This week I moved all the data from a Windows file server to a Netapp CIFS share for a client. During the migration I used Robocopy to copy the whole data and the NTFS rights to Netapp. There are multiple folders with wrongly inherited permissions. So I decided to use PowerShell to clean up this mess.
The following script will disable inheritance
And remove some inherited permissions.
Here comes the script:
I used the NTFSSecurity module for the Get-NTFSAccess and Remove-NTFSAccess cmdlet. You can find it here https://gallery.technet.microsoft.com/scriptcenter/1abd77a5-9c0b-4a2b-acef-90dbb2b84e85
#Groups to delete
$localGroup = “Builtin\Users”
$domainGroup = “Domain\Domain Users”
$folderRoot = ‘Z:\Users\’
#Get sub folders in root folder
$folderlist = Get-childitem -path $folderRoot
ForEach ($folder in $folderlist)
$folderpath = “$folderroot” + $folder.name.tostring() + “\”
#Disable the inheritence
$acl = Get-ACL -Path $folderpath
Set-Acl -Path $folderpath -AclObject $acl
Get-NTFSAccess -Path $folderpath -Account $localgroup | Remove-NTFSAccess
Get-NTFSAccess -Path $folderpath -Account $domainGroup | Remove-NTFSAccess
After running this script, ACLs on the folders are clean.