{"id":810197,"date":"2026-05-20T14:09:50","date_gmt":"2026-05-20T14:09:50","guid":{"rendered":"https:\/\/www.ninjaone.com\/?post_type=script_hub&#038;p=810197"},"modified":"2026-05-20T14:09:50","modified_gmt":"2026-05-20T14:09:50","slug":"como-definir-permissoes-de-pasta-usando-o-powershell","status":"publish","type":"script_hub","link":"https:\/\/www.ninjaone.com\/pt-br\/script-hub\/como-definir-permissoes-de-pasta-usando-o-powershell\/","title":{"rendered":"Como definir permiss\u00f5es de pasta usando o PowerShell"},"content":{"rendered":"<p>Garantir que as pessoas certas tenham o acesso adequado a arquivos e pastas espec\u00edficos \u00e9 fundamental para a TI. O gerenciamento de permiss\u00f5es protege efetivamente os dados confidenciais, ajuda na conformidade normativa e aumenta <a href=\"https:\/\/www.ninjaone.com\/pt-br\/eficiencia\/\">a efici\u00eancia operacional<\/a>. Uma ferramenta popular para lidar com essas tarefas \u00e9 o <a href=\"https:\/\/www.ninjaone.com\/it-hub\/gerenciamento-de-endpoints\/what-is-powershell\/\">PowerShell<\/a>, e hoje vamos nos aprofundar em um script que simplifica o processo de<strong> modifica\u00e7\u00e3o das permiss\u00f5es de pasta.\u00a0<\/strong><\/p>\n<h2>Hist\u00f3rico<\/h2>\n<p>Em um cen\u00e1rio digital em constante evolu\u00e7\u00e3o, os profissionais de TI e os <a href=\"https:\/\/www.ninjaone.com\/what-is-an-msp\/\">provedores de servi\u00e7os gerenciados (MSPs)<\/a> lidam constantemente com v\u00e1rias permiss\u00f5es de usu\u00e1rio em v\u00e1rios arquivos e pastas. O script fornecido \u00e9 uma d\u00e1diva de Deus em tais cen\u00e1rios. Ele oferece flexibilidade, permitindo que as permiss\u00f5es sejam atribu\u00eddas ou bloqueadas para v\u00e1rios usu\u00e1rios em v\u00e1rios caminhos. Isso significa que, independentemente de voc\u00ea estar trabalhando com arquivos individuais ou diret\u00f3rios inteiros, esse script tem tudo o que voc\u00ea precisa.<\/p>\n<h2>O roteiro<\/h2>\n<p><div class=\"button-wrap orange-button \"><a href=\"#disable-fast-startup\" data-js=\"button-script-cta\" class=\"button script-cta\" data-js=\"script-cta\"  data-modal=\"249414\" >Email me the script<\/a><\/div><br \/>\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"powershell\">#Requires -Version 5.1\r\n\r\n&lt;#\r\n.SYNOPSIS\r\n    Modify User Permissions for files and folder.\r\n.DESCRIPTION\r\n    Modify User Permissions for files and folder. You can assign or block multiple permissions to multiple users, and multiple files and folders.\r\n.EXAMPLE\r\n     -User \"Test\" -Path \"C:Test\" -Permissions FullControl\r\n    Gives FullControl permissions to the user Test for just the folder C:Test\r\n.EXAMPLE\r\n     -User \"Test1\", \"Test2\" -Path \"C:Test\" -Permissions FullControl\r\n    Gives FullControl permissions to the user Test1 and Test2 for just the folder C:Test\r\n.EXAMPLE\r\n     -User \"Test1\", \"Test2\" -Path \"C:Test\", \"C:Temp\" -Permissions FullControl\r\n    Gives FullControl permissions to the user Test1 and Test2 for just the folders C:Test and C:Temp\r\n.EXAMPLE\r\n     -User \"Test\" -Path \"C:TestDocument.docx\" -Permissions FullControl\r\n    Gives FullControl permissions to the user Test for just the file C:TestDocument.docx\r\n.EXAMPLE\r\n     -User \"Test\" -Path \"C:TestDocument.docx\" -Permissions ReadData, Modify\r\n    Gives ReadData and Modify permissions to the user Test for just the file C:TestDocument.docx\r\n.EXAMPLE\r\n     -User \"Test\" -Path \"C:TestDocument.docx\" -Permissions FullControl -Block\r\n    Blocks FullControl permissions from the user Test for just the file C:TestDocument.docx\r\n.EXAMPLE\r\n     -User \"Test\" -Path \"C:Test\" -Permissions FullControl -Recursive\r\n    Gives FullControl permissions to the user Test for the folder C:Test and any folder or file under it will inherit FullControl\r\n.EXAMPLE\r\n    PS C:&gt; .Modify-User-Permissions.ps1 -User \"Test\" -Path \"C:Test\" -Permissions FullControl -Recursive\r\n    Gives FullControl permissions to the user Test for the folder C:Test and any folder or file under it will inherit FullControl\r\n.INPUTS\r\n    Inputs (User,Path,Permissions)\r\n.OUTPUTS\r\n    FileSecurity\r\n.NOTES\r\n    Minimum OS Architecture Supported: Windows 10, Windows Server 2016\r\n    Release Notes:\r\n    Initial Release\r\nBy using this script, you indicate your acceptance of the following legal terms as well as our Terms of Use at https:\/\/www.ninjaone.com\/terms-of-use.\r\n    Ownership Rights: NinjaOne owns and will continue to own all right, title, and interest in and to the script (including the copyright). NinjaOne is giving you a limited license to use the script in accordance with these legal terms. \r\n    Use Limitation: You may only use the script for your legitimate personal or internal business purposes, and you may not share the script with another party. \r\n    Republication Prohibition: Under no circumstances are you permitted to re-publish the script in any script library or website belonging to or under the control of any other software provider. \r\n    Warranty Disclaimer: The script is provided \u201cas is\u201d and \u201cas available\u201d, without warranty of any kind. NinjaOne makes no promise or guarantee that the script will be free from defects or that it will meet your specific needs or expectations. \r\n    Assumption of Risk: Your use of the script is at your own risk. You acknowledge that there are certain inherent risks in using the script, and you understand and assume each of those risks. \r\n    Waiver and Release: You will not hold NinjaOne responsible for any adverse or unintended consequences resulting from your use of the script, and you waive any legal or equitable rights or remedies you may have against NinjaOne relating to your use of the script. \r\n    EULA: If you are a NinjaOne customer, your use of the script is subject to the End User License Agreement applicable to you (EULA).\r\n.COMPONENT\r\n    ManageUsers\r\n#&gt;\r\n\r\n[CmdletBinding()]\r\nparam (\r\n    [Parameter(Mandatory = $true)]\r\n    [ValidateScript(\r\n        {\r\n            # Validate that the User(s) exist\r\n            if ($(Get-LocalUser -Name $_)) { $true } else { $false }\r\n        }\r\n    )]\r\n    [String[]]\r\n    # The user name of the user you want to apply Permissions to a Path(s)\r\n    $User,\r\n    [Parameter(Mandatory = $true)]\r\n    [ValidateScript({ Test-Path -Path $_ })]\r\n    [String[]]\r\n    # File path that you want to apply Permissions to\r\n    $Path,\r\n    [Parameter(Mandatory = $true)]\r\n    # Permission to set the path(s) for the user(s)\r\n    # This accepts the following:\r\n    #  ListDirectory, ReadData, WriteData, CreateFiles, CreateDirectories, AppendData, ReadExtendedAttributes,\r\n    #  WriteExtendedAttributes, Traverse, ExecuteFile, DeleteSubdirectoriesAndFiles, ReadAttributes,\r\n    #  WriteAttributes, Write, Delete, ReadPermissions, Read, ReadAndExecute, Modify, ChangePermissions,\r\n    #  TakeOwnership, Synchronize, FullControl\r\n    [System.Security.AccessControl.FileSystemRights[]]\r\n    $Permissions,\r\n    # Block the specified Permissions for the specified $User\r\n    [Switch]\r\n    $Block,\r\n    # Apply the Permissions down through a folder structure, i.e. inheritance\r\n    [Switch]\r\n    $Recursive\r\n)\r\n\r\nbegin {\r\n    function Test-IsElevated {\r\n        $id = [System.Security.Principal.WindowsIdentity]::GetCurrent()\r\n        $p = New-Object System.Security.Principal.WindowsPrincipal($id)\r\n        if ($p.IsInRole([System.Security.Principal.WindowsBuiltInRole]::Administrator))\r\n        { Write-Output $true }\r\n        else\r\n        { Write-Output $false }\r\n    }\r\n}\r\n\r\nprocess {\r\n    if (-not (Test-IsElevated)) {\r\n        Write-Error -Message \"Access Denied. Please run with Administrator privileges.