none
Cannot remove folder permission after disable inherit

    Question

  • I am trying to remove network folder permission recently, below script is working normally on the most of folders.

    Here is my scenario:

    1. I was generated a folder report including folder path, object name and permission. (ignore domain pls)

    2. I have disabled inherit from parent by using below script and it works:

    $acl = Get-Acl -Path $Path
    $acl.SetAccessRuleProtection($True,$True)
    Set-Acl -Path $Path -AclObject $acl
    3. To remove folder access, i will use below script and it is working normally on the most of folders:
    $AccessRule = New-Object System.Security.AccessControl.FileSystemAccessRule($Obj,$Access,,,"Allow")
    $acl = Get-Acl $Path $acl.RemoveAccessRuleAll($AccessRule)
    Set-Acl -Path $Path -AclObject $acl

    4. Somehow i cannot remove an access from a folder, after manual checking, the folder has been disabled inherit from parent by using #2 script.

    5. After failed to remove access by script, i try to remove it by manual, and it works.

    6. There have over than 100,000+ access have to remove but unfortunately above script is not working for those folders, and those folders has been disabled inherit from parent.

    7. I was tried to create the same access to the same folder by using below script:

    $acl = Get-Acl $Path
    $args = "$Obj","ReadAndExecute","ContainerInherit,ObjectInherit","None","Allow"
    $AccessRule = New-Object System.Security.AccessControl.FileSystemAccessRule $args 
    $acl.SetAccessRule($AccessRule)
    $acl | Set-Acl $Path

       After creation, it is showing the two same access in the folder.

    8. After that i use the remove script #3 again, and then only 1 access exists now. (The new added access has removed but the same old access still remain)

    9. I have checked the folder access by using below script, all the words is exactly same as #7 $AccessRule, i run #7 script again but the access still remain and nothing changed.

    $acl = Get-Acl $Path

    $acl.Access

    Question:

    How can i remove folder access in this scenario? Or what should i go to check by using PowerShell?


    • Edited by KL_ Wednesday, May 1, 2019 10:00 AM update subject
    Friday, April 19, 2019 4:57 PM

All replies

  • Hi,

    Thanks for your question.

    About how to remove the access of your folder, for example:

    $acl=get-acl C:\temp\test1\test2 
    $access=New-Object System.Security.AccessControl.FileSystemAccessRule("lee\t01","ReadAndExecute, Synchronize","allow")
    $acl.RemoveAccessRuleAll($access)
    set-acl C:\temp\test1\test2 -AclObject $acl

    Best regards,

    Lee


    Just do it.

    Monday, April 22, 2019 5:54 AM
    Moderator
  • Hi,
    Was your issue resolved? 
    If you resolved it using our solution, please "mark it as answer" to help other community members find the helpful reply quickly.
    If you resolve it using your own solution, please share your experience and solution here. It will be very beneficial for other community members who have similar questions.
    If no, please reply and tell us the current situation in order to provide further help.
    Best Regards,
    Lee

    Just do it.

    Thursday, April 25, 2019 8:42 AM
    Moderator
  • Thank you Lee for your support! After testing, your script is not working for my mentioned situation. I am trying to looking for another solution which is different from the currently script same as mine/yours. Please let me know if you have another way/checking menthod that is working to remove folder access/for checking use. Thanks for your prompt response again!

    KL_

    Thursday, April 25, 2019 10:45 AM