We use cookies to improve your experience.
By your continued use of this site you accept such use.
For more details please see our privacy policy and cookies policy.

Script repository

Revoke permissions for user home folder

September 29, 2021 Views: 956

The script updates permissions for the target user home folder to keep only full access for the user themselves and inherited permissions. To execute the script, create a custom command, business rule or scheduled task configured for the User object type.

Edit Remove
PowerShell
try
{
    $folderPath = $Context.TargetObject.Get("homeDirectory")
}
catch
{
    return
}

# Get ACL object
$aclObject = Get-Acl -Path $folderPath

# Get rules
$rules = $aclObject.GetAccessRules($true, $false, [System.Security.Principal.SecurityIdentifier])

# Get user SID
$userSidBinary = $Context.TargetObject.Get("objectSid")
$userSid = New-Object System.Security.Principal.SecurityIdentifier($userSidBinary, 0)

# Check rules
$addRuleForUser = $True
foreach ($rule in $rules)
{
    if ($rule.IdentityReference -ne $userSid)
    {
        $aclObject.RemoveAccessRule($rule)
        continue
    }
    
    if ($rule.FileSystemRights.HasFlag([System.Security.AccessControl.FileSystemRights]::FullControl))
    {
        $addRuleForUser = $False
        continue
    }
}

if ($addRuleForUser)
{
    $rule = New-Object System.Security.AccessControl.FileSystemAccessRule($userSid, [System.Security.AccessControl.FileSystemRights]::FullControl, "ContainerInherit,ObjectInherit", "None", "Allow")
    $aclObject.AddAccessRule($rule)
}

try
{
    Set-Acl -Path $folderPath -AclObject $aclObject -ErrorAction Stop
}
catch
{
    $Context.LogMessage("An error occurred while updating folder permissions. Error: " + $_.Exception.Message, "Error")
}
Comments 0
Leave a comment
Loading...

Got questions?

Support Questions & Answers