- 02 Feb 2024
- 3 読む分
- 印刷する
- PDF
Set File/Folders permissions on Windows devices
- 更新日 02 Feb 2024
- 3 読む分
- 印刷する
- PDF
Windows provides a flexible way to manage file and folder access through multiple permission levels. IT Admins can grant different levels of access (read, write, modify, etc.) to individual users or groups, ensuring that only authorized individuals have the necessary privileges to interact with sensitive data.
The following PowerShell scripts helps the IT Admins to change file, folder, or directory permissions on their managed Windows devices.
Grant a user permission to access a file or folder
Create a file on your desktop, for example, grant_access.ps1 and open it in a text editor like notepad++
Copy the contents below to the file or click here to download the file.
icacls is a Windows command-line tool used to manage file and folder permissions.
<path>: This placeholder represents the specific file or folder path where you want to modify permissions.
/grant: This argument specifies that you're granting permissions to a user.
<username>: This placeholder represents the username of the user who will receive the permissions.
:F: This grants "Full Control" permissions to the specified user.
/t: This argument applies the permission changes to all files and subdirectories within the specified path.
/c: This argument instructs the command to continue processing even if it encounters errors.
icacls <path> /grant <username>:F /t /c
Deny a user permission to access a file or folder
Create a file on your desktop, for example, deny_access.ps1 and open it in a text editor like notepad++
Copy the contents below to the file or click here to download the file.
icacls: Windows command-line tool for managing file and folder permissions.
<path>: This placeholder represents the specific file or folder path.
/deny: This argument indicates that you're explicitly denying permissions to a user or group.
<username>:F: This denies "Full Control" permissions to the user named added.
icacls <path> /deny <username>:F
For example, the below prevents the user named "Admin" from having any access (read, write, modify, delete, etc.) to the specified folder and its contents.
icacls C:\Users\Admin\Desktop\Folder /deny Admin:F
Reset permissions to default
Create a file on your desktop, for example, reset_permission.ps1 and open it in a text editor like notepad++
Copy the contents below to the file or click here to download the file.
icacls: As we've seen, this is the Windows command-line tool for managing file and folder permissions.
<path>: This placeholder represents the specific file or folder path where you want to reset permissions.
/reset: This argument instructs the command to restore the default inherited permissions for the specified path.
/t: This argument applies the permission reset to all files and subdirectories within the specified path, recursively.
/c: This argument tells the command to continue processing even if it encounters errors.
icacls <path> /reset /t /c
The script essentially wipes out any custom permissions that have been set on the files and folders within the given path and replaces them with the default permissions that would be inherited from their parent folders. This applies to all files and subdirectories within the path, even if there are errors.
Remove permissions of a user
Create a file on your desktop, for example, remove_permission.ps1 and open it in a text editor like notepad++
Copy the contents below to the file or click here to download the file.
icacls: This is the Windows command-line tool for managing file and folder permissions.
<path>: This placeholder represents the specific file or folder path where you want to remove permissions.
/remove: This argument specifies that you're removing existing permissions.
:<action>: This placeholder indicates the type of permission to be removed (e.g., "F" for Full Control, "M" for Modify, "R" for Read, etc.).
<username>: This placeholder represents the username of the user whose permissions will be removed.
/t: This argument applies the permission removal to all files and subdirectories within the specified path, recursively.
/c: This argument instructs the command to continue processing even if it encounters errors.
The script removes a specific type of permission (e.g., Full Control, Modify, Read) for a particular user from all files and subdirectories within the given path, even if there are some errors.
icacls <path> /remove:<action> <username> /t /c
Follow our guide to upload & publish the PowerShell script using Scalefusion Dashboard.
Please note that to use the PowerShell scripts, the Scalefusion MDM Agent Application must be installed on the device(s). Please follow our guide to publish and install the Scalefusion MDM Agent Application.
Notes:
The scripts and their contents are sourced from various albeit authenticated Microsoft sources and forums.
Please validate the scripts on a test machine before deploying them on all your managed devices.
Scalefusion has tested these scripts, however, Scalefusion will not be responsible for any loss of data or system malfunction that may arise due to the incorrect usage of these scripts.