Solved

Need sample powershell script to revoke the access -Urgent

Posted on 2013-11-09
11
806 Views
Last Modified: 2013-11-17
I would like to have a script which will revoke all folder permission except for few users.
And it should repeat the same for all child folder  and files.

Appreciate your help!!!
0
Comment
  • 6
  • 4
11 Comments
 
LVL 19

Accepted Solution

by:
Raheman M. Abdul earned 500 total points
ID: 39635727
Create the file text.txt and set the required permissions on that file.
then run the following command which will set the folders and files in c:\temp\foldername location.

$p = Get-Acl C:\Temp\text.txt
Get-ChildItem c:\temp\folder -Recurse -Force | set-acl -AclObject $p


you can include or exclude certain files in the above line as:
Get-ChildItem c:\temp\folder -Recurse -include *.txt   -exclude *.ini   -Force | set-acl -AclObject $p
0
 
LVL 5

Author Comment

by:VIVEKANANDHAN_PERIASAMY
ID: 39635777
¿>>Create the file text.txt and set the required permissions on that file.<<

i need remove all other groups& user permission except for below groups.How to do it?
BUILTIN\Administrators
domain\group1
domain\group2
domain\group3
0
 
LVL 19

Expert Comment

by:Raheman M. Abdul
ID: 39636017
create a file and add those 4 permissions and then run the above commands
For trial I would suggest
copy one of your folders whose permissions you want to work on and run the command on the copied folder
0
Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

 
LVL 5

Author Comment

by:VIVEKANANDHAN_PERIASAMY
ID: 39636295
I'm getting below error.
PS C:\Users\VIVEKANANDHAN> $p = Get-Acl C:\Temp\access.txt
Get-ChildItem c:\temp -Recurse -Force | set-acl -AclObject $p
set-acl : Some or all identity references could not be translated.
At line:2 char:41
+ Get-ChildItem c:\temp -Recurse -Force | set-acl -AclObject $p
+                                         ~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidOperation: (C:\temp\ST_SPLIT_TMP:String) [Set-Acl], IdentityNotMappedException
    + FullyQualifiedErrorId : System.Security.Principal.IdentityNotMappedException,Microsoft.PowerShell.Commands.SetAclCommand
 
set-acl : Some or all identity references could not be translated.
At line:2 char:41
+ Get-ChildItem c:\temp -Recurse -Force | set-acl -AclObject $p
+                                         ~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidOperation: (C:\temp\correct.ps1:String) [Set-Acl], IdentityNotMappedException
    + FullyQualifiedErrorId : System.Security.Principal.IdentityNotMappedException,Microsoft.PowerShell.Commands.SetAclCommand
 
set-acl : Some or all identity references could not be translated.
At line:2 char:41
+ Get-ChildItem c:\temp -Recurse -Force | set-acl -AclObject $p
+                                         ~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidOperation: (C:\temp\Diskreport.htm:String) [Set-Acl], IdentityNotMappedException
    + FullyQualifiedErrorId : System.Security.Principal.IdentityNotMappedException,Microsoft.PowerShell.Commands.SetAclCommand
 
set-acl : Some or all identity references could not be translated.
At line:2 char:41
+ Get-ChildItem c:\temp -Recurse -Force | set-acl -AclObject $p
+                                         ~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidOperation: (C:\temp\FreeSpace.htm:String) [Set-Acl], IdentityNotMappedException
    + FullyQualifiedErrorId : System.Security.Principal.IdentityNotMappedException,Microsoft.PowerShell.Commands.SetAclCommand
 
set-acl : Some or all identity references could not be translated.
At line:2 char:41
+ Get-ChildItem c:\temp -Recurse -Force | set-acl -AclObject $p
+                                         ~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidOperation: (C:\temp\info.log:String) [Set-Acl], IdentityNotMappedException
    + FullyQualifiedErrorId : System.Security.Principal.IdentityNotMappedException,Microsoft.PowerShell.Commands.SetAclCommand
 
set-acl : Some or all identity references could not be translated.
At line:2 char:41
+ Get-ChildItem c:\temp -Recurse -Force | set-acl -AclObject $p
+                                         ~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidOperation: (C:\temp\pagefile.log:String) [Set-Acl], IdentityNotMappedException
    + FullyQualifiedErrorId : System.Security.Principal.IdentityNotMappedException,Microsoft.PowerShell.Commands.SetAclCommand
 
