Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Need sample powershell script to revoke the access -Urgent

Posted on 2013-11-09
11
Medium Priority
?
866 Views
Last Modified: 2013-11-17
I would like to have a script which will revoke all folder permission except for few users.
And it should repeat the same for all child folder  and files.

Appreciate your help!!!
0
Comment
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 4
11 Comments
 
LVL 19

Accepted Solution

by:
Raheman M. Abdul earned 2000 total points
ID: 39635727
Create the file text.txt and set the required permissions on that file.
then run the following command which will set the folders and files in c:\temp\foldername location.

$p = Get-Acl C:\Temp\text.txt
Get-ChildItem c:\temp\folder -Recurse -Force | set-acl -AclObject $p


you can include or exclude certain files in the above line as:
Get-ChildItem c:\temp\folder -Recurse -include *.txt   -exclude *.ini   -Force | set-acl -AclObject $p
0
 
LVL 5

Author Comment

by:VIVEKANANDHAN_PERIASAMY
ID: 39635777
¿>>Create the file text.txt and set the required permissions on that file.<<

i need remove all other groups& user permission except for below groups.How to do it?
BUILTIN\Administrators
domain\group1
domain\group2
domain\group3
0
 
LVL 19

Expert Comment

by:Raheman M. Abdul
ID: 39636017
create a file and add those 4 permissions and then run the above commands
For trial I would suggest
copy one of your folders whose permissions you want to work on and run the command on the copied folder
0
Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

 
LVL 5

Author Comment

by:VIVEKANANDHAN_PERIASAMY
ID: 39636295
I'm getting below error.
PS C:\Users\VIVEKANANDHAN> $p = Get-Acl C:\Temp\access.txt
Get-ChildItem c:\temp -Recurse -Force | set-acl -AclObject $p
set-acl : Some or all identity references could not be translated.
At line:2 char:41
+ Get-ChildItem c:\temp -Recurse -Force | set-acl -AclObject $p
+                                         ~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidOperation: (C:\temp\ST_SPLIT_TMP:String) [Set-Acl], IdentityNotMappedException
    + FullyQualifiedErrorId : System.Security.Principal.IdentityNotMappedException,Microsoft.PowerShell.Commands.SetAclCommand
 
set-acl : Some or all identity references could not be translated.
At line:2 char:41
+ Get-ChildItem c:\temp -Recurse -Force | set-acl -AclObject $p
+                                         ~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidOperation: (C:\temp\correct.ps1:String) [Set-Acl], IdentityNotMappedException
    + FullyQualifiedErrorId : System.Security.Principal.IdentityNotMappedException,Microsoft.PowerShell.Commands.SetAclCommand
 
set-acl : Some or all identity references could not be translated.
At line:2 char:41
+ Get-ChildItem c:\temp -Recurse -Force | set-acl -AclObject $p
+                                         ~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidOperation: (C:\temp\Diskreport.htm:String) [Set-Acl], IdentityNotMappedException
    + FullyQualifiedErrorId : System.Security.Principal.IdentityNotMappedException,Microsoft.PowerShell.Commands.SetAclCommand
 
set-acl : Some or all identity references could not be translated.
At line:2 char:41
+ Get-ChildItem c:\temp -Recurse -Force | set-acl -AclObject $p
+                                         ~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidOperation: (C:\temp\FreeSpace.htm:String) [Set-Acl], IdentityNotMappedException
    + FullyQualifiedErrorId : System.Security.Principal.IdentityNotMappedException,Microsoft.PowerShell.Commands.SetAclCommand
 
set-acl : Some or all identity references could not be translated.
At line:2 char:41
+ Get-ChildItem c:\temp -Recurse -Force | set-acl -AclObject $p
+                                         ~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidOperation: (C:\temp\info.log:String) [Set-Acl], IdentityNotMappedException
    + FullyQualifiedErrorId : System.Security.Principal.IdentityNotMappedException,Microsoft.PowerShell.Commands.SetAclCommand
 
set-acl : Some or all identity references could not be translated.
At line:2 char:41
+ Get-ChildItem c:\temp -Recurse -Force | set-acl -AclObject $p
+                                         ~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidOperation: (C:\temp\pagefile.log:String) [Set-Acl], IdentityNotMappedException
    + FullyQualifiedErrorId : System.Security.Principal.IdentityNotMappedException,Microsoft.PowerShell.Commands.SetAclCommand
 
