Problem
There may be a folder (with broken inheritance) with files / directories where you want to make sure that there is no specific group / item included.
Solution
Here are some PowerShell snippets to solve this.
Populate $folders with all directories in the current directory:
$folders = get-childitem . -directoryTo test with one folder:
$folders = "X:\path\to\folder"PowerShell to list folders with BUILTIN\Users in the ACL (to see which item will be affected):
foreach ($dir in $folders) { $value = get-acl $dir | Select-object -ExpandProperty Access | where { $_.IdentityReference -eq "BUILTIN\Users"} | Select -Expand IdentityReference; if ($value) {echo $dir} }Print ACL of before and “to be” after removal (but not removing anything):
foreach ($item in $folders) { $value = get-acl $item | Select-object -ExpandProperty Access | where { $_.IdentityReference -eq "BUILTIN\Users"} | Select -Expand IdentityReference; if ($value) {echo $item; $ACL = (get-item $item).getAccessControl('Access'); $ACL.SetAccessRuleProtection($true, $true); echo $ACL |Select-object -ExpandProperty Access; $ACL = (get-item $item).getAccessControl('Access'); $ACL.Access | where {$_.IdentityReference -eq "BUILTIN\Users"} |%{$acl.RemoveAccessRule($_)}; echo $ACL |Select-object -ExpandProperty Access } }Set the ACL (disable inheritance (convert current settings to explicit ACL) and remove BUILTIN\Users):
foreach ($item in $folders) { $value = get-acl $item | Select-object -ExpandProperty Access | where { $_.IdentityReference -eq "BUILTIN\Users"} | Select -Expand IdentityReference; if ($value) {echo $item; $ACL = (get-item $item).getAccessControl('Access'); $ACL.SetAccessRuleProtection($true, $true); Set-Acl -Path $item -AclObject $ACL; $ACL = (get-item $item).getAccessControl('Access'); $ACL.Access | where {$_.IdentityReference -eq "BUILTIN\Users"} |%{$acl.RemoveAccessRule($_)}; Set-Acl -Path $item -AclObject $ACL } }How would this be solved in Solaris?
setfacl -d <entry> *How would this be solved in FreeBSD/Linux?
setfacl -x <entry> *
