Set-NtfsSecurity

Changes directory and file level access permissions on NTFS partitions. Use this command to change the access permissions on local drives and shared network directories.

Settings:

Directory
The directory in which access permissions are to be changed. Use the "..." button to select an existing directory (on the packaging system) or enter the path to be created manually.

Change directory attributes
If the option is activated, access permissions are only changed at directory level. These changes have no effect on the access permissions of existing files.
Include subdirectories
If the option is activated, the access permissions are also changed in all subdirectories.
Don't change inherited container ACE
If this option is activated, the permission for all newly created files ("file inherit ACE") within the selected directory will be kept on the existing settings, independent of the new directory permission ("container ACE").
Set file attributes
If the option is enabled, the access permissions are changed at the file level. In the text field "Files" you can specify the desired file specification.
Use 32-Bit mode on x64 computer
If the script is executed on a 64-bit operating system, the counterpart for 32-bit applications SysWOW64 can be used automatically when referring to the SYSTEM32 directory.
Files
Only active if you have activated the option "Set file attributes". You can separate multiple specifications by spaces or by semicolons, periods, or quotation marks. You should note the following: If the file name already contains spaces or periods, the individual file names should be placed in inverted commas to ensure unique identification. If you want to set different rights for files and directories, you must assign the rights in separate commands.
Mode
Determines whether the entries from the user and group list should be added, deleted or replaced in the access permission.

Add, replace inherited access permissions
Adds the entries from the user and group list to the existing access permissions. If an inherited access authorization already exists for a user or group, it is converted into a local access authorization and changed accordingly. All other inherited access authorizations are then also converted into local access authorizations..
Add, keep inherited access permissions
Adds or changes the entries from the user and group list as local access permissions. If an inherited access authorization already exists for a user or group, it remains unchanged.
Remove
For the entries from the user and group list, the respective rights are deleted from the existing access authorizations. If an inherited access authorization already exists for a user or group, it is converted into a local access authorization and changed accordingly. All other inherited access authorizations are then also converted into local access authorizations..
Replace all
The entries from the user and group list completely replace the existing access permissions.

User and group list
In this list, enter the users and groups to be added, deleted or replaced in the access permissions. Use the "Add..." and "Delete..." buttons to edit the list. You can change the individual rights of users or groups in the list directly via the "Type of access" selection field or, in more detail, by double-clicking in the separate "Define Access Rights" dialog box
Type of access
Sets the type of access to be defined

Change
Contains the access rights "Read", "Write", "Execute" and "Delete".
Full Control
Contains the access rights "Read", "Write", "Execute", "Delete", "Change Permissions" and "Take Ownership".
Read
Contains the access rights "Read" and "Execute".
Special Access
Selecting this option opens the "Define Access Rights" dialog box, in which you specify the privileges you want to set individually.

Example:

The following example adds full access to all directories and files for the group of local workstation administrators "WSAdmins" to the existing NTFS permissions in the 32-bit "Applications" directory:

Corresponds to DSM eScript command:

ChangeNTFSSecurity