From here: https://seankilleen.com/2015/01/how-to-copy-ACL-Permissions-To-Folders-With-Powershell/
Powershell contains the commands get-acl
and set-acl
, and you can pipe them together:
Get-Acl -Path C:\Folder1 | Set-Acl -Path C:\Folder2
Those paths can be UNC or other appropriate path methods, so they should be able to work across networks.
Update:
Security Descriptors CAN be copied and stored. The following is not the most efficient process, his is the first time I've even tried doing this, but it is functional.
A few iteratively-refined Google searches brought me here: http://community.idera.com/powershell/powertips/b/tips/posts/replacing-ntfs-permissions-with-sddl-information
And here's the process.
- Capture the ACL from the source computer:
$SDout = get-acl -path (source folder)
- Store the SDDL in the clipboard:
$SDout.GetSecurityDescriptorSddlForm('All') | clip.exe
- Paste into Notepad and move to the target computer.
- Copy ONLY the single-line SDDL to the clipboard.
- Store the source SDDL in a parameter:
$SDsource = '(paste the source SDDL here)'
- Capture the target ACL object in a parameter:
$SDtarget = get-acl -path (target folder)
- Overwrite the target's SDDL with the source's SDDL:
$SDtarget.SetSecurityDescriptorSddlForm($SDsource)
- Write the modified ACL back to the target folder:
set-acl -Path (target folder) -ACLObject $SDtarget
Checking properties now you should see the target folder has the same permissions as the source folder.
get-acl
andset-acl
can be very head-achy