Setting permissions using ICACLS and PowerShell


Although PowerShell offers cmdlets to get access control lists (ACL) and modify then, I found it not that convenient. The ICACLS command can also be used within PowerShell to set permissions. Here are some basic examples how to use ICACLS with PowerShell to set the permissions.

Please note that for PowerShell, the ` token is used before the ( and ) character since PowerShell needs to know that this is character is part of ICACLS and not PowerShell.

/T is used to also apply the permissions to subfolders.

Remove inheritance:

icacls D:\TestFolder /inheritance:d

Full access:

icacls D:\TestFolder /grant domain\username:`(F`) /T

Remove user:

icacls D:\TestFolder /remove:g domain\username /T


icacls D:\TestFolder /grant domain\username:`(R`) /T

Modify (create/write/delete):

icacls D:\TestFolder /grant domain\username:`(M`) /T

This entry was posted in Microsoft General, Scripts and tagged , . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s