Noticed a bug with the "Move-Item" cmdlet.
The source folder and destination folder have different permissions sets.
$src = "C:\Path\To\Source"
$dest = "D:\Path\To\Dest"
ForEach($file in $src)
Move-Item $($file.fullname) -destination $dest
Using this block of code to move files from one folder to another will result in the files not inheriting permissions from the destination folder.
The files that were moved retain the permissions from the source folder.
This doesn't happen with Copy-Item or when you drag / drop files.
Workaround I found is to add "icacls $dest /T RESET" to the end of the script.
Jessie Westlake commented
This is not a PowerShell bug per se, but I do think that the team should integrate a workaround or cmdlet that allows recalculating the permissions on FileSystem objects programmatically.
The actual issue here is that ACLs never recalculate programmatically in Windows, ever. There is behavior implemented in Windows Explorer that forces the ACLs to update whenever there is a change that would require it, so it seems like a bug whenever this doesn't happen.
The reason Copy-Item does not have this problem is that the files that end up in the Destination are NEW files, and as such those new files are assigned the default inherited ACL. When files are MOVED with Move-Item, they are they same exact files. Those files have essentially just had one property updated, and that property is the "Path" property. The path/location of a file is really just a piece of metadata. The only time a new file is created and would have a new ACL generated is when you are copying items across separate logical/physical drives. As a matter of fact, though, Dragging and Dropping files through Explorer often does not recalculate the ACLs either. Cutting and Pasting will create new files and should recalculate the ACLs.
I've had a serious problem with this issue while creating a set of cmdlets to manage NTFS permissions on our network shares. Essentially you have to iterate through EVERY SINGLE FILE and programmatically make a non-destructive change (like changing the inheritance protection and setting it back) before saving the ACL back to the file in order for it to update and recalculate its ACL with any inheritable permissions from its parent. I don't know how Windows Explorer does this so quickly, but this has taken me hours and hours to complete in a large collection of files, where it may take Explorer just a few minutes.