Grants permission on a file, directory or registry key.
Grant-Permissions [-Identity] <String> [-Permissions] <String[]> [-Path] <String> [-Clear] [-WhatIf] [-Confirm] [<CommonParameters>]
Granting access to a file system entry or registry key requires a lot of steps. This method reduces it to one call. Very helpful.
It has the advantage that it will set permissions on a file system object or a registry. If Path
is absolute, the correct provider (file system or registry) is used. If Path
is relative, the provider of the current location will be used.
The Permissions
attribute can be a list of FileSystemRights or RegistryRights.
This command will show you the values for the FileSystemRights
:
[Enum]::GetValues([Security.AccessControl.FileSystemRights])
This command will show you the values for the RegistryRights
:
[Enum]::GetValues([Security.AccessControl.RegistryRights])
Name | Type | Description | Required? | Pipeline Input | Default Value |
---|---|---|---|---|---|
Identity | String | The user or group getting the permissions | true | false | |
Permissions | String[] | The permission: e.g. FullControl, Read, etc. For file system items, use values from System.Security.AccessControl.FileSystemRights. For registry items, use values from System.Security.AccessControl.RegistryRights. | true | false | |
Path | String | The path on which the permissions should be granted. Can be a file system or registry path. | true | false | |
Clear | SwitchParameter | Removes all non-inherited permissions on the item. | false | false | |
WhatIf | SwitchParameter | false | false | ||
Confirm | SwitchParameter | false | false | ||
CommonParameters | This cmdlet supports common parameters. For more information type Get-Help about_CommonParameters . |
Grant-Permissions -Identity ENTERPRISE\Engineers -Permissions FullControl -Path C:\EngineRoom
Grants the Enterprise's engineering group full control on the engine room. Very important if you want to get anywhere.
Grant-Permissions -Identity ENTERPRISE\Interns -Permissions ReadKey,QueryValues,EnumerateSubKeys -Path rklm:\system\WarpDrive
Grants the Enterprise's interns access to read about the warp drive. They need to learn someday, but at least they can't change anything.
Grant-Permissions -Identity ENTERPRISE\Engineers -Permissions FullControl -Path C:\EngineRoom -Clear
Grants the Enterprise's engineering group full control on the engine room. Any non-inherited, existing access rules are removed from C:\EngineRoom
.