How to remove everyone permissions for NTFS and add authenticated users

Question

0.00/5 (No votes)

See more:

Hi All,

I have a script to remove Everyone permissions for NTFS and add Authenticated users, but I am using the SMB share to remove and add but that is not working for the Subfolders, can I do that using the ACL permissions instead of SMB shares.

Code I have used

It would be great if someone can please help me achieve this...

What I have tried:

<pre><pre lang="PowerShell">$Server = "ABC.com"

# Get all shares on the computer
#$Shares = Get-SmbShare
$Shares = Get-WmiObject -ComputerName $Server -Class win32_share -Filter "Description != 'Remote Admin' and Description != 'Default share' and Description != 'Remote IPC' and Description != 'Printer Drivers'" | Select-Object Name -ExpandProperty Name

# Loop through each share, check and remove Everyone permission
foreach ($Share in $Shares) {
  
  ## Creating folderpath variable
$FolderPath =  "\\$Server\$share"

 ## Get Root Folder Permissions
$Folders = @(Get-Item -Path $FolderPath | Select-Object Name,FullName,LastWriteTime,Length)

## Get Folders
$error.clear()
$Folders += Get-ChildItem -Path $FolderPath -Directory |  Select-Object Name,FullName,LastWriteTime,Length -ErrorAction SilentlyContinue
foreach ($err in $Error) {
$err.Exception.Message | Out-File $ExportPath\AccessDenied.txt -Append
}

foreach ($Folder in $Folders){

  ## Get access control list
  $Acls = Get-Acl -Path $Folder.FullName -ErrorAction SilentlyContinue

## Loop through ACL

# Get Access permissions for current share and filter only permissions for group "Everyone"
## Loop through ACL

  foreach ($Acl in $Acls.Access) {

$EveryonePermission =  ($Acl.IdentityReference -like "everyone")
  

  # If the current share has permissions for Everyone, remove said permission
  if ($EveryonePermission) {

  Revoke-SmbShareAccess -name $Share -CimSession $Server -AccountName Everyone -Force
  Grant-SmbShareAccess -name $Share -CimSession $Server -AccountName Authenticated Users -AccessRight Full –Force
    #Get-SMBShare "\\$Server\$share" | Revoke-SMBShareAccess -AccountName "everyone"
    #Get-SMBShare "\\$Server\$share" | Grant-SMBShareAccess -Account "Username" -AccessRight "Full/Change/Read"   


    #Revoke-SmbShareAccess -Name $Share.Name -ScopeName $EveryonePermission.ScopeName -AccountName $EveryonePermission.AccountName -Force
    #Grant-SmbShareAccess $Share.Name -AccountName 'Authenticated Users' -AccessRight Full -Force
            }
        }
    }
}

Posted 29-Nov-21 21:05pm

Member 13967067

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)