Setting ACL Over writes Audits

Welcome Forums General PowerShell Q&A Setting ACL Over writes Audits

This topic contains 2 replies, has 2 voices, and was last updated by

 
Participant
3 years ago.

  • Author
    Posts
  • #32023

    Participant
    Points: 0
    Rank: Member

    I'm trying to write a script so that if a certain user has too many permissions on it, it deletes it out of the folder...the issue is it's currently also removing all the audits that exist on the folder...

    Below is a snippet of the function:

            foreach($acl in (get-acl $path).access | ?{$_.identityreference -eq $user} | ? {$_})
    	{
    		if($acl.filesystemrights -notmatch $permissions)
    		{
    			try
    			{
    				$x = (get-item -force $path).GetAccessControl('Access')
    				$x.removeaccessruleSpecific($acl)
    
    				set-acl $path -aclobject $x -erroraction stop
    			}
    			catch
    			{
    				$badgrab+=@("$user is a general user with improper permissions")
    			}
    										
    		}
    	}
    

    On the set-acl it wipes the existing audits...is there a way to remove/set an ACL without deleting the audits?

  • #32038

    Participant
    Points: 0
    Rank: Member

    This a bug caused by the file system provider in PowerShell. Set-Acl for files and folders has lots of issues (some have been fixed in version 5), so I generally recommend against using it at all. Instead, you can do this:

    (Get-Item $Path).SetAccessControl($x)
    
  • #32039

    Participant
    Points: 0
    Rank: Member

    AHHHHH, well that frustrates me!

    Thanks a lot, your solution worked like a charm

The topic ‘Setting ACL Over writes Audits’ is closed to new replies.