Removing special permissions

Ask your PowerShell-related questions, including questions on cmdlet development!
Forum rules
Do not post any licensing information in this forum.

Any code longer than three lines should be added as code using the 'Select Code' dropdown menu or attached as a file.
This topic is 9 years and 4 months old and has exceeded the time allowed for comments. Please begin a new topic or use the search feature to find a similar but newer topic.
Locked
User avatar
superfly12
Posts: 133
Last visit: Sun Nov 02, 2014 4:37 pm

Removing special permissions

Post by superfly12 »

Hi,

I am trying to remove special permissions of a folder
I found a technet article that helps me understand the concept but couldn't get it to work for special permissions.
I am trying to remove create files special permissions for c:\temp

$colRights = [System.Security.AccessControl.FileSystemRights]"CreateFiles"

$InheritanceFlag = [System.Security.AccessControl.InheritanceFlags]::None
$PropagationFlag = [System.Security.AccessControl.PropagationFlags]::None

$objType =[System.Security.AccessControl.AccessControlType]::Allow

$objUser = New-Object System.Security.Principal.NTAccount("BUILTIN\Users")

$objACE = New-Object System.Security.AccessControl.FileSystemAccessRule `
($objUser, $colRights, $InheritanceFlag, $PropagationFlag, $objType)

$objACL = Get-ACL "c:\temp"
$objACL.RemoveAccessRule($objACE)

Set-ACL "C:\temp" $objACL
jvierra
Posts: 15439
Last visit: Tue Nov 21, 2023 6:37 pm
Answers: 30
Has voted: 4 times
Been upvoted: 33 times

Re: Removing special permissions

Post by jvierra »

To edit special permissions remove all permissions and add the specific permissions you need. DO not use aggregate settings like "Modify" or "Full Control"
User avatar
superfly12
Posts: 133
Last visit: Sun Nov 02, 2014 4:37 pm

Re: Removing special permissions

Post by superfly12 »

That's what we thought as well in the beginning but considering the complexity of existing permissions we are looking for only to remove special permissions.
Thanks
jvierra
Posts: 15439
Last visit: Tue Nov 21, 2023 6:37 pm
Answers: 30
Has voted: 4 times
Been upvoted: 33 times

Re: Removing special permissions

Post by jvierra »

In reality there is no such thing as "Special permissions" That is what is displayed in the UI. There are only permissions. You can retrieve the permissions mask or BIT field and adjust and reapply. You cannot alter a mask in any other way.
jvierra
Posts: 15439
Last visit: Tue Nov 21, 2023 6:37 pm
Answers: 30
Has voted: 4 times
Been upvoted: 33 times

Re: Removing special permissions

Post by jvierra »

I went back and looked at your original post. I cannot figure out how to explain that there is not way to "revoke" a simple permission in the way you are trying to do it. In ICACLS you can do similar things but ACEs cannot be managed in that way.
jvierra
Posts: 15439
Last visit: Tue Nov 21, 2023 6:37 pm
Answers: 30
Has voted: 4 times
Been upvoted: 33 times

Re: Removing special permissions

Post by jvierra »

mjolinor's solution is a good suggestion.
User avatar
superfly12
Posts: 133
Last visit: Sun Nov 02, 2014 4:37 pm

Re: Removing special permissions

Post by superfly12 »

Yeah that correct, its only shown in UI as special permissions.

I tried with icacls like : icacls c:\temp /remove:g *S-1-5-32-545 (WD,AD) /T /C

didn't help
This topic is 9 years and 4 months old and has exceeded the time allowed for comments. Please begin a new topic or use the search feature to find a similar but newer topic.
Locked