SOLVED

Modifying NTFS Permissions Using the NTFSSecurity Module

%3CLINGO-SUB%20id%3D%22lingo-sub-1944811%22%20slang%3D%22en-US%22%3EModifying%20NTFS%20Permissions%20Using%20the%20NTFSSecurity%20Module%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1944811%22%20slang%3D%22en-US%22%3E%3CP%3E%3CFONT%20size%3D%222%22%3EHi%20All%2C%3C%2FFONT%3E%3CBR%20%2F%3E%3CFONT%20size%3D%222%22%3EI%20am%20hoping%20someone%20can%20help%20me%20crack%20this%20issue.%3C%2FFONT%3E%3CBR%20%2F%3E%3CFONT%20size%3D%222%22%3EI%20have%20been%20tasked%20with%20changing%20the%20Access%20Rights%20on%20millions%20of%20files%20and%20folders%20for%20each%20user%2Fgroup%20that%20has%20access%20to%20them%20currently.%20These%20will%20be%20set%20to%20Read%2CExecute%2CDelete%20as%20the%20highest%20access%20permissions%20granted.%20Anything%20less%20than%20that%20like%20List%20or%20Traverse%20will%20left%20as%20is.%3C%2FFONT%3E%3CBR%20%2F%3E%3CFONT%20size%3D%222%22%3EThis%20I%20can%20do%20ok%20with%20'where-object'%20etc.%3C%2FFONT%3E%3C%2FP%3E%3CP%3E%3CFONT%20size%3D%222%22%3EI%20am%20using%20the%20NTFSSecurity%20PowerShell%20module.%3C%2FFONT%3E%3C%2FP%3E%3CP%3E%3CFONT%20size%3D%222%22%3EMy%20biggest%20issue%20is%20that%20when%20I%20use%26nbsp%3B%3CSTRONG%3EGet-NTFSAccess%20-Path%20%5C%5CFolder%5CI%5Cam%5CChecking%3C%2FSTRONG%3E%20and%20output%20to%20the%20console%20or%20OGV%2C%20I%20get%20the%20following%20headers.%3C%2FFONT%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CFONT%20size%3D%221%202%203%204%205%206%207%22%3E%3CSTRONG%3EAccount%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3BAccess%20Rights%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3BApplies%20to%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20Type%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3BIsInherited%26nbsp%3B%26nbsp%3B%26nbsp%3B%20InheritedFrom%3C%2FSTRONG%3E%3C%2FFONT%3E%3C%2FP%3E%3CP%3E%3CFONT%20size%3D%221%202%203%204%205%206%207%22%3EContoso%5CTestAccount1%26nbsp%3B%26nbsp%3B%26nbsp%3B%20FullControl%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20ThisFolderSubfoldersAndFiles%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3BAllow%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20False%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%3C%2FFONT%3E%3C%2FP%3E%3CP%3E%3CFONT%20size%3D%221%202%203%204%205%206%207%22%3EContoso%5CTestAccount2%26nbsp%3B%26nbsp%3B%26nbsp%3B%20Modify%2C%20Synchronize%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20ThisFolderOnly%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3BAllow%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20False%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%3C%2FFONT%3E%3C%2FP%3E%3CP%3E%3CFONT%20size%3D%222%22%3E%3CFONT%20size%3D%221%202%203%204%205%206%207%22%3EContoso%5CTestAccount3%26nbsp%3B%26nbsp%3B%26nbsp%3B%20Traverse%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20ThisFolderAndFiles%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20Allow%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20False%3C%2FFONT%3E%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%3C%2FFONT%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CFONT%20size%3D%222%22%3EHowever%2C%20if%20I%20export%20to%20csv%2C%20I%20get%20the%20following%20headers.%3C%2FFONT%3E%3C%2FP%3E%3CP%3E%3CFONT%20size%3D%222%22%3E%3CSTRONG%3EAccountType%2C%20Name%2C%20FullName%2C%20InheritanceEnabled%2C%20InheritedFrom%2C%20AccessControlType%2C%20AccessRights%2C%20Account%2C%20InheritanceFlags%2C%20IsInherited%2C%20PropagationFlags%3C%2FSTRONG%3E%3C%2FFONT%3E%3C%2FP%3E%3CP%3E%3CFONT%20size%3D%222%22%3E%3CSTRONG%3E%26nbsp%3B%3C%2FSTRONG%3E%3C%2FFONT%3E%3C%2FP%3E%3CP%3E%3CFONT%20size%3D%222%22%3EI%20know%20the%20InheritanceFlags%20refer%20to%20the%20Access%20Rights%2C%20but%20is%20it%20possible%20when%20using%26nbsp%3B%3CSTRONG%3EAdd-NTFSAccess%3C%2FSTRONG%3E%3C%2FFONT%3E%3C%2FP%3E%3CP%3E%3CFONT%20size%3D%222%22%3Eto%20read%20the%20InheritanceFlags%20values%20as%20I%20am%20doing%20with%20the%20other%20values%20and%20set%20them%20so%20that%20the%3C%2FFONT%3E%3C%2FP%3E%3CP%3E%3CFONT%20size%3D%222%22%3E%26nbsp%3B%E2%80%9Capplies%20to%20this%20folder%20only%2C%20this%20folder%20and%20files%2C%20List%E2%80%9D%2C%20etc%26nbsp%3B%20are%20not%20changed%20from%20their%20current%20settings.