\"\r\n        exit 1\r\n    }\r\n    $Acl = Get-Acl -Path $Path\r\n    if ($true -in $Acl.AreAccessRulesProtected) {\r\n        Write-Error \"ACL rules are protected for one of the specified paths.\"\r\n        exit 1\r\n    }\r\n    $script:HasError = $false\r\n    $Path | ForEach-Object {\r\n        $CurPath = Get-Item -Path $_\r\n        $User | ForEach-Object {\r\n            $NewAcl = Get-Acl -Path $CurPath\r\n            # Set properties\r\n            $identity = Get-LocalUser -Name $_\r\n            $fileSystemRights = $Permissions\r\n            $type = $(if ($Block) { [System.Security.AccessControl.AccessControlType]::Deny }else { [System.Security.AccessControl.AccessControlType]::Allow })\r\n            $fileSystemRights | ForEach-Object {\r\n                # Create new rule\r\n                Write-Host \"Creating $type $_ rule for user: $identity\"\r\n                # Check if Recursive was used and that the current path is a folder\r\n                if ($CurPath.PSIsContainer -and $Recursive) {\r\n                    $inheritanceFlags = 'ObjectInherit,ContainerInherit'\r\n                    $NewAcl.SetAccessRuleProtection($false, $true)\r\n                }\r\n                else {\r\n                    $inheritanceFlags = [System.Security.AccessControl.InheritanceFlags]::None\r\n                }\r\n                $propagationFlags = [System.Security.AccessControl.PropagationFlags]::None\r\n                $fileSystemAccessRuleArgumentList = $identity, $_, $inheritanceFlags, $propagationFlags, $type\r\n                $fileSystemAccessRule = New-Object -TypeName System.Security.AccessControl.FileSystemAccessRule -ArgumentList $fileSystemAccessRuleArgumentList\r\n\r\n                # Apply new rule\r\n                $NewAcl.SetAccessRule($fileSystemAccessRule)\r\n                try {\r\n                    Set-Acl -Path $CurPath -AclObject $NewAcl -Passthru\r\n                }\r\n                catch {\r\n                    Write-Error $_\r\n                    $script:HasError = $true\r\n                }\r\n            }\r\n        }\r\n    }\r\n    if ($script:HasError) {\r\n        exit 1\r\n    }\r\n}\r\n\r\nend {}<\/pre>\n<p>&nbsp;<\/p>\n<div class=\"in-context-cta\"><p style=\"text-align: center;\">Acesse mais de 300 scripts no NinjaOne Dojo<\/p>\n<p style=\"text-align: center;\"><a href=\"https:\/\/www.ninjaone.com\/freetrialform\/\">Obter acesso<\/a><\/p>\n<\/div><\/p>\n<h2>Detalhamento<\/h2>\n<p>Em sua ess\u00eancia, o script opera com tr\u00eas par\u00e2metros obrigat\u00f3rios: <strong>Usu\u00e1rio<\/strong>, <strong>caminho<\/strong> e <strong>permiss\u00f5es<\/strong>.<\/p>\n<ul>\n<li data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"1\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559684&quot;:-2,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}\" data-aria-posinset=\"1\" data-aria-level=\"1\"><strong>Usu\u00e1rio:<\/strong> Define o usu\u00e1rio-alvo para o qual as permiss\u00f5es est\u00e3o sendo definidas. Esse par\u00e2metro passa por valida\u00e7\u00e3o para garantir que o usu\u00e1rio exista.