Hello,
I want to read the list of security permissions (acl) on a folder. I then want to check if a particular user is part of the ACL. If the user is indeed part of the ACL, then I would like to remove him from the ACL.
I have run the code below and the system does find a match and executes the appropriate line to delete access.
However, the variable that has the access permisssions stored in it does not get properly updated. Therefore I am not applying the correct permissions (the new permissions that I am trying to set without the user in question). The variable that holds the permissions does not get modified, even though system says that it is updated.
I am using powershell version 5, running on Windows 10 professional build 1903
I can manually change the permissions with my account, but not via powershell.
Any assistance would be greatly appreciated.
Thanks,
Solomin
===================
I use the following code:
#######################################################
$aclperso = "" $sname = "test100" $homedrive = "\\bank\perso\" $UserHomeDrive=$homedrive+$sname $aclname = "bank\"+$sname $acl = Get-ACL -Path $userhomedrive $acl.SetAccessRuleProtection($True, $True) set-Acl -Path $userhomedrive -AclObject $acl ## above line removes inheritance from acl - i.e it disables inheritance (this command works) $acl = Get-ACL -Path $userhomedrive $acl.Access | Where-Object {$_.IdentityReference -eq $aclname} | Foreach-Object {$acl.RemoveAccessRule($_) | Out-Null} #### above command is supposed to remove user test100.budman from ACL #### if I check the value of $acl and acl.access, the values for test100.budman are still stored inside the variable and not deleted. #### what is strange is the system returns True that a value has been deleted (access permisssions removed) but it is not deleted Set-acl -path $userhomedrive -aclobject $acl write-host " " #############################################################################