VIVEKANANDHAN_PERIASAMY
asked on
Need sample powershell script to revoke the access -Urgent
I would like to have a script which will revoke all folder permission except for few users.
And it should repeat the same for all child folder and files.
Appreciate your help!!!
And it should repeat the same for all child folder and files.
Appreciate your help!!!
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
create a file and add those 4 permissions and then run the above commands
For trial I would suggest
copy one of your folders whose permissions you want to work on and run the command on the copied folder
For trial I would suggest
copy one of your folders whose permissions you want to work on and run the command on the copied folder
ASKER
I'm getting below error.
PS C:\Users\VIVEKANANDHAN> $p = Get-Acl C:\Temp\access.txt
Get-ChildItem c:\temp -Recurse -Force | set-acl -AclObject $p
set-acl : Some or all identity references could not be translated.
At line:2 char:41
+ Get-ChildItem c:\temp -Recurse -Force | set-acl -AclObject $p
+ ~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (C:\temp\ST_SPLIT_TMP:Stri
+ FullyQualifiedErrorId : System.Security.Principal.
set-acl : Some or all identity references could not be translated.
At line:2 char:41
+ Get-ChildItem c:\temp -Recurse -Force | set-acl -AclObject $p
+ ~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (C:\temp\correct.ps1:Strin
+ FullyQualifiedErrorId : System.Security.Principal.
set-acl : Some or all identity references could not be translated.
At line:2 char:41
+ Get-ChildItem c:\temp -Recurse -Force | set-acl -AclObject $p
+ ~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (C:\temp\Diskreport.htm:St
+ FullyQualifiedErrorId : System.Security.Principal.
set-acl : Some or all identity references could not be translated.
At line:2 char:41
+ Get-ChildItem c:\temp -Recurse -Force | set-acl -AclObject $p
+ ~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (C:\temp\FreeSpace.htm:Str
+ FullyQualifiedErrorId : System.Security.Principal.
set-acl : Some or all identity references could not be translated.
At line:2 char:41
+ Get-ChildItem c:\temp -Recurse -Force | set-acl -AclObject $p
+ ~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (C:\temp\info.log:String) [Set-Acl], IdentityNotMappedException
+ FullyQualifiedErrorId : System.Security.Principal.
set-acl : Some or all identity references could not be translated.
At line:2 char:41
+ Get-ChildItem c:\temp -Recurse -Force | set-acl -AclObject $p
+ ~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (C:\temp\pagefile.log:Stri
+ FullyQualifiedErrorId : System.Security.Principal.
set-acl : Some or all identity references could not be translated.
At line:2 char:41
+ Get-ChildItem c:\temp -Recurse -Force | set-acl -AclObject $p
+ ~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (C:\temp\result.txt:String
+ FullyQualifiedErrorId : System.Security.Principal.
set-acl : Some or all identity references could not be translated.
At line:2 char:41
+ Get-ChildItem c:\temp -Recurse -Force | set-acl -AclObject $p
+ ~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (C:\temp\server.txt:String
+ FullyQualifiedErrorId : System.Security.Principal.
set-acl : Some or all identity references could not be translated.
At line:2 char:41
+ Get-ChildItem c:\temp -Recurse -Force | set-acl -AclObject $p
+ ~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (C:\temp\SystemMonitor.ps1
+ FullyQualifiedErrorId : System.Security.Principal.
set-acl : Some or all identity references could not be translated.
At line:2 char:41
+ Get-ChildItem c:\temp -Recurse -Force | set-acl -AclObject $p
+ ~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (C:\temp\SystemMonitorConf
+ FullyQualifiedErrorId : System.Security.Principal.
set-acl : Some or all identity references could not be translated.
At line:2 char:41
+ Get-ChildItem c:\temp -Recurse -Force | set-acl -AclObject $p
+ ~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (C:\temp\t.txt:String) [Set-Acl], IdentityNotMappedException
+ FullyQualifiedErrorId : System.Security.Principal.
PS C:\Users\VIVEKANANDHAN> $p = Get-Acl C:\Temp\access.txt
Get-ChildItem c:\temp -Recurse -Force | set-acl -AclObject $p
set-acl : Some or all identity references could not be translated.
At line:2 char:41
+ Get-ChildItem c:\temp -Recurse -Force | set-acl -AclObject $p
+ ~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (C:\temp\ST_SPLIT_TMP:Stri
+ FullyQualifiedErrorId : System.Security.Principal.
set-acl : Some or all identity references could not be translated.
At line:2 char:41
+ Get-ChildItem c:\temp -Recurse -Force | set-acl -AclObject $p
+ ~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (C:\temp\correct.ps1:Strin
+ FullyQualifiedErrorId : System.Security.Principal.
set-acl : Some or all identity references could not be translated.
At line:2 char:41
+ Get-ChildItem c:\temp -Recurse -Force | set-acl -AclObject $p
+ ~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (C:\temp\Diskreport.htm:St
+ FullyQualifiedErrorId : System.Security.Principal.
set-acl : Some or all identity references could not be translated.
At line:2 char:41
+ Get-ChildItem c:\temp -Recurse -Force | set-acl -AclObject $p
+ ~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (C:\temp\FreeSpace.htm:Str
+ FullyQualifiedErrorId : System.Security.Principal.
set-acl : Some or all identity references could not be translated.
At line:2 char:41
+ Get-ChildItem c:\temp -Recurse -Force | set-acl -AclObject $p
+ ~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (C:\temp\info.log:String) [Set-Acl], IdentityNotMappedException
+ FullyQualifiedErrorId : System.Security.Principal.
set-acl : Some or all identity references could not be translated.
At line:2 char:41
+ Get-ChildItem c:\temp -Recurse -Force | set-acl -AclObject $p
+ ~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (C:\temp\pagefile.log:Stri
+ FullyQualifiedErrorId : System.Security.Principal.
set-acl : Some or all identity references could not be translated.
At line:2 char:41
+ Get-ChildItem c:\temp -Recurse -Force | set-acl -AclObject $p
+ ~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (C:\temp\result.txt:String
+ FullyQualifiedErrorId : System.Security.Principal.
set-acl : Some or all identity references could not be translated.
At line:2 char:41
+ Get-ChildItem c:\temp -Recurse -Force | set-acl -AclObject $p
+ ~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (C:\temp\server.txt:String
+ FullyQualifiedErrorId : System.Security.Principal.
set-acl : Some or all identity references could not be translated.
At line:2 char:41
+ Get-ChildItem c:\temp -Recurse -Force | set-acl -AclObject $p
+ ~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (C:\temp\SystemMonitor.ps1
+ FullyQualifiedErrorId : System.Security.Principal.
set-acl : Some or all identity references could not be translated.
At line:2 char:41
+ Get-ChildItem c:\temp -Recurse -Force | set-acl -AclObject $p
+ ~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (C:\temp\SystemMonitorConf
+ FullyQualifiedErrorId : System.Security.Principal.
set-acl : Some or all identity references could not be translated.
At line:2 char:41
+ Get-ChildItem c:\temp -Recurse -Force | set-acl -AclObject $p
+ ~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (C:\temp\t.txt:String) [Set-Acl], IdentityNotMappedException
+ FullyQualifiedErrorId : System.Security.Principal.
I would just use icacls (assuming Vista+, cacls for WinXP) for this. If you know of specific users that you need to remove you can use the remove switch, otherwise you'd probably want to reset the perms to the defaults that are inherited, and then add the specific allow permissions and set inheritance as desired.
ASKER
Hello Footech,
It's win 2003 server. There are multiple users having access to different folder where they shouldn't be. From the root folder there approx 75000 sub folders having different users permission for each of them.
I know set groups which must alone have access to these folders. Some how it has been a security breach in the production.Now i want to clean them of.
How to do it?
It's win 2003 server. There are multiple users having access to different folder where they shouldn't be. From the root folder there approx 75000 sub folders having different users permission for each of them.
I know set groups which must alone have access to these folders. Some how it has been a security breach in the production.Now i want to clean them of.
How to do it?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I've requested that this question be closed as follows:
Accepted answer: 0 points for VIVEKANANDHAN_PERIASAMY's comment #a39637315
Assisted answer: 500 points for marahman3001's comment #a39635727
for the following reason:
I have modify the script to get the correct permission.
Accepted answer: 0 points for VIVEKANANDHAN_PERIASAMY's comment #a39637315
Assisted answer: 500 points for marahman3001's comment #a39635727
for the following reason:
I have modify the script to get the correct permission.
Vivek, You can select your comment as a solution and my comment as assisted solution to Close the question by Accepting answer.
Thanks Vivek
Thanks Vivek
Vivek, You can select your comment as a solution and my comment as assisted solution to Close the question by Accepting answer.
Thanks Vivek
Thanks Vivek
ASKER
I have tunning the experts answer which helped my needs.
ASKER
i need remove all other groups& user permission except for below groups.How to do it?
BUILTIN\Administrators
domain\group1
domain\group2
domain\group3