Removing all ACL on folder with powershell
This code remove acl :
$acl = Get-Acl \\remote_server\share_folder\HAL.9000$acl.Access | %{$acl.RemoveAccessRule($_)}
This code add administrator acl :
#BUILTIN administrator$acl = Get-Acl \\remote_server\share_folder\HAL.9000$permission = "BUILTIN\Administrators","FullControl", "ContainerInherit,ObjectInherit","None","Allow"$accessRule = New-Object System.Security.AccessControl.FileSystemAccessRule $permission$acl.SetAccessRule($accessRule)Set-Acl \\remote_server\share_folder\HAL.9000 $acl#Domain controller administrator$acl = Get-Acl \\remote_server\share_folder\HAL.9000$permission = "DOMAINCONTROLLER\Administrators","FullControl", "ContainerInherit,ObjectInherit","None","Allow"$accessRule = New-Object System.Security.AccessControl.FileSystemAccessRule $permission$acl.SetAccessRule($accessRule)Set-Acl \\remote_server\share_folder\HAL.9000 $acl
Hope this will help someone :)
For convenience I've copy/pasted all this stuff together in a function. If it can be of use to anyone, here it is:
Function Remove-ACL { [CmdletBinding(SupportsShouldProcess=$True)] Param( [parameter(Mandatory=$true,ValueFromPipeline=$true,Position=0)] [ValidateNotNullOrEmpty()] [ValidateScript({Test-Path $_ -PathType Container})] [String[]]$Folder, [Switch]$Recurse ) Process { foreach ($f in $Folder) { if ($Recurse) {$Folders = $(Get-ChildItem $f -Recurse -Directory).FullName} else {$Folders = $f} if ($Folders -ne $null) { $Folders | ForEach-Object { # Remove inheritance $acl = Get-Acl $_ $acl.SetAccessRuleProtection($true,$true) Set-Acl $_ $acl # Remove ACL $acl = Get-Acl $_ $acl.Access | %{$acl.RemoveAccessRule($_)} | Out-Null # Add local admin $permission = "BUILTIN\Administrators","FullControl", "ContainerInherit,ObjectInherit","None","Allow" $rule = New-Object System.Security.AccessControl.FileSystemAccessRule $permission $acl.SetAccessRule($rule) Set-Acl $_ $acl Write-Verbose "Remove-HCacl: Inheritance disabled and permissions removed from $_" } } else { Write-Verbose "Remove-HCacl: No subfolders found for $f" } } }}
Usage:
# For only one folder:Remove-ACL 'C:\Folder' -Verbose# For all subfolders:Remove-ACL 'C:\Folder' -Recurse -Verbose# Pipe stuff'C:\Folder 1', 'C:\Folder 2' | Remove-ACL -Verbose
This code remove acl : $acl = Get-Acl \remote_server\share_folder\HAL.9000 $acl.Access | %{$acl.RemoveAccessRule($_)}
it does not work until you do
Set-Acl \\remote_server\share_folder\HAL.9000 $acl