icacls replace folder permission via PowerShell

Andy 51 Reputation points
2021-11-15T08:52:20.523+00:00

In the past I use cacls to replace folder permission (batch file)

cacls
/P user:permission
Replace access rights (/REPLACE), permission can be:
R Read
W Write
C Change (read/write)
F Full control
N None

but icacls I can't find the similar settings any clue?

for example my batch file(Set current login user no access to vlc folder)

cacls %USERPROFILE%\AppData\Roaming\vlc /T /P %USERNAME%:N >nul 2>nul

How can I use it in PowerShell? Thanks a lot!

Windows 10 Security
Windows 10 Security
Windows 10: A Microsoft operating system that runs on personal computers and tablets.Security: The precautions taken to guard against crime, attack, sabotage, espionage, or another threat.
3,003 questions
Windows Server PowerShell
Windows Server PowerShell
Windows Server: A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.PowerShell: A family of Microsoft task automation and configuration management frameworks consisting of a command-line shell and associated scripting language.
5,627 questions
0 comments No comments
{count} votes

Accepted answer
  1. MotoX80 35,511 Reputation points
    2021-11-15T13:20:50.89+00:00

    You can still use cacls/icacls in Powershell, you just have to change how you reference environment variables.

    https://learn.microsoft.com/en-us/powershell/module/microsoft.powershell.core/about/about_environment_variables?view=powershell-5.1

    cacls.exe $env:USERPROFILE\AppData\Roaming\vlc /T /P $($env:USERNAME):N"  
    

    Note that the ":N" causes problems and PS doesn't display the user name. To work around that you have to get PS to evaluate it first using $().

    Instead of "nul" you will have to use "$null" when redirecting stdout/stderr. Don't suppress that output until you verify that the commands are doing what you expect them to do.

    You might want to use icacls and not cacls.


2 additional answers

Sort by: Most helpful
  1. SChalakov 10,571 Reputation points MVP
    2021-11-15T10:04:23.583+00:00

    Hi Andy,

    I wrote a short article about replacing the NTFS permission of one user with the same permissions for another user, using PowerShell. The article describes a Powershell based script that does that. You most probably won't be able to sue the script as it is, but you can certainly take a look at it and see how actually the permissions replacement si done:

    Mirroring NTFS Permissions (ACLs) with PowerShell
    https://www.pohn.ch/mirroring-ntfs-permissions-acls-with-powershell/

    Please let me know if you have any questions.


    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
    Regards,
    Stoyan


  2. Limitless Technology 39,811 Reputation points
    2021-11-16T08:27:18.84+00:00

    Hi there,

    The PowerShell Equivalent of ICACLS Is Get-Acl and Set-Acl. By are using both Get-Acl and Set-Acl you can copy the permissions from one file to another

    You can get more info from these articles

    https://learn.microsoft.com/en-us/windows-server/administration/windows-commands/icacls

    https://learn.microsoft.com/en-us/powershell/module/microsoft.powershell.core/about/about_environment_variables?view=powershell-5.1

    -------------------------------------------------------------------------------------------------------------------------------------------------------------

    --If the reply is helpful, please Upvote and Accept it as an answer--

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.