Directory and file permissions is a common task for a system administrator. When working with a graphical interface, updating and modifying the permissions for a wide array of files and directories can be tiresome and repetitive.

Thankfully, we can leverage the power of Windows PowerShell to view and update permissions within the NTFS filesystem.

PowerShell List File and Folder Permissions

The NTFS Filesystem has a wide collection of permissions that you can configure in various combinations for both files and folders. To view all the available permissions, you can use the System.Security.AccessControl.FileSystemRight

The command is as shown:


The command should return the output as:


The following shows what each permission does.

  1. ListDirectory: Grants the ability to list the contents of a directory.
  2. ReadData: Allows reading the data of a file.
  3. WriteData: Permits writing or modifying the data of a file.
  4. CreateFiles: Grants the ability to create new files within a directory.
  5. CreateDirectories: Allows creating new directories within a directory.
  6. AppendData: Permits appending data to a file.
  7. ReadExtendedAttributes: Allows reading extended attributes of a file or directory. Extended attributes provide additional information about a file or directory.
  8. WriteExtendedAttributes: Permits modifying or creating extended attributes of a file or directory.
  9. Traverse: Grants the ability to traverse through a directory and access its contents.
  10. ExecuteFile: Allows executing a file or running a program.
  11. DeleteSubdirectoriesAndFiles: Permits deleting subdirectories and files within a directory.
  12. ReadAttributes: Allows reading the attributes of a file or directory. Attributes provide information such as whether the item is hidden or read-only.
  13. WriteAttributes: Permits modifying the attributes of a file or directory.
  14. Write: Grants write access to a file or directory, allowing modifying its content and attributes.
  15. Delete: Allows deleting a file or directory.
  16. ReadPermissions: Permits reading the permissions assigned to a file or directory.
  17. Read: Grants read access to a file or directory.
  18. ReadAndExecute: Allows reading the data of a file and executing it if it is an executable file or script.
  19. Modify: Provides full control over a file or directory, including reading, writing, modifying attributes, and deleting.
  20. ChangePermissions: Permits modifying the permissions assigned to a file or directory.
  21. TakeOwnership: Grants the ability to take ownership of a file or directory, allowing full control over it.
  22. Synchronize: Allows synchronization access, ensuring that file system views are consistent.
  23. FullControl: Grants full control and permissions to perform any action on the file or directory. It includes all other permissions.

PowerShell Get File or Folder Permission

Now that we know the various permissions available in an NTFS system, let us discuss how we can fetch the permission for a given file or folder.

In PowerShell, we can use the Get-ACL cmdlet to view the permission of a given file or folder as shown:

Get-ACL -Path .\img\

This command should return the permissions for the img folder as shown in the output below:

Path Owner                Access
---- -----                ------
img  PC\GeekBits NT AUTHORITY\SYSTEM Allow  FullControl…

Although the command does return a view of the folder permissions, we can fetch more detailed permission information using the .Access attribute as shown:

(Get-Acl -Path .\img\).Access | Format-Table


FileSystemRights AccessControlType IdentityReference      IsInherited                InheritanceFlags PropagationFlags
---------------- ----------------- -----------------      -----------                ---------------- ----------------
     FullControl             Allow NT AUTHORITY\SYSTEM           True ContainerInherit, ObjectInherit             None
     FullControl             Allow BUILTIN\Administrators        True ContainerInherit, ObjectInherit             None
     FullControl             Allow PC\GeekBits         True ContainerInherit, ObjectInherit             None

In this case, we get more detailed permission information that the first command.

Default NTFS Permissions

What happens when we create a new file or folder? What permissions does Windows assign to it. We can demonstrate this by running the command as shown:

(Get-ACL -Path "file.ext").Access | Format-Table IdentityReference,FileSystemRights,AccessControlType,IsInherited,InheritanceFlags -AutoSize

PowerShell Set File or Folder Permission

To update the permissions of a new file or folder, we can use the Set-ACL cmdlet. We can start by crafting a new ACL rule that we wish to apply.

We then use the cmdlet to update the permission.

To create a new permission rule, we need to follow the format:

Identity String, FileSystemRights, AccessControlType

For example, suppose we wish to apply read/write permissions to a given folder to a given user, we can define the permission as:

$permission = New-Object System.Security.AccessControl.FileSystemAccessRule($user, "Read,Write", "ContainerInherit,ObjectInherit", "None", "Allow")

We can then apply the rule as:


PowerShell Copy Permission to a New Object

We can also apply permissions of an existing file or folder using the Get-ACL and Set-ACL cmdlets. The commands are as shown:

Get-ACL -Path "source" | Set-ACL -Path "destination"

The command above uses the pipe operator to copy the permissions of the source file to the destination file or folder.


In this comprehensive tutorial, we explored the various methods and techniques that we can use to view and change file and folder permissions using PowerShell.

Table of Contents
Great! Next, complete checkout for full access to GeekBits.
Welcome back! You've successfully signed in.
You've successfully subscribed to GeekBits.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.