%3C%2FFONT%3E%3C%2FP%3E%3CP%3E%3CFONT%20size%3D%222%22%3ESo%2C%20this%3A%3C%2FFONT%3E%3C%2FP%3E%3CP%3E%3CBR%20%2F%3E%3CFONT%20size%3D%221%202%203%204%205%206%207%22%3E%3CSTRONG%3EAccessControlType%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20AccessRights%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20Account%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20InheritanceFlags%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3BIsInherited%26nbsp%3B%26nbsp%3B%26nbsp%3B%20PropagationFlags%3C%2FSTRONG%3E%3C%2FFONT%3E%3C%2FP%3E%3CP%3E%3CFONT%20size%3D%221%202%203%204%205%206%207%22%3EAllow%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3BFullControl%26nbsp%3B%26nbsp%3B%26nbsp%3B%20%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20Contoso%5CTestAccount1%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3BContainerInherit%2C%20ObjectInherit%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20FALSE%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20None%3C%2FFONT%3E%3C%2FP%3E%3CP%3E%3CFONT%20size%3D%221%202%203%204%205%206%207%22%3EAllow%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20Modify%2C%20Synchronize%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20Contoso%5CTestAccount2%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3BObjectInherit%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20FALSE%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20None%3C%2FFONT%3E%3C%2FP%3E%3CP%3E%3CFONT%20size%3D%221%202%203%204%205%206%207%22%3EAllow%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20Traverse%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20Contoso%5CTestAccount3%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3BContainerInherit%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20FALSE%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20None%3C%2FFONT%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWould%20become%20this%3A%3C%2FP%3E%3CP%3E%3CFONT%20size%3D%221%202%203%204%205%206%207%22%3E%3CSTRONG%3EAccessControlType%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3BAccessRights%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20Account%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3BInheritanceFlags%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20IsInherited%26nbsp%3B%26nbsp%3B%26nbsp%3B%20PropagationFlags%3C%2FSTRONG%3E%3C%2FFONT%3E%3C%2FP%3E%3CP%3E%3CFONT%20size%3D%221%202%203%204%205%206%207%22%3EAllow%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20Delete%2C%20ReadAndExecute%2C%20Synchronize%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3BContoso%5CTestAccount1%20%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20ContainerInherit%2C%20ObjectInherit%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20FALSE%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20None%3C%2FFONT%3E%3C%2FP%3E%3CP%3E%3CFONT%20size%3D%221%202%203%204%205%206%207%22%3EAllow%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20Delete%2C%20ReadAndExecute%2C%20Synchronize%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3BContoso%5CTestAccount2%20%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20ObjectInherit%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20FALSE%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20None%3C%2FFONT%3E%3C%2FP%3E%3CP%3E%3CFONT%20size%3D%221%202%203%204%205%206%207%22%3EAllow%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20Traverse%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20Contoso%5CTestAccount3%20%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20ContainerInherit%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3BFALSE%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20None%3C%2FFONT%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EOr%20This%3A%3C%2FP%3E%3CP%3E%3CFONT%20size%3D%221%202%203%204%205%206%207%22%3E%3CSTRONG%3EAccount%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3BAccess%20Rights%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20Applies%20to%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3BType%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20IsInherited%26nbsp%3B%26nbsp%3B%26nbsp%3B%20InheritedFrom%3C%2FSTRONG%3E%3C%2FFONT%3E%3C%2FP%3E%3CP%3E%3CFONT%20size%3D%221%202%203%204%205%206%207%22%3EContoso%5CTestAccount1%26nbsp%3B%26nbsp%3B%26nbsp%3B%20Delete%2C%20ReadAndExecute%2C%20Synchronize%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20ThisFolderSubfoldersAndFiles%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20Allow%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20False%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%3C%2FFONT%3E%3C%2FP%3E%3CP%3E%3CFONT%20size%3D%221%202%203%204%205%206%207%22%3EContoso%5CTestAccount2%26nbsp%3B%26nbsp%3B%26nbsp%3B%20Delete%2C%20ReadAndExecute%2C%20Synchronize%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20ThisFolderOnly%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3BAllow%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20False%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%3C%2FFONT%3E%3C%2FP%3E%3CP%3E%3CFONT%20size%3D%221%202%203%204%205%206%207%22%3EContoso%5CTestAccount3%26nbsp%3B%26nbsp%3B%26nbsp%3B%20Traverse%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20ThisFolderAndFiles%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20Allow%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20False%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%3C%2FFONT%3E%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CFONT%20size%3D%222%22%3EAnd%20the%20%22Applies%20to%22%20settings%20would%20not%20change.