Created
February 10, 2021 21:47
-
-
Save nobesnickr/73ce475307baef4e2cd2777e4c5f8625 to your computer and use it in GitHub Desktop.
Recursively Reset ACL via PowerShell - (Remove All, Add New w/ Full Control)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Function Remove-ACL { | |
| [CmdletBinding(SupportsShouldProcess=$True)] | |
| Param( | |
| [parameter(Mandatory=$true,ValueFromPipeline=$true,Position=0)] | |
| [ValidateNotNullOrEmpty()] | |
| [ValidateScript({Test-Path $_ -PathType Container})] | |
| [String[]]$Folder, | |
| [Switch]$Recurse, | |
| [Switch]$ChangeOwner, | |
| [String[]]$UserId, | |
| [String[]]$OwnerId, | |
| [Switch]$DeleteFolders | |
| ) | |
| Process { | |
| $defaultOwner = "BUILTIN\Administrators" | |
| $defaultUser = "BUILTIN\Administrators" | |
| Write-Verbose "Folder(s) Specified: $Folder" | |
| if ($ChangeOwner) { | |
| if ($OwnerID -ne $null) { | |
| Write-Verbose "Change Owner enabled and OwnerID supplied as: $OwnerID" | |
| $newOwner = New-Object System.Security.Principal.NTAccount("$OwnerID") | |
| } else { | |
| Write-Verbose "Change Owner enabled but no OwnerID supplied, using default of $defaultOwner" | |
| $newOwner = New-Object System.Security.Principal.NTAccount("$defaultOwner") | |
| } | |
| Write-Verbose "Owner will be changed to $newOwner" | |
| } else { | |
| Write-Verbose "Change Owner not enabled, Item Owner will be left as it is" | |
| } | |
| if($UserId -ne $null){ | |
| $aclUser = New-Object System.Security.Principal.NTAccount($UserId) | |
| } else { | |
| $aclUser = New-Object System.Security.Principal.NTAccount($defaultUser) | |
| } | |
| $aclRule = New-Object System.Security.AccessControl.FileSystemAccessRule($aclUser,"FullControl","Allow") | |
| Write-Verbose "Full-Control ACL will be granted for $aclUser" | |
| foreach ($f in $Folder) { | |
| if ($Recurse) {$Folders = $(Get-ChildItem $f -Force -Recurse).FullName} else {$Folders = $f} | |
| if ($Folders -ne $null) { | |
| $Folders | ForEach-Object { | |
| # Remove inheritance | |
| $acl = Get-Acl $_ | |
| $acl.SetAccessRuleProtection($true,$true) | |
| Set-Acl $_ $acl | |
| # Remove ACL | |
| $acl = Get-Acl $_ | |
| $acl.Access | %{$acl.RemoveAccessRule($_)} | Out-Null | |
| $acl.SetAccessRule($aclRule) | |
| if ($ChangeOwner) { | |
| $acl.SetOwner($newOwner) | |
| } | |
| Set-Acl $_ $acl | |
| Write-Verbose "Remove-ACL: Inheritance disabled and permissions removed from $_" | |
| # File Specific Actions | |
| if (Test-Path $_ -PathType Leaf) { | |
| # if($DeleteItems) { | |
| # Write-Verbose "Deleting Item: $_ " | |
| # Remove-Item $_ -Force | |
| # } | |
| } | |
| # Folder Specific Actions | |
| if(Test-Path $_ -PathType Container) { | |
| } | |
| } | |
| if ($DeleteFolders) { | |
| Write-Output "DeleteFolders Options enabled" | |
| $Folders = $(Get-ChildItem $f -Directory -Force -Recurse).FullName} else {$Folders = $f} | |
| if ($Folders -ne $null) { | |
| $Folders | ForEach-Object { | |
| Write-Verbose "Deleting Folder: $_" | |
| #Remove-Item $_ -Recurse -Force | |
| } | |
| } | |
| } | |
| else { | |
| Write-Verbose "Remove-HCacl: No subfolders found for $f" | |
| } | |
| } | |
| } | |
| } | |
| Remove-ACL -Verbose -Recurse | |
| # How to run this file | |
| # Open PowerShell | |
| # . \\tsclient\C\utils\Remove-ACL.ps1 | |
| # Remove-ACL E:\FB\FB_Shared\Employee_Archive -Verbose -Recurse |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment