windows - Removing all ACL on folder with powershell - Stack Overflow

Delete Set public Set private Add tags Delete tags

14387 shaares
5333 private links

14387 shaares · 5333 private links

Filters

Links per page

20 50 100

windows - Removing all ACL on folder with powershell - Stack Overflow

This code remove acl :

$acl = Get-Acl \\remote_server\share_folder\HAL.9000
$acl.Access | %{$acl.RemoveAccessRule($_)}
This code add administrator acl :

[#BUILTIN](https://b.plas.ml/./add-tag/BUILTIN) administrator

$acl = Get-Acl \\remote_server\share_folder\HAL.9000
$permission  = "BUILTIN\Administrators","FullControl", "ContainerInherit,ObjectInherit","None","Allow"
$accessRule = New-Object System.Security.AccessControl.FileSystemAccessRule $permission
$acl.SetAccessRule($accessRule)
Set-Acl \\remote_server\share_folder\HAL.9000 $acl

[#Domain](https://b.plas.ml/./add-tag/Domain) controller administrator

$acl = Get-Acl \\remote_server\share_folder\HAL.9000
$permission  = "DOMAINCONTROLLER\Administrators","FullControl", "ContainerInherit,ObjectInherit","None","Allow"
$accessRule = New-Object System.Security.AccessControl.FileSystemAccessRule $permission
$acl.SetAccessRule($accessRule)
Set-Acl \\remote_server\share_folder\HAL.9000 $acl

----- 

Function Remove-ACL {    
    [CmdletBinding(SupportsShouldProcess=$True)]
    Param(
        [parameter(Mandatory=$true,ValueFromPipeline=$true,Position=0)]
        [ValidateNotNullOrEmpty()]
        [ValidateScript({Test-Path $_ -PathType Container})]
        [String[]]$Folder,
        [Switch]$Recurse
    )

    Process {

        foreach ($f in $Folder) {

            if ($Recurse) {$Folders = $(Get-ChildItem $f -Recurse -Directory).FullName} else {$Folders = $f}

            if ($Folders -ne $null) {

                $Folders | ForEach-Object {

                    # Remove inheritance
                    $acl = Get-Acl $_
                    $acl.SetAccessRuleProtection($true,$true)
                    Set-Acl $_ $acl

                    # Remove ACL
                    $acl = Get-Acl $_
                    $acl.Access | %{$acl.RemoveAccessRule($_)} | Out-Null

                    # Add local admin
                    $permission  = "BUILTIN\Administrators","FullControl", "ContainerInherit,ObjectInherit","None","Allow"
                    $rule = New-Object System.Security.AccessControl.FileSystemAccessRule $permission
                    $acl.SetAccessRule($rule)

                    Set-Acl $_ $acl

                    Write-Verbose "Remove-HCacl: Inheritance disabled and permissions removed from $_"
                }
            }
            else {
                Write-Verbose "Remove-HCacl: No subfolders found for $f"
            }
        }
    }
}

Usage:

For only one folder:
Remove-ACL 'C:\Folder' -Verbose

For all subfolders:
Remove-ACL 'C:\Folder' -Recurse -Verbose

Pipe stuff
'C:\Folder 1', 'C:\Folder 2' | Remove-ACL -Verbose

windows · acl

August 14, 2022 at 3:59:10 PM UTC * · permalink

https://stackoverflow.com/questions/6573308/removing-all-acl-on-folder-with-powershell

Filters

Links per page

20 50 100