%3C%2FFONT%3E%3C%2FP%3E%3CP%3E%3CFONT%20size%3D%222%22%3EIf%20I%20create%20variables%20from%20the%20csv%20for%20each%20value%20required%3C%2FFONT%3E%3CBR%20%2F%3E%3CFONT%20size%3D%222%22%3EAt%20the%20moment%20when%20I%20run%20the%20script%20that%20includes%26nbsp%3B%3CSTRONG%3EAdd-NTFSAccess%20-Path%20%24Fullname%20-Account%20%24Account%20-AccessRights%26nbsp%3B'ReadAndExecute%2CDelete'%20-AccessType%20Allow%20-InheritanceFlags%20%24InheritanceFlags%3C%2FSTRONG%3E%3C%2FFONT%3E%3C%2FP%3E%3CP%3E%3CFONT%20size%3D%222%22%3E%3CSTRONG%3E%26nbsp%3B%3C%2FSTRONG%3E%3C%2FFONT%3E%3C%2FP%3E%3CP%3E%3CFONT%20size%3D%222%22%3EEverything%20is%20set%20to%20ThisFolderSubFoldersAndFiles.%3C%2FFONT%3E%3C%2FP%3E%3CP%3E%3CFONT%20size%3D%222%22%3EIf%20I%20could%20use%20the%20%3CSTRONG%3E-AppliesTo%3C%2FSTRONG%3E%20instead%20of%20%3CSTRONG%3E-InheritanceFlags%3C%2FSTRONG%3E%20and%20feed%20in%20exactly%20what%20is%20already%20present%20when%20displaying%20get-NTFSAccess%20in%20the%20console%20or%20OGV%2C%20I%20think%20this%20would%20resolve%2099%25%20of%20my%20issues.%3C%2FFONT%3E%3C%2FP%3E%3CP%3E%3CFONT%20size%3D%222%22%3EI%20have%20looked%20at%20apps%20like%20NTFS%20Permission%20Reporter%2C%20but%20I%20am%20sure%20this%20should%20be%20achievable%20with%20PS.%3C%2FFONT%3E%3C%2FP%3E%3CP%3E%3CFONT%20size%3D%222%22%3EI%20know%20there%20must%20be%20a%20simple%20solution%2C%20(Arrays%2C%20iCacls%3F)%20but%20I%20just%20cannot%20see%20how%20to%20do%20it.%3C%2FFONT%3E%3C%2FP%3E%3CP%3E%3CFONT%20size%3D%222%22%3EAny%20help%20would%20be%20awesome!%3C%2FFONT%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-1944811%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3Epowershell%20script%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1946174%22%20slang%3D%22en-US%22%3ERe%3A%20Modifying%20NTFS%20Permissions%20Using%20the%20NTFSSecurity%20Module%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1946174%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F246505%22%20target%3D%22_blank%22%3E%40MoZZa%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3ETake%20a%20look%20on%20this%20post.%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fstackoverflow.com%2Fquestions%2F37013298%2Fpowershell-acls-apply-to-this-folder-only%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fstackoverflow.com%2Fquestions%2F37013298%2Fpowershell-acls-apply-to-this-folder-only%3C%2FA%3E%3C%2FP%3E%3CP%3EThey%20have%20an%20example%20of%20how%20you%20can%20add%20a%20ACL%20entry%20and%20set%20it%20to%20Apply%20only%20to%20this%20Folder.%3C%2FP%3E%3CP%3EI%20did%20not%20work%20with%20the%20NTFS%20Security%20module%2C%20and%20usually%20like%20to%20do%20things%20without%20any%20module.%3C%2FP%3E%3CP%3ESo%20maybe%20the%20thing%20you%20are%20asking%20is%20not%20implemented%2C%20did%20you%20check%20the%20documentation%20to%20see%20if%20its%20an%20existing%20feature%20%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1948617%22%20slang%3D%22en-US%22%3ERe%3A%20Modifying%20NTFS%20Permissions%20Using%20the%20NTFSSecurity%20Module%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1948617%22%20slang%3D%22en-US%22%3E%3CP%3EHi%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F790105%22%20target%3D%22_blank%22%3E%40farismalaeb%3C%2FA%3E%26nbsp%3B%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThank%20you%20for%20your%20reply.%20I%20can%20set%20the%20folders%20to%20the%20various%20options%2C%20but%20what%20I%20really%20trying%20to%20achieve%20is%20to%20read%20the%20current%20ACL%20Rule%2C%20reading%20them%20directly%20from%20a%20variable%2Farray%20or%20csv%3C%2FP%3E%3CTABLE%3E%3CTBODY%3E%3CTR%3E%3CTD%20width%3D%22171px%22%20height%3D%2257px%22%3E%3CP%3E%3CSTRONG%3EAccount%3C%2FSTRONG%3E%3C%2FP%3E%3C%2FTD%3E%3CTD%20width%3D%2296px%22%20height%3D%2257px%22%3E%3CP%3E%3CSTRONG%3EAccess%20Rights%3C%2FSTRONG%3E%3C%2FP%3E%3C%2FTD%3E%3CTD%20width%3D%22219px%22%20height%3D%2257px%22%3E%3CP%3E%3CSTRONG%3EApplies%20to%3C%2FSTRONG%3E%3C%2FP%3E%3C%2FTD%3E%3CTD%20width%3D%2251px%22%20height%3D%2257px%22%3E%3CP%3E%3CSTRONG%3EType%3C%2FSTRONG%3E%3C%2FP%3E%3C%2FTD%3E%3CTD%20width%3D%2292px%22%20height%3D%2257px%22%3E%3CP%3E%3CSTRONG%3EIsInherited%3C%2FSTRONG%3E%3C%2FP%3E%3C%2FTD%3E%3CTD%20width%3D%22119px%22%20height%3D%2257px%22%3E%3CP%3E%3CSTRONG%3EInheritedFrom%3C%2FSTRONG%3E%3C%2FP%3E%3C%2FTD%3E%3C%2FTR%3E%3CTR%3E%3CTD%20width%3D%22171px%22%20height%3D%2230px%22%3E%3CP%3EContoso%5CTestAccount1%3C%2FP%3E%3C%2FTD%3E%3CTD%20width%3D%2296px%22%20height%3D%2230px%22%3E%3CP%3EFullControl%3C%2FP%3E%3C%2FTD%3E%3CTD%20width%3D%22219px%22%20height%3D%2230px%22%3E%3CP%3E%3CEM%3EThisFolderSubfoldersAndFiles%3C%2FEM%3E%3C%2FP%3E%3C%2FTD%3E%3CTD%20width%3D%2251px%22%20height%3D%2230px%22%3E%3CP%3EAllow%3C%2FP%3E%3C%2FTD%3E%3CTD%20width%3D%2292px%22%20height%3D%2230px%22%3E%3CP%3EFalse%3C%2FP%3E%3C%2FTD%3E%3CTD%20width%3D%22119px%22%20height%3D%2230px%22%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FTD%3E%3C%2FTR%3E%3CTR%3E%3CTD%20width%3D%22171px%22%20height%3D%2257px%22%3E%3CP%3EContoso%5CTestAccount2%3C%2FP%3E%3C%2FTD%3E%3CTD%20width%3D%2296px%22%20height%3D%2257px%22%3E%3CP%3EModify%2C%20Synchronize%3C%2FP%3E%3C%2FTD%3E%3CTD%20width%3D%22219px%22%20height%3D%2257px%22%3E%3CP%3E%3CEM%3EThisFolderOnly%3C%2FEM%3E%3C%2FP%3E%3C%2FTD%3E%3CTD%20width%3D%2251px%22%20height%3D%2257px%22%3E%3CP%3EAllow%3C%2FP%3E%3C%2FTD%3E%3CTD%20width%3D%2292px%22%20height%3D%2257px%22%3E%3CP%3EFalse%3C%2FP%3E%3C%2FTD%3E%3CTD%20width%3D%22119px%22%20height%3D%2257px%22%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FTD%3E%3C%2FTR%3E%3CTR%3E%3CTD%20width%3D%22171px%22%20height%3D%2230px%22%3E%3CP%3EContoso%5CTestAccount3%3C%2FP%3E%3C%2FTD%3E%3CTD%20width%3D%2296px%22%20height%3D%2230px%22%3E%3CP%3ETraverse%3C%2FP%3E%3C%2FTD%3E%3CTD%20width%3D%22219px%22%20height%3D%2230px%22%3E%3CP%3E%3CEM%3EThisFolderAndFiles%3C%2FEM%3E%3C%2FP%3E%3C%2FTD%3E%3CTD%20width%3D%2251px%22%20height%3D%2230px%22%3E%3CP%3EAllow%3C%2FP%3E%3C%2FTD%3E%3CTD%20width%3D%2292px%22%20height%3D%2230px%22%3E%3CP%3EFalse%3C%2FP%3E%3C%2FTD%3E%3CTD%20width%3D%22119px%22%20height%3D%2230px%22%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FTD%3E%3C%2FTR%3E%3C%2FTBODY%3E%3C%2FTABLE%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EModify%20any%20Access%20rights%20with%20the%20ability%20to%20create%20or%20modify%20existing%20files%2Ffolders%20and%20set%20them%20to%20ReadandExecute%2CDelete.%20BUT%20not%20to%20change%20the%26nbsp%3B%3CSTRONG%3EApplies%20To%3C%2FSTRONG%3E%20values%2C%20but%20read%20them%20straight%20from%20the%20existing%20variable%2Farray%20or%20csv%20and%20but%20to%20reapply%20them%20exactly%20as%20they%20were%20prior%20to%20changing%20the%26nbsp%3B%3CSTRONG%3EAccess%20Rights.%3C%2FSTRONG%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3Eeg%3C%2FP%3E%3CTABLE%20border%3D%22orange%22%20width%3D%22845px%22%3E%3CTBODY%3E%3CTR%3E%3CTD%20width%3D%22171px%22%3E%3CP%3E%3CSTRONG%3EAccount%3C%2FSTRONG%3E%3C%2FP%3E%3C%2FTD%3E%3CTD%20width%3D%22178px%22%3E%3CP%3E%3CSTRONG%3EAccess%20Rights%3C%2FSTRONG%3E%3C%2FP%3E%3C%2FTD%3E%3CTD%20width%3D%22233px%22%3E%3CP%3E%3CSTRONG%3EApplies%20to%3C%2FSTRONG%3E%3C%2FP%3E%3C%2FTD%3E%3CTD%20width%3D%2251px%22%3E%3CP%3E%3CSTRONG%3EType%3C%2FSTRONG%3E%3C%2FP%3E%3C%2FTD%3E%3CTD%20width%3D%2292px%22%3E%3CP%3E%3CSTRONG%3EIsInherited%3C%2FSTRONG%3E%3C%2FP%3E%3C%2FTD%3E%3CTD%20width%3D%22119px%22%3E%3CP%3E%3CSTRONG%3EInheritedFrom%3C%2FSTRONG%3E%3C%2FP%3E%3C%2FTD%3E%3C%2FTR%3E%3CTR%3E%3CTD%20width%3D%22171px%22%3E%3CP%3EContoso%5CTestAccount1%3C%2FP%3E%3C%2FTD%3E%3CTD%20width%3D%22178px%22%3E%3CP%3EReadAndExecute%2CDelete%3C%2FP%3E%3C%2FTD%3E%3CTD%20width%3D%22233px%22%3E%3CP%3E%3CEM%3EThisFolderSubfoldersAndFiles%3C%2FEM%3E%3C%2FP%3E%3C%2FTD%3E%3CTD%20width%3D%2251px%22%3E%3CP%3EAllow%3C%2FP%3E%3C%2FTD%3E%3CTD%20width%3D%2292px%22%3E%3CP%3EFalse%3C%2FP%3E%3C%2FTD%3E%3CTD%20width%3D%22119px%22%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FTD%3E%3C%2FTR%3E%3CTR%3E%3CTD%20width%3D%22171px%22%3E%3CP%3EContoso%5CTestAccount2%3C%2FP%3E%3C%2FTD%3E%3CTD%20width%3D%22178px%22%3E%3CP%3EReadAndExecute%2CDelete%3C%2FP%3E%3C%2FTD%3E%3CTD%20width%3D%22233px%22%3E%3CP%3E%3CEM%3EThisFolderOnly%3C%2FEM%3E%3C%2FP%3E%3C%2FTD%3E%3CTD%20width%3D%2251px%22%3E%3CP%3EAllow%3C%2FP%3E%3C%2FTD%3E%3CTD%20width%3D%2292px%22%3E%3CP%3EFalse%3C%2FP%3E%3C%2FTD%3E%3CTD%20width%3D%22119px%22%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FTD%3E%3C%2FTR%3E%3CTR%3E%3CTD%20width%3D%22171px%22%3E%3CP%3EContoso%5CTestAccount3%3C%2FP%3E%3C%2FTD%3E%3CTD%20width%3D%22178px%22%3E%3CP%3ETraverse%3C%2FP%3E%3C%2FTD%3E%3CTD%20width%3D%22233px%22%3E%3CP%3E%3CEM%3EThisFolderAndFiles%3C%2FEM%3E%3C%2FP%3E%3C%2FTD%3E%3CTD%20width%3D%2251px%22%3E%3CP%3EAllow%3C%2FP%3E%3C%2FTD%3E%3CTD%20width%3D%2292px%22%3E%3CP%3EFalse%3C%2FP%3E%3C%2FTD%3E%3CTD%20width%3D%22119px%22%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FTD%3E%3C%2FTR%3E%3C%2FTBODY%3E%3C%2FTABLE%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EHope%20that%20makes%20it%20a%20little%20clearer%2C%20I%20basically%20want%20to%20feed%20back%20into%20the%20ACL%20rule%20exactly%20what%20is%20there%2C%20but%20only%20modify%20the%20level%20of%20access%20rights.