Set-NtfsSecurity

Changes directory and file level access permissions on NTFS partitions. Use this command to change the access permissions on local drives and shared network directories.


Settings:

  • Directory
    The directory in which access permissions are to be changed. Use the "..." button to select an existing directory (on the packaging system) or enter the path to be created manually.
  • Change directory attributes
    If the option is activated, access permissions are only changed at directory level. These changes have no effect on the access permissions of existing files.
  • Include subdirectories
    If the option is activated, the access permissions are also changed in all subdirectories.
  • Don't change inherited container ACE
    If this option is activated, the permission for all newly created files ("file inherit ACE") within the selected directory will be kept on the existing settings, independent of the new directory permission ("container ACE").
  • Set file attributes
    If the option is enabled, the access permissions are changed at the file level. In the text field "Files" you can specify the desired file specification.
  • Use 32-Bit mode on x64 computer
    If the script is executed on a 64-bit operating system, the counterpart for 32-bit applications SysWOW64 can be used automatically when referring to the SYSTEM32 directory.
  • Files
    Only active if you have activated the option "Set file attributes". You can separate multiple specifications by spaces or by semicolons, periods, or quotation marks. You should note the following: If the file name already contains spaces or periods, the individual file names should be placed in inverted commas to ensure unique identification. If you want to set different rights for files and directories, you must assign the rights in separate commands.
  • Mode
    Determines whether the entries from the user and group list should be added, deleted or replaced in the access permission.
    • Add, replace inherited access permissions
      Adds the entries from the user and group list to the existing access permissions. If an inherited access authorization already exists for a user or group, it is converted into a local access authorization and changed accordingly. All other inherited access authorizations are then also converted into local access authorizations..
    • Add, keep inherited access permissions
      Adds or changes the entries from the user and group list as local access permissions. If an inherited access authorization already exists for a user or group, it remains unchanged.
    • Remove
      For the entries from the user and group list, the respective rights are deleted from the existing access authorizations. If an inherited access authorization already exists for a user or group, it is converted into a local access authorization and changed accordingly. All other inherited access authorizations are then also converted into local access authorizations..
    • Replace all
      The entries from the user and group list completely replace the existing access permissions.
  • User and group list
    In this list, enter the users and groups to be added, deleted or replaced in the access permissions. Use the "Add..." and "Delete..." buttons to edit the list. You can change the individual rights of users or groups in the list directly via the "Type of access" selection field or, in more detail, by double-clicking in the separate "Define Access Rights" dialog box

  • Type of access
    Sets the type of access to be defined
    • Change
      Contains the access rights "Read", "Write", "Execute" and "Delete".
    • Full Control
      Contains the access rights "Read", "Write", "Execute", "Delete", "Change Permissions" and "Take Ownership".
    • Read
      Contains the access rights "Read" and "Execute".
    • Special Access
      Selecting this option opens the "Define Access Rights" dialog box, in which you specify the privileges you want to set individually.


Example:

The following example adds full access to all directories and files for the group of local workstation administrators "WSAdmins" to the existing NTFS permissions in the 32-bit "Applications" directory:


Corresponds to DSM eScript command:

  • ChangeNTFSSecurity


See also: