Cannot remove executeable from folders inherent to prevent malware from execute

Hi Guys.
Normally I’m a unix guy, but all our enviorments clients runs Windows10 - so needed a little Powershell script. After beeing hit twice in hostingcenter with Malware - I talked with some guys - that talking about removing executeable bit in some folders. So thats the Why :slight_smile:
OS: Windows10 Pro - 64Bit v.1909

My Script is quite simple - but getting stuck on a error:

## Changing permission on Folders
$Acl = Get-Acl C:\Windows\Temp 
$AccessRule = New-Object System.Security.AccessControl.FileSystemAccessRule("AUTHORITY\SYSTEM","Execute","Allow")
$Acl.RemoveAccessRule($AccessRule)
$Acl | Set-Acl C:\Windows\Temp

When running this script - I’m just getting this error:

Exception calling "RemoveAccessRule" with "1" argument(s): "Some or all Identities could not be translated."
At C:\Users\pbj\Powershell\update.ps1:14 char:1
+ $Acl.RemoveAccessRule($AccessRule)
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [], MethodInvocationException
+ FullyQualifiedErrorId : IdentityNotMappedException

And I do not get this problem - since I’ve tried following several guides etc online from these:
https://blog.netwrix.com/2018/04/18/how-to-manage-file-system-acls-with-powershell-scripts/#How%20to%20remove%20user%20permissions
https://blog.netwrix.com/2018/05/17/powershell-file-management/

But unfortunably I’m not getting this to work - and properly have blinded myself with looking at it for some time!

Thanks in advance

Read the error message and it will tell you exactly the problem. It can’t translate “some or all” of the identities. Your code is only referring to one identity. Try this instead.

## Changing permission on Folders
$Acl = Get-Acl C:\Windows\Temp 
$AccessRule = New-Object System.Security.AccessControl.FileSystemAccessRule("NT AUTHORITY\SYSTEM","Execute","Allow")
$Acl.RemoveAccessRule($AccessRule)
$Acl | Set-Acl C:\Windows\Temp

Hope it helps.