Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Need sample powershell script to revoke the access -Urgent

Posted on 2013-11-09
11
Medium Priority
?
883 Views
Last Modified: 2013-11-17
I would like to have a script which will revoke all folder permission except for few users.
And it should repeat the same for all child folder  and files.

Appreciate your help!!!
0
Comment
  • 6
  • 4
11 Comments
 
LVL 19

Accepted Solution

by:
Raheman M. Abdul earned 2000 total points
ID: 39635727
Create the file text.txt and set the required permissions on that file.
then run the following command which will set the folders and files in c:\temp\foldername location.

$p = Get-Acl C:\Temp\text.txt
Get-ChildItem c:\temp\folder -Recurse -Force | set-acl -AclObject $p


you can include or exclude certain files in the above line as:
Get-ChildItem c:\temp\folder -Recurse -include *.txt   -exclude *.ini   -Force | set-acl -AclObject $p
0
 
LVL 5

Author Comment

by:VIVEKANANDHAN_PERIASAMY
ID: 39635777
¿>>Create the file text.txt and set the required permissions on that file.<<

i need remove all other groups& user permission except for below groups.How to do it?
BUILTIN\Administrators
domain\group1
domain\group2
domain\group3
0
 
LVL 19

Expert Comment

by:Raheman M. Abdul
ID: 39636017
create a file and add those 4 permissions and then run the above commands
For trial I would suggest
copy one of your folders whose permissions you want to work on and run the command on the copied folder
0
WatchGuard Case Study: Museum of Flight

“With limited money and limited staffing, we didn’t have a lot of choices in terms of what we could do to bring efficiency. WatchGuard played a central part in changing that.” To provide strong, secure Wi-Fi access within the museum, Hunter chose to deploy WatchGuard’s AP120 APs.

 
LVL 5

Author Comment

by:VIVEKANANDHAN_PERIASAMY
ID: 39636295
I'm getting below error.
PS C:\Users\VIVEKANANDHAN> $p = Get-Acl C:\Temp\access.txt
Get-ChildItem c:\temp -Recurse -Force | set-acl -AclObject $p
set-acl : Some or all identity references could not be translated.
At line:2 char:41
+ Get-ChildItem c:\temp -Recurse -Force | set-acl -AclObject $p
+                                         ~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidOperation: (C:\temp\ST_SPLIT_TMP:String) [Set-Acl], IdentityNotMappedException
    + FullyQualifiedErrorId : System.Security.Principal.IdentityNotMappedException,Microsoft.PowerShell.Commands.SetAclCommand
 
set-acl : Some or all identity references could not be translated.
At line:2 char:41
+ Get-ChildItem c:\temp -Recurse -Force | set-acl -AclObject $p
+                                         ~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidOperation: (C:\temp\correct.ps1:String) [Set-Acl], IdentityNotMappedException
    + FullyQualifiedErrorId : System.Security.Principal.IdentityNotMappedException,Microsoft.PowerShell.Commands.SetAclCommand
 
set-acl : Some or all identity references could not be translated.
At line:2 char:41
+ Get-ChildItem c:\temp -Recurse -Force | set-acl -AclObject $p
+                                         ~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidOperation: (C:\temp\Diskreport.htm:String) [Set-Acl], IdentityNotMappedException
    + FullyQualifiedErrorId : System.Security.Principal.IdentityNotMappedException,Microsoft.PowerShell.Commands.SetAclCommand
 
set-acl : Some or all identity references could not be translated.
At line:2 char:41
+ Get-ChildItem c:\temp -Recurse -Force | set-acl -AclObject $p
+                                         ~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidOperation: (C:\temp\FreeSpace.htm:String) [Set-Acl], IdentityNotMappedException
    + FullyQualifiedErrorId : System.Security.Principal.IdentityNotMappedException,Microsoft.PowerShell.Commands.SetAclCommand
 
set-acl : Some or all identity references could not be translated.
At line:2 char:41
+ Get-ChildItem c:\temp -Recurse -Force | set-acl -AclObject $p
+                                         ~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidOperation: (C:\temp\info.log:String) [Set-Acl], IdentityNotMappedException
    + FullyQualifiedErrorId : System.Security.Principal.IdentityNotMappedException,Microsoft.PowerShell.Commands.SetAclCommand
 
set-acl : Some or all identity references could not be translated.
At line:2 char:41
+ Get-ChildItem c:\temp -Recurse -Force | set-acl -AclObject $p
+                                         ~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidOperation: (C:\temp\pagefile.log:String) [Set-Acl], IdentityNotMappedException
    + FullyQualifiedErrorId : System.Security.Principal.IdentityNotMappedException,Microsoft.PowerShell.Commands.SetAclCommand
 
