powershelldirectoryacl

Remove specific user from ACL via Powershell


I want to Remove a specific user from ACL via Powershell. Not just the permission of the user for the folder. I want the user gone from the directory.

The following post discribes my problem perfectly but the solution leads me to an 404 error^^

https://learn.microsoft.com/en-us/archive/msdn-technet-forums/6fbe497e-0ee5-41b5-802b-373466658b48

Does anybody know the solution?

i tried with get-acl and set-acl but these are just setting and removing the permissions not deleting the user itself from the folder.

$acl = Get-Acl -Path "testfolder"

$AccessRule = New-Object System.Security.AccessControl.FileSystemAccessRule("testuser","ReadAndExecute","Allow")

$acl.RemoveAccessRule($AccessRule)

$acl | Set-Acl -Path "testfolder"

if my folder has lets say test1, test2, test3 users with permissions i now want to remove test1 for example. so not the permissions, i want the user gone from the folder.


Solution

  • Change this method call:

    $acl.RemoveAccessRule($AccessRule)
    

    ... to:

    $acl.RemoveAccessRuleAll($AccessRule)
    

    This will remove any rule containing the given user as the identity reference, even if the rest of the ACE details don't match.