Hello,
I want to read the list of security permissions (acl) on a folder. I then want to check if a particular user is part of the ACL. If the user is indeed part of the ACL, then I would like to remove him from the ACL.
I have run the code below and the system does find a match and executes the appropriate line to delete access.
However, the variable that has the access permisssions stored in it does not get properly updated. Therefore I am not applying the correct permissions (the new permissions that I am trying to set without the user in question). The variable that holds the permissions does not get modified, even though system says that it is updated.
I am using powershell version 5, running on Windows 10 professional build 1903
I can manually change the permissions with my account, but not via powershell.
Any assistance would be greatly appreciated.
Thanks,
Solomin
===================
I use the following code:
#######################################################
$aclperso = ""
$sname = "test100"
$homedrive = "\\bank\perso\"
$UserHomeDrive=$homedrive+$sname
$aclname = "bank\"+$sname
$acl = Get-ACL -Path $userhomedrive
$acl.SetAccessRuleProtection($True, $True)
set-Acl -Path $userhomedrive -AclObject $acl
## above line removes inheritance from acl - i.e it disables inheritance (this command works)
$acl = Get-ACL -Path $userhomedrive
$acl.Access | Where-Object {$_.IdentityReference -eq $aclname} | Foreach-Object {$acl.RemoveAccessRule($_) | Out-Null}
#### above command is supposed to remove user test100.budman from ACL
#### if I check the value of $acl and acl.access, the values for test100.budman are still stored inside the variable and not deleted.
#### what is strange is the system returns True that a value has been deleted (access permisssions removed) but it is not deleted
Set-acl -path $userhomedrive -aclobject $acl
write-host " "
#############################################################################