Update all Folders to Read Only with current UAC Membership

Is there a simple way to change all the current Users / Lists / Groups within the UAC of a folder (or set of folders) to Read Only / File Read?

We need this for our Archives. I already have a PowerShell script that will move the folders into the Archive locations, but would like to add an option to make the entire project read only in the same process.

As i'm not Adding or Removing any groups or users, im hoping there might be a quick option rather than Getting all of the groups and applying the change one by one through a loop. 

I have tried to use the Update-PWFolderSecurity cmdlet but it wants me to provide the MemberType and Name

  • The PowerShell help is relatively clear about how to use the MemberType and Name parameters.  As for the  userlist and group aspects of your security, the following cmdlets may help:




    The idea would be to swap current groups and user lists with those that have the more restrictive access.

    Mark Weisman | Bentley Systems 

  • Hey Mark, Thanks for the reply.

    I'm more looking to change the current groups access from whatever permissions they currently have, to read only. So essentially change the check boxes within the access control but keep the memberships the same.

    As I'm not changing any memberships, i was hoping there would be a relatively straight forward.  but thought id ask before trying to write a script.

  • Am i on the right track with my thinking here? Again essentially what i'm trying to do is change all of the current Userlists / users / Groups to read only, essentially changing the checkbox items to Folder Read, File Read but leaving the groups themselves unchanged.

    New-PWLogin -BentleyIMS
    $PWfolders = Get-PWFolders -FolderPath '\Archives\' -slow -Verbose 
    foreach($folder in $PWfolders){
        $UAC = Get-PWFolderSecurity -InputFolder $folder
        #loop through each item in the UAC and reset to Folder Read and File Read
        foreach($items in $UAC){
            Update-PWFolderSecurity -InputFolder $folder 

  • Something like the following should work. There is no need to use the -Slow switch parameter when getting the folders. Hope this helps.

    $FolderPath = 'Archives'
    $PWfolders = Get-PWFolders -FolderPath $FolderPath -Verbose
    $ProjectAccessString  = '----r------'
    $DocumentAccessString = '----r--R---'
    foreach($folder in $PWfolders){ # break
        $UAC = Get-PWFolderSecurity -InputFolder $folder
        #loop through each item in the UAC and reset to Folder Read and File Read
        foreach($item in $UAC){ # break
          $Splat_Update = @{
            InputFolder = $folder
            MemberType = $item.Type
            MemberName = $item.Name
          if($item.SecurityType -eq 'Document'){
            $Splat_Update.DocumentSecurity = $true
            $Splat_Update.MemberAccessString = $DocumentAccessString
          } else {
            $Splat_Update.FolderSecurity = $true
            $Splat_Update.MemberAccessString = $ProjectAccessString
          Update-PWFolderSecurity @Splat_Update -Verbose

    Answer Verified By: Robert Golding