set-acl : Some or all identity references could not be translated.
At line:2 char:41
+ Get-ChildItem c:\temp -Recurse -Force | set-acl -AclObject $p
+                                         ~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidOperation: (C:\temp\result.txt:String) [Set-Acl], IdentityNotMappedException
    + FullyQualifiedErrorId : System.Security.Principal.IdentityNotMappedException,Microsoft.PowerShell.Commands.SetAclCommand
 
set-acl : Some or all identity references could not be translated.
At line:2 char:41
+ Get-ChildItem c:\temp -Recurse -Force | set-acl -AclObject $p
+                                         ~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidOperation: (C:\temp\server.txt:String) [Set-Acl], IdentityNotMappedException
    + FullyQualifiedErrorId : System.Security.Principal.IdentityNotMappedException,Microsoft.PowerShell.Commands.SetAclCommand
 
set-acl : Some or all identity references could not be translated.
At line:2 char:41
+ Get-ChildItem c:\temp -Recurse -Force | set-acl -AclObject $p
+                                         ~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidOperation: (C:\temp\SystemMonitor.ps1:String) [Set-Acl], IdentityNotMappedException
    + FullyQualifiedErrorId : System.Security.Principal.IdentityNotMappedException,Microsoft.PowerShell.Commands.SetAclCommand
 
set-acl : Some or all identity references could not be translated.
At line:2 char:41
+ Get-ChildItem c:\temp -Recurse -Force | set-acl -AclObject $p
+                                         ~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidOperation: (C:\temp\SystemMonitorConfiguration.ps1:String) [Set-Acl], IdentityNotMappedException
    + FullyQualifiedErrorId : System.Security.Principal.IdentityNotMappedException,Microsoft.PowerShell.Commands.SetAclCommand
 
set-acl : Some or all identity references could not be translated.
At line:2 char:41
+ Get-ChildItem c:\temp -Recurse -Force | set-acl -AclObject $p
+                                         ~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidOperation: (C:\temp\t.txt:String) [Set-Acl], IdentityNotMappedException
    + FullyQualifiedErrorId : System.Security.Principal.IdentityNotMappedException,Microsoft.PowerSh
0
 
LVL 39

Expert Comment

by:footech
ID: 39636659
I would just use icacls (assuming Vista+, cacls for WinXP) for this.  If you know of specific users that you need to remove you can use the remove switch, otherwise you'd probably want to reset the perms to the defaults that are inherited, and then add the specific allow permissions and set inheritance as desired.
0
 
LVL 5

Author Comment

by:VIVEKANANDHAN_PERIASAMY
ID: 39636688
Hello Footech,

It's win 2003 server.  There are multiple users having access to different folder where they shouldn't be. From the root folder there approx 75000 sub folders having different users permission for each of them.

I know set groups which must alone have access to these folders. Some how it has been a security breach in the production.Now i want to clean them of.

How to do it?
0
 
LVL 5

Assisted Solution

by:VIVEKANANDHAN_PERIASAMY
VIVEKANANDHAN_PERIASAMY earned 0 total points
ID: 39637315
Modify the script and its' working now.
$acl= get-acl F:\correct # correct folder permission.
$files= get-childItem  F:\new -recursive|set-acl -aclobject $acl
0
 
LVL 5

Author Comment

by:VIVEKANANDHAN_PERIASAMY
ID: 39643242
I've requested that this question be closed as follows:

Accepted answer: 0 points for VIVEKANANDHAN_PERIASAMY's comment #a39637315
Assisted answer: 500 points for marahman3001's comment #a39635727

for the following reason:

I have modify the script to get the correct permission.
0
 
LVL 19

Expert Comment

by:Raheman M. Abdul
ID: 39643241
Vivek, You can select your comment as a solution and my comment as assisted solution to Close the question by Accepting answer.

Thanks Vivek
0
 
LVL 19

Expert Comment

by:Raheman M. Abdul
ID: 39643243
Vivek, You can select your comment as a solution and my comment as assisted solution to Close the question by Accepting answer.

Thanks Vivek
0
 
LVL 5

Author Closing Comment

by:VIVEKANANDHAN_PERIASAMY
ID: 39654353
I have tunning the experts answer which helped my needs.
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Set OWA language and time zone in Exchange for individuals, all users or per database.
Create and license users in Office 365 in bulk based on a CSV file. A step-by-step guide with PowerShell script examples.
Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
Two types of users will appreciate AOMEI Backupper Pro: 1 - Those with PCIe drives (and haven't found cloning software that works on them). 2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…

831 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question