Calling ICACLS.exe from powershell

Although Get-Acl and Set-Acl are available in Powershell you may still prefer to call ICACLS.EXE

This is a folder permissioning example:

$target = $env:SystemDrive + "\Apps\Folder"
$perms = "domainname\Group:(OI)(CI)(F)"
& icacls.exe ($target) /grant ($perms)


Also see this useful post http://tomandersonpro.net/ntfs-permissions-with-powershell/

and this useless page about ICACLS.EXE
https://technet.microsoft.com/en-us/library/cc753525.aspx

Note on the above
CI = container inherit which means it will apply to "This folder and subfolders"
OI = object inherit which means it will apply to "This folder, subfolders and files"