diecknet

Check NTFS Permissions using Powershell

2020-05-20
1 minute

So I needed a quick way to check a few folders for correct permissions. We had Windows Virtual Desktop/FSLogix user profile containers in an Azure Files share. Some of these profile folders had wrong permissions.

The correct storage permissions are:

User AccountFolderPermissions
UsersThis Folder OnlyModify
Creator / OwnerSubfolders and Files OnlyModify
Administrator (optional)This Folder, Subfolders, and FilesFull Control

Official FSLogix documentation: Configure storage permissions for use with Profile Containers and Office Containers

The environment

In this environment every user has their own subfolder in the share. The user created the subfolder (at their first logon to Windows Virtual Desktop), so they’re the owner. Since they’re owner, they have Modify rights to (sub-)subfolders and files in their subfolder. FSLogix creates a profile container vhd(x)-file in the user’s folder.

Check Permissions with PowerShell

You can check Permissions using PowerShell with Get-Acl.

I created a quick-and-dirty PowerShell script to check the permissions. It’s not attempting any automatic fixes. It just lists the folders and states any faulty permissions. You could either manually fix the permissions using the GUI, or take the ACL-Object of the subfolder and apply it to the files using Set-Acl.

Download Script

CheckProfileStoragePermissions.ps1 (Github)