Powershell – calling icacls with parantheses included in parameters


I’m pretty new to Powershell, but I have lots of experience in VBScript and Python. I’m trying to be a good Windows admin and get into Powershell more. So, here is what I’m trying to do:
A parent folder contains dozens of sub-folders that are named as AD usernames (ex. Users\username1, Users\username2, where Users is the parent folder). I want to loop through each folder name, parse out the sub-folder name, and pass that to icacls to apply permissions based on the username. I did a multi-liner because I was running into issues piping. This is what I have after trying several different approaches:

It wasn’t originally this rough, but I started breaking it apart when I was running into issues.

THE PROBLEM – in $cmd3, the (OI)(CI) is not coming in cleanly to the invoke-expression. If I change $cmd3 to just “:F” it works, but I have to set inheritance using the offending parameters. PLEASE HELP. I’ve been racking my brain all day on this one. Couldn’t really find anything that dealt with this issue specifically (tried backticks, referencing the $command as ‘$command’, etc.)

The term ‘OI’ is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling
of the name, or if a path was included, verify that the path is correct and try again.
At line:1 char:56
+ icacls C:\temp\test\garthwaitm /grant domain\user1:(OI <<<< )(IO)F
+ CategoryInfo : ObjectNotFound: (OI:String) [], CommandNotFoundException
+ FullyQualifiedErrorId : CommandNotFoundException


Just to add to this old question, in PowerShell 3.0 you can now use –% to tell PowerShell to stop processing anything else on the line, so you can use something like this:

icacls.exe $path –% /grant “Everyone:(OI)(CI)(F)”


Powershell – calling icacls with parantheses included in parameters by licensed under CC BY-SA | With most appropriate answer!

Leave a Reply