Grant-Permissions

Grants permission on a file, directory or registry key.

Syntax

Grant-Permissions [-Identity] <String> [-Permissions] <String[]> [-Path] <String> [-Clear] [-WhatIf] [-Confirm] [<CommonParameters>]

Description

Granting access to a file system entry or registry key requires a lot of steps. This method reduces it to one call. Very helpful.

It has the advantage that it will set permissions on a file system object or a registry. If Path is absolute, the correct provider (file system or registry) is used. If Path is relative, the provider of the current location will be used.

The Permissions attribute can be a list of FileSystemRights or RegistryRights.

This command will show you the values for the FileSystemRights:

[Enum]::GetValues([Security.AccessControl.FileSystemRights])

This command will show you the values for the RegistryRights:

[Enum]::GetValues([Security.AccessControl.RegistryRights])

Related Commands

Parameters

Name Type Description Required? Pipeline Input Default Value
Identity String The user or group getting the permissions true false
Permissions String[] The permission: e.g. FullControl, Read, etc. For file system items, use values from System.Security.AccessControl.FileSystemRights. For registry items, use values from System.Security.AccessControl.RegistryRights. true false
Path String The path on which the permissions should be granted. Can be a file system or registry path. true false
Clear SwitchParameter Removes all non-inherited permissions on the item. false false
WhatIf SwitchParameter false false
Confirm SwitchParameter false false
CommonParameters This cmdlet supports common parameters. For more information type
Get-Help about_CommonParameters.

EXAMPLE 1

Grant-Permissions -Identity ENTERPRISE\Engineers -Permissions FullControl -Path C:\EngineRoom

Grants the Enterprise's engineering group full control on the engine room. Very important if you want to get anywhere.

EXAMPLE 2

Grant-Permissions -Identity ENTERPRISE\Interns -Permissions ReadKey,QueryValues,EnumerateSubKeys -Path rklm:\system\WarpDrive

Grants the Enterprise's interns access to read about the warp drive. They need to learn someday, but at least they can't change anything.

EXAMPLE 3

Grant-Permissions -Identity ENTERPRISE\Engineers -Permissions FullControl -Path C:\EngineRoom -Clear

Grants the Enterprise's engineering group full control on the engine room. Any non-inherited, existing access rules are removed from C:\EngineRoom.