jberezanski/Grant-Permissions.ps1

## Grant-Permissions.ps1
function Grant-Permissions
{
	[CmdletBinding()] Param([string] $Path, [hashtable] $Grants, [switch] $BlockInheritance, [switch] $CopyInheritedRights, [switch] $RemoveAllExistingPermissions, [string] $Inheritance = 'ObjectInherit,ContainerInherit')
	Resolve-Path $Path
	$acl = (Get-Item $Path).GetAccessControl('Access')
	if ($BlockInheritance) { $acl.SetAccessRuleProtection($true, $false) }
	if ($RemoveAllExistingPermissions) { $acl.Access | % { $acl.RemoveAccessRuleAll($_) } }
	$Grants.GetEnumerator() | % { $acl.AddAccessRule((New-Object Security.AccessControl.FileSystemAccessRule $($_.Key),$($_.Value),$Inheritance,'None','Allow')) }
	(Get-Item $Path).SetAccessControl($acl)
	(Get-Acl $Path).Access | Format-Table -AutoSize | Out-String
}

# example
Grant-Permissions -Path C:\Test -Grants @{'BUILTIN\Users' = 'ReadAndExecute'; 'BUILTIN\Administrators' = 'FullControl'; 'NT AUTHORITY\SYSTEM' = 'FullControl'} -BlockInheritance -RemoveAllExistingPermissions
	function Grant-Permissions
	{
	[CmdletBinding()] Param([string] $Path, [hashtable] $Grants, [switch] $BlockInheritance, [switch] $CopyInheritedRights, [switch] $RemoveAllExistingPermissions, [string] $Inheritance = 'ObjectInherit,ContainerInherit')
	Resolve-Path $Path
	$acl = (Get-Item $Path).GetAccessControl('Access')
	if ($BlockInheritance) { $acl.SetAccessRuleProtection($true, $false) }
	if ($RemoveAllExistingPermissions) { $acl.Access \| % { $acl.RemoveAccessRuleAll($_) } }
	$Grants.GetEnumerator() \| % { $acl.AddAccessRule((New-Object Security.AccessControl.FileSystemAccessRule $($_.Key),$($_.Value),$Inheritance,'None','Allow')) }
	(Get-Item $Path).SetAccessControl($acl)
	(Get-Acl $Path).Access \| Format-Table -AutoSize \| Out-String
	}

	# example
	Grant-Permissions -Path C:\Test -Grants @{'BUILTIN\Users' = 'ReadAndExecute'; 'BUILTIN\Administrators' = 'FullControl'; 'NT AUTHORITY\SYSTEM' = 'FullControl'} -BlockInheritance -RemoveAllExistingPermissions