powershell remove all permissions on a folder for a specific user
$acl=get-acl c:\temp $accessrule = New-Object system.security.AccessControl.FileSystemAccessRule("domain\user","Read",,,"Allow") $acl.RemoveAccessRuleAll($accessrule) Set-Acl -Path "c:\temp" -AclObject $acl
this should wipe all security rules for user in c:\temp recursively
i think the simpler way to do this is to copy acl from a file or folder that have the correct permissions and apply it to the folder where you want specific access.example:
$acl= get-acl /path/to/file_with_correct acl $files = get-childItem c:\temp\*.* -recurce | set-acl -aclobject $acl -whatif
remove the -whatif parameter to effectively modify acl
Or follow this technet article and use a code like :
$Right = [System.Security.AccessControl.FileSystemRights]::Read$InheritanceFlag = [System.Security.AccessControl.InheritanceFlags]::None $PropagationFlag = [System.Security.AccessControl.PropagationFlags]::InheritOnly $objType = [System.Security.AccessControl.AccessControlType]::Allow $objUser = New-Object System.Security.Principal.NTAccount("domain\bob") $objACE = New-Object System.Security.AccessControl.FileSystemAccessRule ` ($objUser, $Right, $InheritanceFlag, $PropagationFlag, $objType) $objACL = Get-ACL "d:\test" $objACL.RemoveAccessRuleAll($objACE) Set-ACL "d:\test" -AclObject $objACL