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EKind%20Regards%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EMoZZa%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1955194%22%20slang%3D%22en-US%22%3ERe%3A%20Modifying%20NTFS%20Permissions%20Using%20the%20NTFSSecurity%20Module%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1955194%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F246505%22%20target%3D%22_blank%22%3E%40MoZZa%3C%2FA%3E%3C%2FP%3E%3CP%3EI%20tried%20The%20NTFSSecurity%20Module%2C%20but%20it%20seems%20that%20there%20still%20some%20missing%20features%20in%20it%20such%20as%20Set-NTFSAccess%2C%20or%20maybe%20I%20did%20not%20see%20it.%3C%2FP%3E%3CP%3Eanyway.%3C%2FP%3E%3CP%3EI%20wrote%20a%20code%20that%20will%20do%20the%20following%3C%2FP%3E%3CP%3Ewill%20read%20the%20permission%20from%20the%20folder%20to%20a%20variable%2C%20set%20change%20the%20value%20in%20the%20variable%20(it%20was%20hardcoded)%2C%20and%20then%20apply%20these%20settings%20to%20the%20folder%20back%2C%20this%20will%20not%20change%20the%20%3CSTRONG%3EApply%20to%26nbsp%3B%3C%2FSTRONG%3Escope%2C%20and%20the%20only%20thing%20that%20should%20change%20is%20the%20permission%20only%20and%20nothing%20else%3C%2FP%3E%3CP%3Eanyway%3C%2FP%3E%3CP%3Ei%20did%20the%20test%20on%20my%20lab%20and%20its%20a%20small%20scope%2C%20try%20it%20from%20your%20side%20and%20let%20me%20know%3C%2FP%3E%3CP%3Ebelow%20are%20some%20pictures%20of%20the%20result%2C%20Oh%2C%20did%20I%20forget%20to%20tell%20you%20that%20i%20did%20not%20use%20the%20NTFSSecurity%20module.%26nbsp%3B%3C%2FP%3E%3CP%3E%3CEM%3EBefore%20the%20Script%3C%2FEM%3E%3C%2FP%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22problem1.png%22%20style%3D%22width%3A%20729px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F237659iA74774D9487BA6C3%2Fimage-size%2Flarge%3Fv%3D1.0%26amp%3Bpx%3D999%22%20role%3D%22button%22%20title%3D%22problem1.png%22%20alt%3D%22problem1.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%3CEM%3EAfter%20the%20Script%3C%2FEM%3E%3C%2FP%3E%3CP%3E%3CEM%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22problem2.png%22%20style%3D%22width%3A%20729px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F237660iF477A65197CBF1BB%2Fimage-size%2Flarge%3Fv%3D1.0%26amp%3Bpx%3D999%22%20role%3D%22button%22%20title%3D%22problem2.png%22%20alt%3D%22problem2.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FEM%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CPRE%20class%3D%22lia-code-sample%20language-powershell%22%3E%3CCODE%3E%24acl%3DGet-Acl%20-Path%20C%3A%5CMyTestFolder%20%0Aforeach%20(%24singleACL%20in%20(%24acl.Access%20%7C%20where%20%7B(%24_.FileSystemRights%20-like%20%22*FullControl*%22)%20-and%20(%24_.IsInherited%20-like%20%24false)%7D))%7B%0A%24FileSystemRights%3D%40(%22ReadData%2C%20Delete%2C%20Synchronize%22)%0A%24AccessControlType%3D%24singleACL.AccessControlType%0A%24IdentityReference%3D%24singleACL.IdentityReference%0A%24InheritanceFlags%3D%24singleACL.InheritanceFlags%0A%24PropagationFlags%3D%24singleACL.PropagationFlags%0A%24rule%20%3D%20New-Object%20System.Security.AccessControl.FileSystemAccessRule(%24IdentityReference%2C%20%24FileSystemRights%2C%24InheritanceFlags%2C%20%24PropagationFlags%2C%20%24AccessControlType)%20%23%20This%20folder%20only%20%20%20%0A%24acl.SetAccessRule(%24rule)%0ASet-Acl%20-Path%20C%3A%5CMyTestFolder%20-AclObject%20%24acl%0A%7D%3C%2FCODE%3E%3C%2FPRE%3E%3CP%3ETry%20the%20script%2C%20and%20let%20me%20know%3C%2FP%3E%3CP%3Eand%20I%20hope%20I%20understand%20the%20requirement%20correct%20(sometime%20my%20bad%20English%20fails%20me%26nbsp%3B%20%3CIMG%20class%3D%22lia-deferred-image%20lia-image-emoji%22%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Fhtml%2Fimages%2Femoticons%2Ffacepalm_40x40.gif%22%20alt%3D%22%3Afacepalm%3A%22%20title%3D%22%3Afacepalm%3A%22%20%2F%3E)%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E----------------%26nbsp%3B%3C%2FP%3E%3CP%3EIf%20this%20answer%20helped%2C%20please%20click%20on%20best%20Response%20and%20give%20like%20%3A)%3C%2Fimg%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1963195%22%20slang%3D%22en-US%22%3ERe%3A%20Modifying%20NTFS%20Permissions%20Using%20the%20NTFSSecurity%20Module%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1963195%22%20slang%3D%22en-US%22%3E%3CP%3EHi%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F790105%22%20target%3D%22_blank%22%3E%40farismalaeb%3C%2FA%3E%26nbsp%3B%2C%3CBR%20%2F%3E%3CBR%20%2F%3EMany%20thanks%20for%20thanks%2C%20I%20will%20give%20it%20a%20go%20in%20my%20test%20environment%20and%20get%20back%20to%20you.%3C%2FP%3E%3CP%3EThank%20you%20so%20much%20for%20your%20feedback!!!!!%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1980819%22%20slang%3D%22en-US%22%3ERe%3A%20Modifying%20NTFS%20Permissions%20Using%20the%20NTFSSecurity%20Module%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1980819%22%20slang%3D%22en-US%22%3E%3CP%3EHi%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F790105%22%20target%3D%22_blank%22%3E%40farismalaeb%3C%2FA%3E%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20have%20tested%20your%20script%20and%20with%20a%20few%20modifications%20to%20suite%20our%20environment%20IT%20WORKS!!!%3CBR%20%2F%3EThank%20you%20so%20much%20%2C%20just%204%20or%205%20lines%20added%20to%20my%20script%20and%20its%20works.%3CBR%20%2F%3EHere%20is%20a%20sample%20of%20the%20script%20that%20just%20does%20the%20top%20layer%20where%20it%20is%20a%20root%20inheritance%20parent%20folder.%3C%2FP%3E%3CP%3EImport-Module%20ActiveDirectory%3CBR%20%2F%3E%24ExcludedPaths%20%3D%20%40()%3CBR%20%2F%3E%24ForUser%20%3D%20%22MoZZa%22%3CBR%20%2F%3E%24AnalysePath%20%3D%20%22%5C%5CContoso%5CX%24%5CShared%5CSome%5CData%5CHere%22%3CBR%20%2F%3E%24ExcludedPaths%20%3D%20%40('%5C%5CContoso%5CX%24%5CShared%5CSome%5CData%5CHere%5CDont%5CChange%5CThis%5CPath'%2C'%5C%5CContoso%5CX%24%5CShared%5CSome%5CData%5CHere%5CDont%5CChange%5CThis%5CPath%5CEither')%20%23Place%20excluded%20paths%20here%20'%5C%5Cpath1'%2C'path2'%20format%3C%2FP%3E%3CP%3E%24MasterACL%3DGet-Acl%20-Path%20%24AnalysePath%3C%2FP%3E%3CP%3EForEach(%24Master%20in%20%24MasterACL.Access)%7B%3C%2FP%3E%3CP%3Eif%20(%24Master.IdentityReference%20-notlike%20%22BUILTIN%5CAdministrators%22%20-and%3CBR%20%2F%3E%24Master.IdentityReference%20-notlike%20%22Contoso%5CDomain%20Admins%22%20-and%3CBR%20%2F%3E%24Master.IdentityReference%20-notlike%20%22Contoso%5CDomain%20Users%22%20-and%3CBR%20%2F%3E%24Master.IdentityReference%20-notlike%20%22CREATOR%20OWNER%22%20-and%3CBR%20%2F%3E%24Master.IdentityReference%20-notlike%20%22NT%20AUTHORITY%5CSYSTEM%22%20-and%3CBR%20%2F%3E%24Master.IdentityReference%20-notlike%20%22BUILTIN%5CUsers%22%20-and%3CBR%20%2F%3E%24Master.IdentityReference%20-notlike%20%22Contoso%5CBackup%20Users%22%20-and%3CBR%20%2F%3E%24Master.IdentityReference%20-notlike%20%22Contoso%5CSCCM%20Blah%20Blah%22%20-and%3CBR%20%2F%3E%24Master.IdentityReference%20-notlike%20%22S-1-5-21-*%22%20-and%3CBR%20%2F%3E%24Master.FileSystemRights%20-notlike%20%22Delete%2C%20ReadAndExecute%2C%20Synchronize%22%20-and%3CBR%20%2F%3E%24Master.FileSystemRights%20-notlike%20%22ReadData%2C%20ExecuteFile%2C%20Synchronize%22%20-and%3CBR%20%2F%3E%24Master.FileSystemRights%20-notlike%20%22ListDirectory%2C%20Traverse%2C%20Synchronize%22%20-and%3CBR%20%2F%3E%24Master.FileSystemRights%20-notlike%20%22Delete%2C%20Read%2C%20Synchronize%22%20-and%3CBR%20%2F%3E%24Master.FileSystemRights%20-notlike%20%22ReadAndExecute%2C%20Synchronize%22%20-and%3CBR%20%2F%3E%24Master.AccessRights%20-notlike%20%22ListDirectory%2C%20Delete%2C%20Synchronize%22%20-and%3CBR%20%2F%3E%24Master.FileSystemRights%20-notlike%20%22ListDirectory%2C%20ReadExtendedAttributes%2C%20Traverse%2C%20ReadAttributes%2C%20Synchronize%22%20-and%3CBR%20%2F%3E%24Master.IsInherited%20-like%20%24False%20-and%3CBR%20%2F%3E%24Master.FullName%20-notin%20%24ExcludedPaths)%7B%3C%2FP%3E%3CP%3E%24FileSystemRights%3D%40(%22Delete%2C%20ReadAndExecute%2C%20Synchronize%22)%3CBR%20%2F%3E%24AccessControlType%3D%24Master.AccessControlType%3CBR%20%2F%3E%24IdentityReference%3D%24Master.IdentityReference%3CBR%20%2F%3E%24InheritanceFlags%3D%24Master.InheritanceFlags%3CBR%20%2F%3E%24PropagationFlags%3D%24Master.PropagationFlags%3CBR%20%2F%3E%24rule%20%3D%20New-Object%20System.Security.AccessControl.FileSystemAccessRule(%24IdentityReference%2C%20%24FileSystemRights%2C%24InheritanceFlags%2C%20%24PropagationFlags%2C%20%24AccessControlType)%20%23%20This%20folder%20only%3CBR%20%2F%3E%24MasterACL.SetAccessRule(%24rule)%3CBR%20%2F%3ESet-Acl%20-Path%20%24AnalysePath%20-AclObject%20%24MasterACL%3CBR%20%2F%3E%7D%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20have%20also%20created%20a%20GUI%20version.%3CBR%20%2F%3EI%20will%20upload%20those%20tomorrow.%3CBR%20%2F%3EThey%20make%20it%20easier%20for%20the%201st%20support%20team%20to%20run%20the%20analysis%20script%20without%20having%20any%20PS%20knowledge.%3CBR%20%2F%3E%3CBR%20%2F%3E%3CBR%20%2F%3E%3C%2FP%3E%3CP%3EMany%20thanks%20again!!!!!%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E
Occasional Contributor