set-acl : Some or all identity references could not be translated.
At line:2 char:41
+ Get-ChildItem c:\temp -Recurse -Force | set-acl -AclObject $p
+                                         ~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidOperation: (C:\temp\result.txt:String) [Set-Acl], IdentityNotMappedException
    + FullyQualifiedErrorId : System.Security.Principal.IdentityNotMappedException,Microsoft.PowerShell.Commands.SetAclCommand
 
set-acl : Some or all identity references could not be translated.
At line:2 char:41
+ Get-ChildItem c:\temp -Recurse -Force | set-acl -AclObject $p
+                                         ~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidOperation: (C:\temp\server.txt:String) [Set-Acl], IdentityNotMappedException
    + FullyQualifiedErrorId : System.Security.Principal.IdentityNotMappedException,Microsoft.PowerShell.Commands.SetAclCommand
 
set-acl : Some or all identity references could not be translated.
At line:2 char:41
+ Get-ChildItem c:\temp -Recurse -Force | set-acl -AclObject $p
+                                         ~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidOperation: (C:\temp\SystemMonitor.ps1:String) [Set-Acl], IdentityNotMappedException
    + FullyQualifiedErrorId : System.Security.Principal.IdentityNotMappedException,Microsoft.PowerShell.Commands.SetAclCommand
 
set-acl : Some or all identity references could not be translated.
At line:2 char:41
+ Get-ChildItem c:\temp -Recurse -Force | set-acl -AclObject $p
+                                         ~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidOperation: (C:\temp\SystemMonitorConfiguration.ps1:String) [Set-Acl], IdentityNotMappedException
    + FullyQualifiedErrorId : System.Security.Principal.IdentityNotMappedException,Microsoft.PowerShell.Commands.SetAclCommand
 
set-acl : Some or all identity references could not be translated.
At line:2 char:41
+ Get-ChildItem c:\temp -Recurse -Force | set-acl -AclObject $p
+                                         ~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidOperation: (C:\temp\t.txt:String) [Set-Acl], IdentityNotMappedException
    + FullyQualifiedErrorId : System.Security.Principal.IdentityNotMappedException,Microsoft.PowerSh
0
 
LVL 41

Expert Comment

by:footech
ID: 39636659
I would just use icacls (assuming Vista+, cacls for WinXP) for this.  If you know of specific users that you need to remove you can use the remove switch, otherwise you'd probably want to reset the perms to the defaults that are inherited, and then add the specific allow permissions and set inheritance as desired.
0
 
LVL 5

Author Comment

by:VIVEKANANDHAN_PERIASAMY
ID: 39636688
Hello Footech,

It's win 2003 server.  There are multiple users having access to different folder where they shouldn't be. From the root folder there approx 75000 sub folders having different users permission for each of them.

I know set groups which must alone have access to these folders. Some how it has been a security breach in the production.Now i want to clean them of.

How to do it?
0
 
LVL 5

Assisted Solution

by:VIVEKANANDHAN_PERIASAMY
VIVEKANANDHAN_PERIASAMY earned 0 total points
ID: 39637315
Modify the script and its' working now.
$acl= get-acl F:\correct # correct folder permission.
$files= get-childItem  F:\new -recursive|set-acl -aclobject $acl
0
 
LVL 5

Author Comment

by:VIVEKANANDHAN_PERIASAMY
ID: 39643242
I've requested that this question be closed as follows:

Accepted answer: 0 points for VIVEKANANDHAN_PERIASAMY's comment #a39637315
Assisted answer: 500 points for marahman3001's comment #a39635727

for the following reason:

I have modify the script to get the correct permission.
0
 
LVL 19

Expert Comment

by:Raheman M. Abdul
ID: 39643241
Vivek, You can select your comment as a solution and my comment as assisted solution to Close the question by Accepting answer.

Thanks Vivek
0
 
LVL 19

Expert Comment

by:Raheman M. Abdul
ID: 39643243
Vivek, You can select your comment as a solution and my comment as assisted solution to Close the question by Accepting answer.

Thanks Vivek
0
 
LVL 5

Author Closing Comment

by:VIVEKANANDHAN_PERIASAMY
ID: 39654353
I have tunning the experts answer which helped my needs.
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A recent project that involved parsing Tableau Desktop and Server log files to extract reusable user queries for use in other systems. I chose to use PowerShell to gather the data, and SharePoint to present it...
In the absence of a fully-fledged GPO Management product like AGPM, the script in this article will provide you with a simple way to watch the domain (or a select OU) for GPOs changes and automatically take backups when policies are added, removed o…
Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an antispam), the admini…

688 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question