Solved

Need sample powershell script to revoke the access -Urgent

Posted on 2013-11-09
11
819 Views
Last Modified: 2013-11-17
I would like to have a script which will revoke all folder permission except for few users.
And it should repeat the same for all child folder  and files.

Appreciate your help!!!
0
Comment
  • 6
  • 4
11 Comments
 
LVL 19

Accepted Solution

by:
Raheman M. Abdul earned 500 total points
ID: 39635727
Create the file text.txt and set the required permissions on that file.
then run the following command which will set the folders and files in c:\temp\foldername location.

$p = Get-Acl C:\Temp\text.txt
Get-ChildItem c:\temp\folder -Recurse -Force | set-acl -AclObject $p


you can include or exclude certain files in the above line as:
Get-ChildItem c:\temp\folder -Recurse -include *.txt   -exclude *.ini   -Force | set-acl -AclObject $p
0
 
LVL 5

Author Comment

by:VIVEKANANDHAN_PERIASAMY
ID: 39635777
¿>>Create the file text.txt and set the required permissions on that file.<<

i need remove all other groups& user permission except for below groups.How to do it?
BUILTIN\Administrators
domain\group1
domain\group2
domain\group3
0
 
LVL 19

Expert Comment

by:Raheman M. Abdul
ID: 39636017
create a file and add those 4 permissions and then run the above commands
For trial I would suggest
copy one of your folders whose permissions you want to work on and run the command on the copied folder
0
Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

 
LVL 5

Author Comment

by:VIVEKANANDHAN_PERIASAMY
ID: 39636295
I'm getting below error.
PS C:\Users\VIVEKANANDHAN> $p = Get-Acl C:\Temp\access.txt
Get-ChildItem c:\temp -Recurse -Force | set-acl -AclObject $p
set-acl : Some or all identity references could not be translated.
At line:2 char:41
+ Get-ChildItem c:\temp -Recurse -Force | set-acl -AclObject $p
+                                         ~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidOperation: (C:\temp\ST_SPLIT_TMP:String) [Set-Acl], IdentityNotMappedException
    + FullyQualifiedErrorId : System.Security.Principal.IdentityNotMappedException,Microsoft.PowerShell.Commands.SetAclCommand
 
set-acl : Some or all identity references could not be translated.
At line:2 char:41
+ Get-ChildItem c:\temp -Recurse -Force | set-acl -AclObject $p
+                                         ~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidOperation: (C:\temp\correct.ps1:String) [Set-Acl], IdentityNotMappedException
    + FullyQualifiedErrorId : System.Security.Principal.IdentityNotMappedException,Microsoft.PowerShell.Commands.SetAclCommand
 
set-acl : Some or all identity references could not be translated.
At line:2 char:41
+ Get-ChildItem c:\temp -Recurse -Force | set-acl -AclObject $p
+                                         ~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidOperation: (C:\temp\Diskreport.htm:String) [Set-Acl], IdentityNotMappedException
    + FullyQualifiedErrorId : System.Security.Principal.IdentityNotMappedException,Microsoft.PowerShell.Commands.SetAclCommand
 
set-acl : Some or all identity references could not be translated.
At line:2 char:41
+ Get-ChildItem c:\temp -Recurse -Force | set-acl -AclObject $p
+                                         ~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidOperation: (C:\temp\FreeSpace.htm:String) [Set-Acl], IdentityNotMappedException
    + FullyQualifiedErrorId : System.Security.Principal.IdentityNotMappedException,Microsoft.PowerShell.Commands.SetAclCommand
 
set-acl : Some or all identity references could not be translated.
At line:2 char:41
+ Get-ChildItem c:\temp -Recurse -Force | set-acl -AclObject $p
+                                         ~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidOperation: (C:\temp\info.log:String) [Set-Acl], IdentityNotMappedException
    + FullyQualifiedErrorId : System.Security.Principal.IdentityNotMappedException,Microsoft.PowerShell.Commands.SetAclCommand
 
set-acl : Some or all identity references could not be translated.
At line:2 char:41
+ Get-ChildItem c:\temp -Recurse -Force | set-acl -AclObject $p
+                                         ~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidOperation: (C:\temp\pagefile.log:String) [Set-Acl], IdentityNotMappedException
    + FullyQualifiedErrorId : System.Security.Principal.IdentityNotMappedException,Microsoft.PowerShell.Commands.SetAclCommand
 
set-acl : Some or all identity references could not be translated.
At line:2 char:41
+ Get-ChildItem c:\temp -Recurse -Force | set-acl -AclObject $p
+                                         ~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidOperation: (C:\temp\result.txt:String) [Set-Acl], IdentityNotMappedException
    + FullyQualifiedErrorId : System.Security.Principal.IdentityNotMappedException,Microsoft.PowerShell.Commands.SetAclCommand
 