<\/li>\n<li data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"1\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559684&quot;:-2,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}\" data-aria-posinset=\"2\" data-aria-level=\"1\"><strong>Caminho:<\/strong> Indica o arquivo ou diret\u00f3rio cujas permiss\u00f5es precisam ser modificadas. Sua exist\u00eancia \u00e9 validada.<\/li>\n<li data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"1\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559684&quot;:-2,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}\" data-aria-posinset=\"3\" data-aria-level=\"1\"><strong>Permiss\u00f5es:<\/strong> Enumera os v\u00e1rios tipos de permiss\u00f5es que podem ser definidas, desde <strong>FullControl<\/strong> at\u00e9 as espec\u00edficas, como <strong>ReadData<\/strong>.<\/li>\n<\/ul>\n<p>O script tamb\u00e9m oferece par\u00e2metros opcionais:<\/p>\n<ul>\n<li data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"1\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559684&quot;:-2,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}\" data-aria-posinset=\"1\" data-aria-level=\"1\"><strong>Bloco<\/strong>: Se invocado, nega as permiss\u00f5es especificadas.<\/li>\n<li data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"1\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559684&quot;:-2,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}\" data-aria-posinset=\"2\" data-aria-level=\"1\"><strong>Recursivo:<\/strong> Se especificado, aplica permiss\u00f5es em uma estrutura de pastas, garantindo a heran\u00e7a.<\/li>\n<\/ul>\n<p>Quando executado, o script primeiro verifica se est\u00e1 sendo executado com privil\u00e9gios administrativos. Em seguida, ele avalia cada caminho para as permiss\u00f5es de usu\u00e1rio especificadas, criando ou modificando as regras de acordo.<\/p>\n<h2>Casos de uso em potencial<\/h2>\n<p>Imagine uma profissional de TI, Jane, supervisionando um projeto para sua organiza\u00e7\u00e3o. Jane tem uma pasta com arquivos de projeto. \u00c0 medida que o projeto avan\u00e7a, diferentes departamentos precisam de v\u00e1rios n\u00edveis de acesso a esses arquivos. Usando o script, Jane pode facilmente garantir que o departamento de RH s\u00f3 possa ler determinados documentos, enquanto os gerentes de projeto t\u00eam controle total sobre todos os arquivos. Esse gerenciamento eficiente garante opera\u00e7\u00f5es de projeto tranquilas e, ao mesmo tempo, mant\u00e9m a seguran\u00e7a.<\/p>\n<h2>Compara\u00e7\u00f5es<\/h2>\n<p>Os m\u00e9todos tradicionais de configura\u00e7\u00e3o de permiss\u00f5es de pasta geralmente envolvem a navega\u00e7\u00e3o por interfaces GUI complexas ou o uso de software de terceiros. Embora ofere\u00e7am feedback visual, podem consumir muito tempo e ser menos eficientes ao lidar com permiss\u00f5es em massa. O script do PowerShell oferece uma abordagem mais r\u00e1pida e direta. \u00c9 especialmente \u00fatil para profissionais de TI familiarizados com a linha de comando, permitindo altera\u00e7\u00f5es de permiss\u00e3o r\u00e1pidas e orientadas por script.<\/p>\n<h2>Implica\u00e7\u00f5es<\/h2>\n<p>O gerenciamento eficaz de permiss\u00f5es \u00e9 essencial para a seguran\u00e7a de TI. A defini\u00e7\u00e3o de um acesso excessivamente permissivo pode expor dados confidenciais, enquanto as permiss\u00f5es restritivas podem prejudicar os processos de trabalho. Esse script oferece um bom equil\u00edbrio, permitindo um controle preciso da permiss\u00e3o. No entanto, configura\u00e7\u00f5es incorretas podem ter implica\u00e7\u00f5es n\u00e3o intencionais, portanto, sempre verifique novamente suas configura\u00e7\u00f5es.