Powershell Remove Unknown User Permission

Below is powershell code to remove unknown user permissions.  These permissions show up as a SID in the file or folder’s ACL.  These are created when a user is deleted but the users permissions remain as a SID in the ACLs.  This code is designed to recursively remove them.

$location = "\\server\share";
#Search recursivly through location defined;
get-childitem -r $location | foreach{
     $tempLocation = $_.FullName;
     #Get ACL for tempLocation;
     $acl = get-acl $tempLocation;
     #Get SID of unknown user from ACL;
     $acl.Access | where{
          $_.IdentityReference -like "*S-1*" -and $_.isinherited -like $false} | foreach{
          #Foreach SID purge the SID from the ACL;
          $acl.purgeaccessrules($_.IdentityReference);
          #Reapply ACL to file or folder with out SID;
          Set-Acl -AclObject $acl -path $tempLocation;
     }
}

Advertisements

6 responses to “Powershell Remove Unknown User Permission

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: