Set Acl - PowerShell


Set-Acl modifies the Access Control List (ACL) of files, folders, and registry keys. It grants or revokes permissions to specific users or groups, allowing detailed control over access rights.


Set-Acl [-Path] <String> -AclObject <Object>


  • -Path: Specifies the path to the object (file, folder, or registry key) whose ACL will be modified.
  • -AclObject: Defines the ACL for the specified object. It can be an access control entry (ACE) object, an array of ACEs, or a string containing an SDDL representation of the ACL.
  • -WhatIf: Performs a simulation of the command without actually making any changes. This allows you to preview the potential effects of the command.
  • -Confirm: Prompts for confirmation before making any changes.


  • Grant read access to the file “myfile.txt” to the user “username”:
Set-Acl -Path "C:\myfile.txt" -AclObject (New-Object System.Security.AccessControl.FileSystemAccessRule ("username", "Read", "Allow"))
  • Revoke full control permissions from the group “Everyone” for the folder “C:\temp”:
Set-Acl -Path "C:\temp" -AclObject (New-Object System.Security.AccessControl.FileSystemAccessRule ("Everyone", "FullControl", "Deny"))
  • Remove all ACL entries from the registry key “HKCU:\Software\MyCompany\MyApp”:
Set-Acl -Path "HKCU:\Software\MyCompany\MyApp" -AclObject $null

Common Issues

  • Access Denied: Ensure that you have sufficient permissions to modify the ACL of the specified object.
  • Invalid ACLObject: Verify that the specified ACLObject is properly formatted and contains valid ACEs.
  • Path Not Found: Ensure that the specified path to the object exists.


  • New-Object: Create new ACE objects to add to the ACL using the New-Object cmdlet together with System.Security.AccessControl.FileSystemAccessRule for file/folder permissions or System.Security.AccessControl.RegistryAccessRule for registry permissions.
  • Get-Acl: Retrieve the existing ACL of an object and use it as the starting point for modifications.
  • PowerShell Scripts: Integrate Set-Acl into scripts to automate complex ACL management tasks.
  • Get-Acl: Retrieves the ACL of an object.
  • New-Acl: Creates a new ACL object.
  • icacls: A command-line utility for managing ACLs.