set-acl : Some or all identity references could not be translated.
At line:2 char:41
+ Get-ChildItem c:\temp -Recurse -Force | set-acl -AclObject $p
+                                         ~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidOperation: (C:\temp\result.txt:String) [Set-Acl], IdentityNotMappedException
    + FullyQualifiedErrorId : System.Security.Principal.IdentityNotMappedException,Microsoft.PowerShell.Commands.SetAclCommand
 
set-acl : Some or all identity references could not be translated.
At line:2 char:41
+ Get-ChildItem c:\temp -Recurse -Force | set-acl -AclObject $p
+                                         ~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidOperation: (C:\temp\server.txt:String) [Set-Acl], IdentityNotMappedException
    + FullyQualifiedErrorId : System.Security.Principal.IdentityNotMappedException,Microsoft.PowerShell.Commands.SetAclCommand
 
set-acl : Some or all identity references could not be translated.
At line:2 char:41
+ Get-ChildItem c:\temp -Recurse -Force | set-acl -AclObject $p
+                                         ~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidOperation: (C:\temp\SystemMonitor.ps1:String) [Set-Acl], IdentityNotMappedException
    + FullyQualifiedErrorId : System.Security.Principal.IdentityNotMappedException,Microsoft.PowerShell.Commands.SetAclCommand
 
set-acl : Some or all identity references could not be translated.
At line:2 char:41
+ Get-ChildItem c:\temp -Recurse -Force | set-acl -AclObject $p
+                                         ~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidOperation: (C:\temp\SystemMonitorConfiguration.ps1:String) [Set-Acl], IdentityNotMappedException
    + FullyQualifiedErrorId : System.Security.Principal.IdentityNotMappedException,Microsoft.PowerShell.Commands.SetAclCommand
 
set-acl : Some or all identity references could not be translated.
At line:2 char:41
+ Get-ChildItem c:\temp -Recurse -Force | set-acl -AclObject $p
+                                         ~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidOperation: (C:\temp\t.txt:String) [Set-Acl], IdentityNotMappedException
    + FullyQualifiedErrorId : System.Security.Principal.IdentityNotMappedException,Microsoft.PowerSh
0
 
LVL 41

Expert Comment

by:footech
ID: 39636659
I would just use icacls (assuming Vista+, cacls for WinXP) for this.  If you know of specific users that you need to remove you can use the remove switch, otherwise you'd probably want to reset the perms to the defaults that are inherited, and then add the specific allow permissions and set inheritance as desired.
0
 
LVL 5

Author Comment

by:VIVEKANANDHAN_PERIASAMY
ID: 39636688
Hello Footech,

It's win 2003 server.  There are multiple users having access to different folder where they shouldn't be. From the root folder there approx 75000 sub folders having different users permission for each of them.

I know set groups which must alone have access to these folders. Some how it has been a security breach in the production.Now i want to clean them of.

How to do it?
0
 
LVL 5

Assisted Solution

by:VIVEKANANDHAN_PERIASAMY
VIVEKANANDHAN_PERIASAMY earned 0 total points
ID: 39637315
Modify the script and its' working now.
$acl= get-acl F:\correct # correct folder permission.
$files= get-childItem  F:\new -recursive|set-acl -aclobject $acl
0
 
LVL 5

Author Comment

by:VIVEKANANDHAN_PERIASAMY
ID: 39643242
I've requested that this question be closed as follows:

Accepted answer: 0 points for VIVEKANANDHAN_PERIASAMY's comment #a39637315
Assisted answer: 500 points for marahman3001's comment #a39635727

for the following reason:

I have modify the script to get the correct permission.
0
 
LVL 19

Expert Comment

by:Raheman M. Abdul
ID: 39643241
Vivek, You can select your comment as a solution and my comment as assisted solution to Close the question by Accepting answer.

Thanks Vivek
0
 
LVL 19

Expert Comment

by:Raheman M. Abdul
ID: 39643243
Vivek, You can select your comment as a solution and my comment as assisted solution to Close the question by Accepting answer.

Thanks Vivek
0
 
LVL 5

Author Closing Comment

by:VIVEKANANDHAN_PERIASAMY
ID: 39654353
I have tunning the experts answer which helped my needs.
0

Featured Post

New Tabletop Appliances Blow Competitors Away!

WatchGuard’s new T15, T35 and T55 tabletop UTMs provide the highest-performing security inspection in their class, allowing users at small offices, home offices and distributed enterprises to experience blazing-fast Internet speeds without sacrificing enterprise-grade security.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

With User Account Control (UAC) enabled in Windows 7, one needs to open an elevated Command Prompt in order to run scripts under administrative privileges. Although the elevated Command Prompt accomplishes the task, the question How to run as script…
My attempt to use PowerShell and other great resources found online to simplify the deployment of Office 365 ProPlus client components to any workstation that needs it, regardless of existing Office components that may be needing attention.
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an antispam), the admini…
Loops Section Overview

916 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question