I'm noticing strange changes to ACL permissions on a folder whenever a new user is given permissions to the folder or the folder is robocopied to a new folder under th same parent folder. Here's the background: While developing a PowerShell script to copy folder permissions to another group, I found some strange ACL values coming from the Get-Acl commandlet. Ex: ( -1610612736 and -536805376 ) When I attempt to write these values back to the object using Set-Acl I get an error about them being invalid values. http://social.technet.microsoft.com/Forums/en/winserverpowershell/thread/8ac2d78c-6e7a-455f-a94b-c4da1874b1d7 In my attempt to figure out what was happening, I found that by simply adding ANY user or group with ANY permission, those strange permissions went away. In addition, if I robocopied the folder to a new folder under the same parent folder, the permissions would go away as well. Check out the example below. Get-Acl changes from 9 entries on the source folder to 5 entries on the destination folder and all of the strange values go away. Can anyone explain exactly what is going on here? robocopy "D:\Folder\Folder1" "D:\Folder\Folder2" /CREATE /S /SEC /R:1 /W:10 _______________________________________________________________________________________________________________________________________________________________________________________________________________________________ PS U:\> $test5 = Get-Acl "D:\Folder\Folder1" _______________________________________________________________________________________________________________________________________________________________________________________________________________________________ PS U:\> $test5.access FileSystemRights : FullControl AccessControlType : Allow IdentityReference : BUILTIN\Administrators IsInherited : False InheritanceFlags : ContainerInherit PropagationFlags : None FileSystemRights : FullControl AccessControlType : Allow IdentityReference : BUILTIN\Administrators IsInherited : False InheritanceFlags : ObjectInherit PropagationFlags : InheritOnly FileSystemRights : ReadAndExecute, Synchronize AccessControlType : Allow IdentityReference : COMPUTER\GROUP1 IsInherited : False InheritanceFlags : ContainerInherit PropagationFlags : None FileSystemRights : -1610612736 AccessControlType : Allow IdentityReference : COMPUTER\GROUP1 IsInherited : False InheritanceFlags : ObjectInherit PropagationFlags : InheritOnly FileSystemRights : Modify, Synchronize AccessControlType : Allow IdentityReference : COMPUTER\GROUP2 IsInherited : False InheritanceFlags : None PropagationFlags : None FileSystemRights : -536805376 AccessControlType : Allow IdentityReference : COMPUTER\GROUP2 IsInherited : False InheritanceFlags : ObjectInherit PropagationFlags : InheritOnly FileSystemRights : Modify, Synchronize AccessControlType : Allow IdentityReference : COMPUTER\GROUP2 IsInherited : False InheritanceFlags : ContainerInherit PropagationFlags : InheritOnly FileSystemRights : ReadData, Synchronize AccessControlType : Allow IdentityReference : DOMAIN\GROUP3 IsInherited : False InheritanceFlags : ObjectInherit PropagationFlags : InheritOnly FileSystemRights : ReadAndExecute, Synchronize AccessControlType : Allow IdentityReference : DOMAIN\GROUP3 IsInherited : False InheritanceFlags : ContainerInherit PropagationFlags : None _______________________________________________________________________________________________________________________________________________________________________________________________________________________________ PS U:\> $test6 = Get-Acl "D:\Folder\Folder2" _______________________________________________________________________________________________________________________________________________________________________________________________________________________________ PS U:\> $test6.access FileSystemRights : ReadAndExecute, Synchronize AccessControlType : Allow IdentityReference : DOMAIN\GROUP3 IsInherited : True InheritanceFlags : ContainerInherit PropagationFlags : None FileSystemRights : ReadData, Synchronize AccessControlType : Allow IdentityReference : DOMAIN\GROUP3 IsInherited : True InheritanceFlags : ObjectInherit PropagationFlags : InheritOnly FileSystemRights : FullControl AccessControlType : Allow IdentityReference : BUILTIN\Administrators IsInherited : True InheritanceFlags : ContainerInherit, ObjectInherit PropagationFlags : None FileSystemRights : Modify, Synchronize AccessControlType : Allow IdentityReference : COMPUTER\GROUP2 IsInherited : True InheritanceFlags : ContainerInherit, ObjectInherit PropagationFlags : None FileSystemRights : ReadAndExecute, Synchronize AccessControlType : Allow IdentityReference : COMPUTER\GROUP1 IsInherited : True InheritanceFlags : ContainerInherit, ObjectInherit PropagationFlags : None _______________________________________________________________________________________________________________________________________________________________________________________________________________________________