Hi All,
I am hoping someone can help me crack this issue.
I have been tasked with changing the Access Rights on millions of files and folders for each user/group that has access to them currently. These will be set to Read,Execute,Delete as the highest access permissions granted. Anything less than that like List or Traverse will left as is.
This I can do ok with 'where-object' etc.

I am using the NTFSSecurity PowerShell module.

My biggest issue is that when I use Get-NTFSAccess -Path \\Folder\I\am\Checking and output to the console or OGV, I get the following headers.

 

Account                           Access Rights                     Applies to                                    Type               IsInherited    InheritedFrom

Contoso\TestAccount1    FullControl                            ThisFolderSubfoldersAndFiles     Allow              False              

Contoso\TestAccount2    Modify, Synchronize              ThisFolderOnly                           Allow              False              

Contoso\TestAccount3    Traverse                                ThisFolderAndFiles                      Allow              False              

 

However, if I export to csv, I get the following headers.

AccountType, Name, FullName, InheritanceEnabled, InheritedFrom, AccessControlType, AccessRights, Account, InheritanceFlags, IsInherited, PropagationFlags

 

I know the InheritanceFlags refer to the Access Rights, but is it possible when using Add-NTFSAccess

to read the InheritanceFlags values as I am doing with the other values and set them so that the

 “applies to this folder only, this folder and files, List”, etc  are not changed from their current settings.

So, this:


AccessControlType         AccessRights                        Account                                 InheritanceFlags                           IsInherited    PropagationFlags

Allow                                FullControl                            Contoso\TestAccount1           ContainerInherit, ObjectInherit        FALSE              None

Allow                                Modify, Synchronize              Contoso\TestAccount2           ObjectInherit                                    FALSE              None

Allow                                Traverse                                Contoso\TestAccount3             ContainerInherit                              FALSE              None

 

Would become this:

AccessControlType      AccessRights                                          Account                             InheritanceFlags                            IsInherited    PropagationFlags

Allow                             Delete, ReadAndExecute, Synchronize     Contoso\TestAccount1      ContainerInherit, ObjectInherit        FALSE              None

Allow                             Delete, ReadAndExecute, Synchronize     Contoso\TestAccount2      ObjectInherit                                    FALSE              None

Allow                             Traverse                                                    Contoso\TestAccount3      ContainerInherit                               FALSE              None

 

Or This:

Account                           Access Rights                                          Applies to                                     Type               IsInherited    InheritedFrom

Contoso\TestAccount1    Delete, ReadAndExecute, Synchronize      ThisFolderSubfoldersAndFiles        Allow              False              

Contoso\TestAccount2    Delete, ReadAndExecute, Synchronize      ThisFolderOnly                               Allow              False              

Contoso\TestAccount3    Traverse                                                      ThisFolderAndFiles                        Allow              False              

 

And the "Applies to" settings would not change.

If I create variables from the csv for each value required
At the moment when I run the script that includes Add-NTFSAccess -Path $Fullname -Account $Account -AccessRights 'ReadAndExecute,Delete' -AccessType Allow -InheritanceFlags $InheritanceFlags

 

Everything is set to ThisFolderSubFoldersAndFiles.

If I could use the -AppliesTo instead of -InheritanceFlags and feed in exactly what is already present when displaying get-NTFSAccess in the console or OGV, I think this would resolve 99% of my issues.

I have looked at apps like NTFS Permission Reporter, but I am sure this should be achievable with PS.

I know there must be a simple solution, (Arrays, iCacls?) but I just cannot see how to do it.

Any help would be awesome!

5 Replies

@MoZZa 

Take a look on this post.

https://stackoverflow.com/questions/37013298/powershell-acls-apply-to-this-folder-only

They have an example of how you can add a ACL entry and set it to Apply only to this Folder.

I did not work with the NTFS Security module, and usually like to do things without any module.

So maybe the thing you are asking is not implemented, did you check the documentation to see if its an existing feature ?

 

Hi @farismalaeb ,

 

Thank you for your reply. I can set the folders to the various options, but what I really trying to achieve is to read the current ACL Rule, reading them directly from a variable/array or csv

Account

Access Rights

Applies to

Type

IsInherited

InheritedFrom

Contoso\TestAccount1

FullControl

ThisFolderSubfoldersAndFiles

Allow

False

 

Contoso\TestAccount2

Modify, Synchronize

ThisFolderOnly

Allow

False

 

Contoso\TestAccount3

Traverse

ThisFolderAndFiles

Allow

False

 

 

Modify any Access rights with the ability to create or modify existing files/folders and set them to ReadandExecute,Delete. BUT not to change the Applies To values, but read them straight from the existing variable/array or csv and but to reapply them exactly as they were prior to changing the Access Rights.

