Hello everyone,

I need to delete all user and group permissions from a folder. Unfortunately Powershell doesn't want to accept my wildcard * to delete everyone. Is there a way to delete everyone's permission from that folder?

What I have now:

$homedir="ipsum\ipsum2\martijn"

#Delete Inheritance (WORKS)
$acl = get-acl $homedir
$isProtected = $true 
$preserveInheritance = $true 
$acl.SetAccessRuleProtection($isProtected, $preserveInheritance) 
Set-Acl -Path $homedir -AclObject $acl 

#Delete the permissions (DOESN'T WORK)
$acl = get-acl $homedir
$account = new-object system.security.principal.ntaccount("*")
$acl.purgeaccessrules($account)
set-acl -aclobject $acl -path $homedir

As you can see I already deleted the Inheritance but still need to delete ALL of the permissions on the folder. This line gives an error:

$account = new-object system.security.principal.ntaccount("*")

Because it doesn't know what I mean with the wildcard *. So does anyone know how I can do this with only Powershell 2.0 and nothing else?

#Delete Inheritance and Delete all permissions

$homedir = "ipsum\ipsum2\martijn
$acl = get-acl $homedir
$isProtected = $true 
$preserveInheritance = $false
$acl.SetAccessRuleProtection($isProtected, $preserveInheritance) 
Set-Acl -Path $homedir -AclObject $acl 

Thank you Kazun for the really fast reply!

This works when all of the folders have inheritance, but this is not the case on my side.

I need to do this to make homedirs for users. I want to delete all of the permissions and then add that user to his/her homedir.

Thank you Kazun for the really fast reply!

This works when all of the folders have inheritance, but this is not the case on my side.

I need to do this to make homedirs for users. I want to delete all of the permissions and then add that user to his/her homedir.

$acl.Access | % {$acl.purgeaccessrules($_.IdentityReference)}

PS.  Inheritance flag uncheck.

It worked! Thank you very very much!

I have one extra question and really hoped u can help me with this as you just did with that delete question.

As I said I wanted to delete all of them and add an account to that file but because everyone has been deleted it doesn't have any permission to add permissions to it. I tried this with your help and although this may seem very stupid I hoped it worked which it doesn't.

# Remove and add permissions
$homedir="ipsum\ipsum2\martijn"

$acl.Access | % {$acl.purgeaccessrules($_.IdentityReference)}

$account="oxl\martijn"
$rights=[System.Security.AccessControl.FileSystemRights]::FullControl
$inheritance=[System.Security.AccessControl.InheritanceFlags]"ContainerInherit,ObjectInherit"
$propagation=[System.Security.AccessControl.PropagationFlags]::None
$allowdeny=[System.Security.AccessControl.AccessControlType]::Allow

$dirACE=New-Object System.Security.AccessControl.FileSystemAccessRule ($account,$rights,$inheritance,$propagation,$allowdeny)
$dirACL=Get-Acl $homedir
$dirACL.AddAccessRule($dirACE)
Set-Acl -aclobject $homedir $dirACL
Write-Host $homedir Permissions added

This is the error:

Set-Acl : Cannot bind parameter 'AclObject'. Cannot convert the "ipsum\ipsum2\martijn" value of type "System.String" to type "System.Security.AccessControl.ObjectSecurity"
.

$homedir = "ipsum\ipsum2\martijn"
$acl = Get-Acl $homedir
$acl.Access | % {$acl.purgeaccessrules($_.IdentityReference)}

$account="oxl\martijn"

$rights=[System.Security.AccessControl.FileSystemRights]::FullControl
$inheritance=[System.Security.AccessControl.InheritanceFlags]"ContainerInherit,ObjectInherit"
$propagation=[System.Security.AccessControl.PropagationFlags]::None
$allowdeny=[System.Security.AccessControl.AccessControlType]::Allow

$dirACE=New-Object System.Security.AccessControl.FileSystemAccessRule ($account,$rights,$inheritance,$propagation,$allowdeny)
$ACL.AddAccessRule($dirACE)

Set-Acl -aclobject $ACL -Path $homedir
Write-Host $homedir Permissions added

It doesn't give an error now, but it only adds the account martijn and doesn't delete the other accounts.

Code:

# Remove and add permissions
$homedir="ipsum\ipsum2\martijn"

$acl.Access | % {$acl.purgeaccessrules($_.IdentityReference)}

$account="oxl\martijn"
$rights=[System.Security.AccessControl.FileSystemRights]::FullControl
$inheritance=[System.Security.AccessControl.InheritanceFlags]"ContainerInherit,ObjectInherit"
$propagation=[System.Security.AccessControl.PropagationFlags]::None
$allowdeny=[System.Security.AccessControl.AccessControlType]::Allow

$dirACE=New-Object System.Security.AccessControl.FileSystemAccessRule ($account,$rights,$inheritance,$propagation,$allowdeny)
$dirACL=Get-Acl $homedir
$dirACL.AddAccessRule($dirACE)
Set-Acl -aclobject $dirACL -Path $homedir
Write-Host $homedir Permissions added

$homedir = "ipsum\ipsum2\martijn"
$acl = Get-Acl $homedir
if ($acl.AreAccessRulesProtected) { $acl.Access | % {$acl.purgeaccessrules($_.IdentityReference)} }
else {
		$isProtected = $true 
		$preserveInheritance = $false
		$acl.SetAccessRuleProtection($isProtected, $preserveInheritance) 
	 }

$account="oxl\martijn"
$rights=[System.Security.AccessControl.FileSystemRights]::FullControl
$inheritance=[System.Security.AccessControl.InheritanceFlags]"ContainerInherit,ObjectInherit"
$propagation=[System.Security.AccessControl.PropagationFlags]::None
$allowdeny=[System.Security.AccessControl.AccessControlType]::Allow

$dirACE=New-Object System.Security.AccessControl.FileSystemAccessRule ($account,$rights,$inheritance,$propagation,$allowdeny)
$ACL.AddAccessRule($dirACE)

Set-Acl -aclobject $ACL -Path $homedir
Write-Host $homedir Permissions added

IT WORKED!

I found out that $CL needed to be $ACL which you have edited. Thank you so much! You really made my day. Great to see a forum like this with a lot of active and very helpful people that are willing to help beginners like me.

Again, thank you!

Just want you to know...2yrs later....this helped me solve a somewhat similar problem. Thanks much! It was the final piece to my somewhat difficult (for me, at least) puzzle! :)

Regards.
Shane (@coolsport00)