PowerShell cmdlets for NTFS management
NTFS is the default file system for Windows operating systems. It supports features such as encryption, compression, security, and recovery. Managing NTFS permissions and attributes can be a challenging task for administrators, especially when working with many files and folders. Fortunately, PowerShell provides a number of cmdlets that can help simplify and automate NTFS management tasks.
PowerShell Cmdlets For NTFSÂ management
Using the Microsoft.PowerShell.Security module
The Microsoft.PowerShell.Security module is a built-in module that contains two cmdlets for working with NTFS access control lists (ACLs): Get-Acl and Set-Acl. An ACL is a list of access control entries (ACEs) that specify the access rights allowed, denied, or audited for a file or folder. Each ACE identifies a trustee (a user or group) and the permissions granted or denied to that trustee.
The Get-Acl cmdlet retrieves the ACL of a file or folder. For example, the following command displays the ACL of the C:\Share folder:
Get-Acl -Path C:\Share
The output shows the owner, group, and access rules of the folder. Each access rule has properties such as IdentityReference (the trustee), FileSystemRights (the permissions), AccessControlType (allow or deny), and IsInherited (whether the rule is inherited from a parent object).
The Set-Acl cmdlet sets the ACL of a file or folder. For example, the following command grants full control to the user Bill on the C:\Share folder:
$acl = Get-Acl -Path C:\Share $ace = New-Object System.Security.AccessControl.FileSystemAccessRule("Bill","FullControl","Allow") $acl.AddAccessRule($ace) Set-Acl -Path C:\Share -AclObject $acl
The command first gets the current ACL of the folder and stores it in a variable. Then it creates a new ACE object with the desired parameters and adds it to the ACL object. Finally, it sets the modified ACL to the folder using the Set-Acl cmdlet.
Using the NTFSSecurity module
The NTFSSecurity module is a third-party module that provides a more user-friendly and comprehensive set of cmdlets for managing NTFS permissions and attributes. It can be downloaded from [here]. To install it, extract the zip file to a folder named C:\Program Files\WindowsPowerShell\Modules\NTFSSecurity.
The NTFSSecurity module has many cmdlets that can perform various tasks such as adding, removing, copying, or modifying NTFS access rules, auditing rules, owner, inheritance, and propagation. It also supports managing NTFS attributes such as compression, encryption, hidden, read-only, sparse, temporary, etc. Some of the common cmdlets are:
Get-NTFSAccess: Retrieves the NTFS access rules of a file or folder.
Add-NTFSAccess: Adds an NTFS access rule to a file or folder.
Remove-NTFSAccess: Removes an NTFS access rule from a file or folder.
Get-NTFSAudit: Retrieves the NTFS audit rules of a file or folder.
Add-NTFSAudit: Adds an NTFS audit rule to a file or folder.
Remove-NTFSAudit: Removes an NTFS audit rule from a file or folder.
Get-NTFSOwner: Retrieves the owner of a file or folder.
Set-NTFSOwner: Sets the owner of a file or folder.
Enable-NTFSInheritance: Enables inheritance of NTFS access rules from parent objects.
Disable-NTFSInheritance: Disables inheritance of NTFS access rules from parent objects.
Get-NTFSAttribute: Retrieves the NTFS attributes of a file or folder.
Set-NTFSAttribute: Sets the NTFS attributes of a file or folder.
Clear-NTFSAttribute: Clears the NTFS attributes of a file or folder.
The NTFSSecurity cmdlets are more intuitive and flexible than the Microsoft.PowerShell.Security cmdlets. For example, the following command grants full control to the user Bill on the C:\Share folder using the Add-NTFSAccess cmdlet:
Add-NTFSAccess -Path C:\Share -Account Bill -AccessRights FullControl -AccessType Allow
The command does not require creating an ACE object or getting and setting the ACL object. It also accepts parameters such as -Account, -AccessRights, and -AccessType that are easier to understand and use than the properties of the ACE object.
Using the Storage module
The Storage module is another built-in module that contains cmdlets for managing disks, partitions, and volumes. It can be used to perform tasks such as initializing disks, creating partitions, formatting volumes, assigning drive letters, etc. Some of the common cmdlets are:
Get-Disk: Retrieves information about the disks on the system.
Initialize-Disk: Initializes a disk with a specified partition style (MBR or GPT).
New-Partition: Creates a new partition on a disk.
Format-Volume: Formats a volume with a specified file system (NTFS or FAT32).
Get-Partition: Retrieves information about the partitions on the system.
Set-Partition: Modifies the properties of a partition, such as drive letter, label, size, etc.
Remove-Partition: Deletes a partition from a disk.
Get-Volume: Retrieves information about the volumes on the system.
Set-Volume: Modifies the properties of a volume, such as label, mount point, etc.
Remove-Volume: Deletes a volume from the system.
The Storage cmdlets can be used to create and manage NTFS volumes on disks. For example, the following command initializes a raw disk with MBR partition style, creates a new partition with maximum size and assigns a drive letter, and formats the volume with NTFS file system:
Get-Disk Where-Object PartitionStyle -eq 'RAW' Initialize-Disk -PartitionStyle MBR -PassThru New-Partition -AssignDriveLetter -UseMaximumSize Format-Volume -FileSystem NTFS -Confirm:$false
The command uses a pipeline to pass the output of each cmdlet to the next one. It also uses the -PassThru parameter to return the object that was modified by the cmdlet. The -Confirm:$false parameter suppresses the confirmation prompt for formatting the volume.
Conclusion
PowerShell is a powerful tool for managing NTFS permissions and attributes on Windows systems. It offers various cmdlets that can perform common and complex tasks with ease and efficiency. By using PowerShell cmdlets for NTFS management, administrators can save time and effort, and improve their productivity and performance.
a104e7fe7e