dl-" + $ordnername + "-R"
$permission = "ReadAndExecute"
$ace = New-Object System.Security.AccessControl.FileSystemAccessRule($group, $permission, "3", "0", "Allow")
$acl.AddAccessRule($ace)

dl-Ordner-RW: RW

$group = "dl-" + $ordnername + "-RW"
$permission = "Modify"
$ace = New-Object System.Security.AccessControl.FileSystemAccessRule($group, $permission, "3", "0", "Allow")
$acl.AddAccessRule($ace)

5. ACL wieder zuweisen

Set-Acl -Path $directoryPath -AclObject $acl