 

eg

Account

Access Rights

Applies to

Type

IsInherited

InheritedFrom

Contoso\TestAccount1

ReadAndExecute,Delete

ThisFolderSubfoldersAndFiles

Allow

False

 

Contoso\TestAccount2

ReadAndExecute,Delete

ThisFolderOnly

Allow

False

 

Contoso\TestAccount3

Traverse

ThisFolderAndFiles

Allow

False

 

 

Hope that makes it a little clearer, I basically want to feed back into the ACL rule exactly what is there, but only modify the level of access rights.

 

 

Kind Regards

 

MoZZa

best response confirmed by MoZZa (Occasional Contributor)
Solution

Hi @MoZZa

I tried The NTFSSecurity Module, but it seems that there still some missing features in it such as Set-NTFSAccess, or maybe I did not see it.

anyway.

I wrote a code that will do the following

will read the permission from the folder to a variable, set change the value in the variable (it was hardcoded), and then apply these settings to the folder back, this will not change the Apply to scope, and the only thing that should change is the permission only and nothing else

anyway

i did the test on my lab and its a small scope, try it from your side and let me know

below are some pictures of the result, Oh, did I forget to tell you that i did not use the NTFSSecurity module. 

Before the Script

problem1.png

After the Script

problem2.png

 

$acl=Get-Acl -Path C:\MyTestFolder 
foreach ($singleACL in ($acl.Access | where {($_.FileSystemRights -like "*FullControl*") -and ($_.IsInherited -like $false)})){
$FileSystemRights=@("ReadData, Delete, Synchronize")
$AccessControlType=$singleACL.AccessControlType
$IdentityReference=$singleACL.IdentityReference
$InheritanceFlags=$singleACL.InheritanceFlags
$PropagationFlags=$singleACL.PropagationFlags
$rule = New-Object System.Security.AccessControl.FileSystemAccessRule($IdentityReference, $FileSystemRights,$InheritanceFlags, $PropagationFlags, $AccessControlType) # This folder only   
$acl.SetAccessRule($rule)
Set-Acl -Path C:\MyTestFolder -AclObject $acl
}

Try the script, and let me know

and I hope I understand the requirement correct (sometime my bad English fails me  :facepalm:)

 

 

---------------- 

If this answer helped, please click on best Response and give like :)

Hi @farismalaeb ,

Many thanks for thanks, I will give it a go in my test environment and get back to you.

Thank you so much for your feedback!!!!!

Hi @farismalaeb,

 

I have tested your script and with a few modifications to suite our environment IT WORKS!!!
Thank you so much , just 4 or 5 lines added to my script and its works.
Here is a sample of the script that just does the top layer where it is a root inheritance parent folder.

Import-Module ActiveDirectory
$ExcludedPaths = @()
$ForUser = "MoZZa"
$AnalysePath = "\\Contoso\X$\Shared\Some\Data\Here"
$ExcludedPaths = @('\\Contoso\X$\Shared\Some\Data\Here\Dont\Change\This\Path','\\Contoso\X$\Shared\Some\Data\Here\Dont\Change\This\Path\Either') #Place excluded paths here '\\path1','path2' format

$MasterACL=Get-Acl -Path $AnalysePath

ForEach($Master in $MasterACL.Access){

if ($Master.IdentityReference -notlike "BUILTIN\Administrators" -and
$Master.IdentityReference -notlike "Contoso\Domain Admins" -and
$Master.IdentityReference -notlike "Contoso\Domain Users" -and
$Master.IdentityReference -notlike "CREATOR OWNER" -and
$Master.IdentityReference -notlike "NT AUTHORITY\SYSTEM" -and
$Master.IdentityReference -notlike "BUILTIN\Users" -and
$Master.IdentityReference -notlike "Contoso\Backup Users" -and
$Master.IdentityReference -notlike "Contoso\SCCM Blah Blah" -and
$Master.IdentityReference -notlike "S-1-5-21-*" -and
$Master.FileSystemRights -notlike "Delete, ReadAndExecute, Synchronize" -and
$Master.FileSystemRights -notlike "ReadData, ExecuteFile, Synchronize" -and
$Master.FileSystemRights -notlike "ListDirectory, Traverse, Synchronize" -and
$Master.FileSystemRights -notlike "Delete, Read, Synchronize" -and
$Master.FileSystemRights -notlike "ReadAndExecute, Synchronize" -and
$Master.AccessRights -notlike "ListDirectory, Delete, Synchronize" -and
$Master.FileSystemRights -notlike "ListDirectory, ReadExtendedAttributes, Traverse, ReadAttributes, Synchronize" -and
$Master.IsInherited -like $False -and
$Master.FullName -notin $ExcludedPaths){

$FileSystemRights=@("Delete, ReadAndExecute, Synchronize")
$AccessControlType=$Master.AccessControlType
$IdentityReference=$Master.IdentityReference
$InheritanceFlags=$Master.InheritanceFlags
$PropagationFlags=$Master.PropagationFlags
$rule = New-Object System.Security.AccessControl.FileSystemAccessRule($IdentityReference, $FileSystemRights,$InheritanceFlags, $PropagationFlags, $AccessControlType) # This folder only
$MasterACL.SetAccessRule($rule)
Set-Acl -Path $AnalysePath -AclObject $MasterACL
}

 

I have also created a GUI version.
I will upload those tomorrow.
They make it easier for the 1st support team to run the analysis script without having any PS knowledge.


Many thanks again!!!!!