<\/p>\n<h2>Recomenda\u00e7\u00f5es<\/h2>\n<ul>\n<li data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"1\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559684&quot;:-2,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}\" data-aria-posinset=\"1\" data-aria-level=\"1\">Sempre execute um teste em um ambiente controlado antes de implementar o script amplamente.<\/li>\n<li data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"1\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559684&quot;:-2,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}\" data-aria-posinset=\"2\" data-aria-level=\"1\">Fa\u00e7a backup das configura\u00e7\u00f5es de permiss\u00f5es atuais, oferecendo uma rede de seguran\u00e7a em caso de erros.<\/li>\n<li data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"1\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559684&quot;:-2,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}\" data-aria-posinset=\"3\" data-aria-level=\"1\">Atualize e audite regularmente as permiss\u00f5es de usu\u00e1rio para manter a seguran\u00e7a e a efici\u00eancia operacional.<\/li>\n<\/ul>\n<h2>Considera\u00e7\u00f5es finais<\/h2>\n<p>No mundo moderno de TI, o desafio de gerenciar permiss\u00f5es de pastas e arquivos n\u00e3o pode ser exagerado. Os scripts do PowerShell, como o que exploramos hoje, tornam a tarefa mais gerenci\u00e1vel e eficiente. Para aqueles que buscam <a href=\"https:\/\/www.ninjaone.com\/pt-br\/\">solu\u00e7\u00f5es integradas de gerenciamento de TI<\/a>, o NinjaOne oferece ferramentas e recursos robustos, facilitando ainda mais as complexidades do gerenciamento de permiss\u00f5es. N\u00e3o importa se voc\u00ea est\u00e1 se apoiando em scripts ou em plataformas abrangentes como o NinjaOne, o objetivo continua o mesmo: opera\u00e7\u00f5es de TI seguras, eficientes e simplificadas.<\/p>\n","protected":false},"author":35,"featured_media":144274,"parent":0,"menu_order":0,"comment_status":"open","ping_status":"closed","template":"","meta":{"_acf_changed":false,"_relevanssi_hide_post":"","_relevanssi_hide_content":"","_relevanssi_pin_for_all":"","_relevanssi_pin_keywords":"","_relevanssi_unpin_keywords":"","_relevanssi_related_keywords":"","_relevanssi_related_include_ids":"","_relevanssi_related_exclude_ids":"","_relevanssi_related_no_append":"","_relevanssi_related_not_related":"","_relevanssi_related_posts":"","_relevanssi_noindex_reason":"","_lmt_disableupdate":"no","_lmt_disable":""},"operating_system":[4212],"use_cases":[12435],"class_list":["post-810197","script_hub","type-script_hub","status-publish","has-post-thumbnail","hentry","script_hub_category-windows"],"acf":[],"_links":{"self":[{"href":"https:\/\/www.ninjaone.com\/pt-br\/wp-json\/wp\/v2\/script_hub\/810197","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.ninjaone.com\/pt-br\/wp-json\/wp\/v2\/script_hub"}],"about":[{"href":"https:\/\/www.ninjaone.com\/pt-br\/wp-json\/wp\/v2\/types\/script_hub"}],"author":[{"embeddable":true,"href":"https:\/\/www.ninjaone.com\/pt-br\/wp-json\/wp\/v2\/users\/35"}],"replies":[{"embeddable":true,"href":"https:\/\/www.ninjaone.com\/pt-br\/wp-json\/wp\/v2\/comments?post=810197"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.ninjaone.com\/pt-br\/wp-json\/wp\/v2\/media\/144274"}],"wp:attachment":[{"href":"https:\/\/www.ninjaone.com\/pt-br\/wp-json\/wp\/v2\/media?parent=810197"}],"wp:term":[{"taxonomy":"script_hub_category","embeddable":true,"href":"https:\/\/www.ninjaone.com\/pt-br\/wp-json\/wp\/v2\/operating_system?post=810197"},{"taxonomy":"use_cases","embeddable":true,"href":"https:\/\/www.ninjaone.com\/pt-br\/wp-json\/wp\/v2\/use_cases?post=810197"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}