Removing access permissions

This topic contains 3 replies, has 2 voices, and was last updated by Profile photo of Brian Sprogø Brian Sprogø 1 year, 10 months ago.

  • Author
    Posts
  • #22446
    Profile photo of Jarek C.
    Jarek C.
    Participant

    I'm trying to write a script that would remove all access permissions from a particular folder and replace them with a new set of permissions.
    To remove all permissions I do

    1. $acl = Get-Acl $folder
    2. foreach($access in $acl.access){
    3. $acl.RemoveAccessRuleAll($access) | Out-Null
    4. }
    5. Set-Acl $folder $acl

    however this doesn't work for some reason. When debugging I'm doing $acl | fl in line 1 and then after Set-Acl and the result is the same as if RemoveAccessRuleAll() never run.
    What do I need to modify to get this to work?

  • #22447
    Profile photo of Brian Sprogø
    Brian Sprogø
    Participant

    Could it be that all of your permissions on the folder is inherited ?

    You can remove inheritance with

    $acl.SetAccessRuleProtection($True, $True)

    Info on the method here:

    https://msdn.microsoft.com/en-us/library/system.security.accesscontrol.objectsecurity.setaccessruleprotection(v=vs.110).aspx

  • #22449
    Profile photo of Jarek C.
    Jarek C.
    Participant

    That was it 🙂 Many thanks

  • #22451
    Profile photo of Brian Sprogø
    Brian Sprogø
    Participant

    You're welcome 🙂

You must be logged in to reply to this topic.