I am writing a script which would delete a specific user if the account is older than 7 days.
But when the user is deleted the NTFS permissions on my file server remain.
How can I delete all the permission for a specific user with PowerShell?
Remove NTFS permissions of a user in all subdirectories
13.5k Views Asked by Stan Vanhoorn At
1
There are 1 best solutions below
Related Questions in POWERSHELL
- How to ignore warning errors?
- Data execution plan ended with error on DB restore
- Powershell Split a file name
- PowerShell EWS Save as for e-mails
- Run SQL Server Update Statement With Powershell
- using a global variable in multiple functions powershell
- Heisenberg was here: Aliases for PowerShell parameters only appear in cmdlet help when you do NOT document the cmdlet
- PowerShell Script to add newuser
- Why is PowerShell "not recognized" when installing Chocolatey?
- Enumerate a PSCustomObject as key/value pairs
- Unable to start program outside Windows folder
- Ask for creds only if some specified
- PowerShell 3 Parameters
- i can't ping a computer but remoting into it works (powershell enter-pssession)
- Feeding Variables in new-aduser -path option in powershell
Related Questions in ACTIVE-DIRECTORY
- PowerShell Script to add newuser
- Active directory and linux nslcd binding without extending the AD schema
- Retrieve user information from Active Directory on login
- Feeding Variables in new-aduser -path option in powershell
- Log in through active directory
- Swapping attributes in AD
- How to get LastLogon from ALL Domain Controllers
- Getting LastLogon and LastLogonTimeStamp from ALL Domain Controllers into 1 output CSV
- Spring LDAP Context.REFERRAL to follow
- Avoiding Active Directory Uniqueness Constraint Violation During Rename
- samba retrieving users with arbitrary attributes
- WinApi and work with several domains
- Tomcat LDAP User Auth
- how to add multiple Owner in ADLDS groups
- Zend Framework Active Directory authentication
Related Questions in NTFS
- mount: unknown filesystem type '0'
- What happens at a low level when I call fseek()?
- Compiling NTFS-3G for OS X
- Set file compression attribute
- Revert "find . -exec rm -rf {} \;" in NTFS
- Remove NTFS permissions of a user in all subdirectories
- Is there any way to know that FileSystemInfo.Refresh failed?
- How to read metafiles of NTFS file system using C
- how to interpret FILENAME attribute of NTFS MFT?
- Handle USN journal size full case
- Powershell not capturing exception in try/catch?
- Subversion (svn) repository on NTFS partition in Linux?
- Backing up files without having to alter the file's security
- SetFileShortName does not reset short (8.3) name of a file
- How do I best set up a directory of test files in memory instead of disk, in .NET, for testing a file IO class?
Trending Questions
- UIImageView Frame Doesn't Reflect Constraints
- Is it possible to use adb commands to click on a view by finding its ID?
- How to create a new web character symbol recognizable by html/javascript?
- Why isn't my CSS3 animation smooth in Google Chrome (but very smooth on other browsers)?
- Heap Gives Page Fault
- Connect ffmpeg to Visual Studio 2008
- Both Object- and ValueAnimator jumps when Duration is set above API LvL 24
- How to avoid default initialization of objects in std::vector?
- second argument of the command line arguments in a format other than char** argv or char* argv[]
- How to improve efficiency of algorithm which generates next lexicographic permutation?
- Navigating to the another actvity app getting crash in android
- How to read the particular message format in android and store in sqlite database?
- Resetting inventory status after order is cancelled
- Efficiently compute powers of X in SSE/AVX
- Insert into an external database using ajax and php : POST 500 (Internal Server Error)
Popular Questions
- How do I undo the most recent local commits in Git?
- How can I remove a specific item from an array in JavaScript?
- How do I delete a Git branch locally and remotely?
- Find all files containing a specific text (string) on Linux?
- How do I revert a Git repository to a previous commit?
- How do I create an HTML button that acts like a link?
- How do I check out a remote Git branch?
- How do I force "git pull" to overwrite local files?
- How do I list all files of a directory?
- How to check whether a string contains a substring in JavaScript?
- How do I redirect to another webpage?
- How can I iterate over rows in a Pandas DataFrame?
- How do I convert a String to an int in Java?
- Does Python have a string 'contains' substring method?
- How do I check if a string contains a specific word?
You should never grant permissions to individual users (with the exception of home directories and user profiles). As you can see for yourself it's a mess to clean up. Always create groups representing the particular functions/roles that require access, and grant permissions to those groups.
You can clean up the permissions via
icacls:Note, however, that you MUST do this before deleting the account, because for some reason
icaclscan't clean up SIDs of deleted accounts.If you have already deleted the account you can try to fix permissions with
Get-AclandSet-Acl:Note that you may need to adjust the condition for selecting the ACE to remove from the file or folder's ACL.
Note also, that the above will fail for files/folders where the owner isn't either the user running the code or one of his groups. In a situation like that you can use tools like
subinaclorSetACLas a last resort, as described in the answers to this question on ServerFault.