acl.removeaccessrule not working – need assistance with ACL permissions

Welcome Forums General PowerShell Q&A acl.removeaccessrule not working – need assistance with ACL permissions

Viewing 0 reply threads
  • Author
    Posts
    • #199562
      Participant
      Topics: 1
      Replies: 0
      Points: 13
      Rank: Member

      Hello,

      I want to read the list of security permissions (acl)  on a folder.  I then want to check if a particular user is part of the ACL. If the user is indeed part of the ACL, then I would like to remove him from the ACL.

      I have run the code below and the system does find a match and executes the appropriate line to delete access.

      However, the variable that has the access permisssions stored in it does not get properly updated. Therefore I am not applying the correct permissions (the new permissions that I am trying to set without the user in question). The variable that holds the permissions does not get modified, even though system says that it is updated.

      I am using powershell version 5, running on Windows 10 professional build 1903

      I can manually change the permissions with my account, but not via powershell.

      Any assistance would be greatly appreciated.

      Thanks,

       

      Solomin

      ===================

      I use the following code:

      #######################################################

      $aclperso = ""
      
      $sname = "test100"
      
      $homedrive = "\\bank\perso\"       
      
      $UserHomeDrive=$homedrive+$sname
      
      $aclname = "bank\"+$sname
      
      $acl = Get-ACL -Path $userhomedrive
      
      $acl.SetAccessRuleProtection($True, $True)
      
      set-Acl -Path $userhomedrive -AclObject $acl
      
      ##  above line removes inheritance from acl - i.e it disables inheritance (this command works)
      
      $acl = Get-ACL -Path $userhomedrive
      
      $acl.Access | Where-Object {$_.IdentityReference -eq $aclname} | Foreach-Object {$acl.RemoveAccessRule($_) | Out-Null} 
      
      #### above command is supposed to remove user test100.budman from ACL
      
      #### if I check the value of $acl and acl.access, the values for test100.budman are still stored inside the variable and not deleted.
      
      #### what is strange is the system returns True that a value has been deleted (access permisssions removed) but it is not deleted
      
      Set-acl -path $userhomedrive -aclobject $acl
      
      write-host " "
      
      #############################################################################
Viewing 0 reply threads
  • You must be logged in to reply to this topic.