PowerShell Logo Small

Set-Acl



This is the built-in help made by Microsoft for the command 'Set-Acl', in PowerShell version 5 - as retrieved from Windows version 'Microsoft Windows Server 2012 R2 Standard' PowerShell help files on 2016-06-23.

For PowerShell version 3 and up, where you have Update-Help, this command was run just before creating the web pages from the help files.

SYNOPSIS

Changes the security descriptor of a specified item, such as a file or a registry key.

SYNTAX


Set-Acl [-Path] <String[]> [-AclObject] <Object> [[-CentralAccessPolicy] <String>] [-ClearCentralAccessPolicy] [-Exclude <String[]>] [-Filter <String>] [-Include <String[]>]
[-Passthru] [-Confirm] [-WhatIf] [-UseTransaction [<SwitchParameter>]] [<CommonParameters>]
Set-Acl [-AclObject] <Object> [[-CentralAccessPolicy] <String>] [-ClearCentralAccessPolicy] [-Exclude <String[]>] [-Filter <String>] [-Include <String[]>] [-Passthru]
-LiteralPath <String[]> [-Confirm] [-WhatIf] [-UseTransaction [<SwitchParameter>]] [<CommonParameters>]
Set-Acl [-InputObject] <PSObject> [-AclObject] <Object> [-Exclude <String[]>] [-Filter <String>] [-Include <String[]>] [-Passthru] [-Confirm] [-WhatIf] [-UseTransaction
[<SwitchParameter>]] [<CommonParameters>]



Search powershellhelp.space

DESCRIPTION


The Set-Acl cmdlet changes the security descriptor of a specified item, such as a file or a registry key, to match the values in a security descriptor that you supply.


To use Set-Acl, use the Path or InputObject parameter to identify the item whose security descriptor you want to change. Then, use the AclObject or SecurityDescriptor
parameters to supply a security descriptor that has the values you want to apply. Set-Acl applies the security descriptor that is supplied. It uses the value of the
AclObject parameter as a model and changes the values in the item's security descriptor to match the values in the AclObject parameter.



<

RELATED LINKS

Online Version: http://go.microsoft.com/fwlink/p/?linkid=293939
Get-Acl

REMARKS

<

Examples


-------------------------- EXAMPLE 1 --------------------------

PS C:\>$DogACL = Get-Acl C:\Dog.txt
PS C:\>Set-Acl -Path C:\Cat.txt -AclObject $DogACL



These commands copy the values from the security descriptor of the Dog.txt file to the security descriptor of the Cat.txt file. When the commands complete, the security
descriptors of the Dog.txt and Cat.txt files are identical.

The first command uses the Get-Acl cmdlet to get the security descriptor of the Dog.txt file. The assignment operator (=) stores the security descriptor in the value of the
$DogACL variable.

The second command uses Set-Acl to change the values in the ACL of Cat.txt to the values in $DogACL.

The value of the Path parameter is the path to the Cat.txt file. The value of the AclObject parameter is the model ACL, in this case, the ACL of Dog.txt as saved in the
$DogACL variable.








-------------------------- EXAMPLE 2 --------------------------

PS C:\>Get-Acl C:\Dog.txt | Set-Acl -Path C:\Cat.txt



This command is almost the same as the command in the previous example, except that it uses a pipeline operator to send the security descriptor from a Get-Aclcommand to a
Set-Acl command.

The first command uses the Get-Acl cmdlet to get the security descriptor of the Dog.txt file. The pipeline operator (|) passes an object that represents the Dog.txt security
descriptor to the Set-Acl cmdlet.

The second command uses Set-Acl to apply the security descriptor of Dog.txt to Cat.txt. When the command completes, the ACLs of the Dog.txt and Cat.txt files are identical.








-------------------------- EXAMPLE 3 --------------------------

PS C:\>$NewAcl = Get-Acl File0.txt
PS C:\>Get-ChildItem c:\temp -Recurse -Include *.txt -Force | Set-Acl -AclObject $NewAcl



These commands apply the security descriptors in the File0.txt file to all text files in the C:\Temp directory and all of its subdirectories.

The first command gets the security descriptor of the File0.txt file in the current directory and uses the assignment operator (=) to store it in the $NewACL variable.

The first command in the pipeline uses the Get-ChildItem cmdlet to get all of the text files in the C:\Temp directory. The Recurse parameter extends the command to all
subdirectories of C:\temp. The Include parameter limits the files retrieved to those with the ".txt" file name extension. The Force parameter gets hidden files, which would
otherwise be excluded. (You cannot use "c:\temp\*.txt", because the Recurse parameter works on directories, not on files.)

The pipeline operator (|) sends the objects representing the retrieved files to the Set-Acl cmdlet, which applies the security descriptor in the AclObject parameter to all
of the files in the pipeline.

In practice, it is best to use the Whatif parameter with all Set-Acl commands that can affect more than one item. In this case, the second command in the pipeline would be
"Set-Acl -AclObject $NewAcl -WhatIf". This command lists the files that would be affected by the command. After reviewing the result, you can run the command again without
the Whatif parameter.