set-acl : Some or all identity references could not be translated.
At line:2 char:41
+ Get-ChildItem c:\temp -Recurse -Force | set-acl -AclObject $p
+                                         ~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidOperation: (C:\temp\server.txt:String) [Set-Acl], IdentityNotMappedException
    + FullyQualifiedErrorId : System.Security.Principal.IdentityNotMappedException,Microsoft.PowerShell.Commands.SetAclCommand
 
set-acl : Some or all identity references could not be translated.
At line:2 char:41
+ Get-ChildItem c:\temp -Recurse -Force | set-acl -AclObject $p
+                                         ~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidOperation: (C:\temp\SystemMonitor.ps1:String) [Set-Acl], IdentityNotMappedException
    + FullyQualifiedErrorId : System.Security.Principal.IdentityNotMappedException,Microsoft.PowerShell.Commands.SetAclCommand
 
set-acl : Some or all identity references could not be translated.
At line:2 char:41
+ Get-ChildItem c:\temp -Recurse -Force | set-acl -AclObject $p
+                                         ~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidOperation: (C:\temp\SystemMonitorConfiguration.ps1:String) [Set-Acl], IdentityNotMappedException
    + FullyQualifiedErrorId : System.Security.Principal.IdentityNotMappedException,Microsoft.PowerShell.Commands.SetAclCommand
 
set-acl : Some or all identity references could not be translated.
At line:2 char:41
+ Get-ChildItem c:\temp -Recurse -Force | set-acl -AclObject $p
+                                         ~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidOperation: (C:\temp\t.txt:String) [Set-Acl], IdentityNotMappedException
    + FullyQualifiedErrorId : System.Security.Principal.IdentityNotMappedException,Microsoft.PowerSh
0
 
LVL 40

Expert Comment

by:footech
ID: 39636659
I would just use icacls (assuming Vista+, cacls for WinXP) for this.  If you know of specific users that you need to remove you can use the remove switch, otherwise you'd probably want to reset the perms to the defaults that are inherited, and then add the specific allow permissions and set inheritance as desired.
0
 
LVL 5

Author Comment

by:VIVEKANANDHAN_PERIASAMY
ID: 39636688
Hello Footech,

It's win 2003 server.  There are multiple users having access to different folder where they shouldn't be. From the root folder there approx 75000 sub folders having different users permission for each of them.

I know set groups which must alone have access to these folders. Some how it has been a security breach in the production.Now i want to clean them of.

How to do it?
0
 
LVL 5

Assisted Solution

by:VIVEKANANDHAN_PERIASAMY
VIVEKANANDHAN_PERIASAMY earned 0 total points
ID: 39637315
Modify the script and its' working now.
$acl= get-acl F:\correct # correct folder permission.
$files= get-childItem  F:\new -recursive|set-acl -aclobject $acl
0
 
LVL 5

Author Comment

by:VIVEKANANDHAN_PERIASAMY
ID: 39643242
I've requested that this question be closed as follows:

Accepted answer: 0 points for VIVEKANANDHAN_PERIASAMY's comment #a39637315
Assisted answer: 500 points for marahman3001's comment #a39635727

for the following reason:

I have modify the script to get the correct permission.
0
 
LVL 19

Expert Comment

by:Raheman M. Abdul
ID: 39643241
Vivek, You can select your comment as a solution and my comment as assisted solution to Close the question by Accepting answer.

Thanks Vivek
0
 
LVL 19

Expert Comment

by:Raheman M. Abdul
ID: 39643243
Vivek, You can select your comment as a solution and my comment as assisted solution to Close the question by Accepting answer.

Thanks Vivek
0
 
LVL 5

Author Closing Comment

by:VIVEKANANDHAN_PERIASAMY
ID: 39654353
I have tunning the experts answer which helped my needs.
0

Featured Post

Networking for the Cloud Era

Join Microsoft and Riverbed for a discussion and demonstration of enhancements to SteelConnect:
-One-click orchestration and cloud connectivity in Azure environments
-Tight integration of SD-WAN and WAN optimization capabilities
-Scalability and resiliency equal to a data center

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A brief introduction to what I consider to be the best editor for PowerShell.
A project that enables an administrator to perform actions within a user session context not just at the time of login but any time later on day(s) or week(s) later.
Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
In a recent question (https://www.experts-exchange.com/questions/29004105/Run-AutoHotkey-script-directly-from-Notepad.html) here at Experts Exchange, a member asked how to run an AutoHotkey script (.AHK) directly from Notepad++ (aka NPP). This video…

828 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question