Removing access permissions

I’m trying to write a script that would remove all access permissions from a particular folder and replace them with a new set of permissions.
To remove all permissions I do

  1. $acl = Get-Acl $folder
  2. foreach($access in $acl.access){
  3. $acl.RemoveAccessRuleAll($access) | Out-Null
  4. }
  5. Set-Acl $folder $acl

however this doesn’t work for some reason. When debugging I’m doing $acl | fl in line 1 and then after Set-Acl and the result is the same as if RemoveAccessRuleAll() never run.
What do I need to modify to get this to work?

Could it be that all of your permissions on the folder is inherited ?

You can remove inheritance with

$acl.SetAccessRuleProtection($True, $True)

Info on the method here:

https://msdn.microsoft.com/en-us/library/system.security.accesscontrol.objectsecurity.setaccessruleprotection(v=vs.110).aspx

That was it :slight_smile: Many thanks

You’re welcome :slight_smile: