I am currently working on a script similar to the Mass import of users in Active Direcory post I published earlier (as promised 
). In the new script I wanted to only use powershell, so I had to find a way to set ntfs permissions using powershell. After all, the cacls way is pretty outdated.
After some googling I came up with a rather extensive script, it is a little more complicated than I wanted but here goes:
$acl = Get-Acl c:test
$acl.SetAccessRuleProtection($True, $False)
$rule = New-Object System.Security.AccessControl.FileSystemAccessRule("Administrators","FullControl", "ContainerInherit, ObjectInherit", "None", "Allow")
$acl.AddAccessRule($rule)
("SYSTEM","FullControl", "ContainerInherit, ObjectInherit", "None", "Allow")
$acl.AddAccessRule($rule)
$rule = New-Object System.Security.AccessControl.FileSystemAccessRule("testuser","FullControl", "ContainerInherit, ObjectInherit", "None", "Allow")
$acl.AddAccessRule($rule)
$rule = New-Object System.Security.AccessControl.FileSystemAccessRule("Users","Read", "ContainerInherit, ObjectInherit", "None", "Allow")
$acl.AddAccessRule($rule)
Set-Acl c:test $acl
Get-Acl c:test | format-list
What it does it set the default permissions (in win7) that are inherited, in addition to full controll for “testuser”, on the folder c:test.
You can download the script here
Next step is to get this into an foreach loop…