To add an Access Control Entry (ACE) to this existing list, an entry must be created. Creating an ACE requires a Win32_Trustee. The following trustee is created from the current user:
$trustee = New-CimInstance (Get-CimClass Win32_Trustee) -ClientOnly $trustee.Domain = $env:USERDOMAIN $trustee.Name = $env:USERNAME
The SID does not need to be set on the trustee object, but if the security principal is invalid, the attempt to apply the change to security will fail.
Then the Win32_ACE can be created. The following ACE grants full control of the share to the trustee:
$ace = New-CimInstance (Get-CimClass Win32_ACE) -ClientOnly $ace.AccessMask = [UInt32][FileSystemRights]'FullControl' $ace.AceType = [UInt32][AceType]'AccessAllowed' $ace.AceFlags = [UInt32]0 $ace.Trustee = $trustee
The ACE is added to the DACL using the += operator:
$aclObject.DACL += $ace