Disable permissions inheritance and remove access rights from folders using PowerShell

Spread the words

This week I moved all the data from a Windows file server to a Netapp CIFS share for a client. During the migration I used Robocopy to copy the whole data and the NTFS rights to Netapp. There are multiple folders with wrongly inherited permissions. So I decided to use PowerShell to clean up this mess.

The following script will disable inheritance

And remove some inherited permissions.

Here comes the script:

I used the NTFSSecurity module for the Get-NTFSAccess and Remove-NTFSAccess cmdlet. You can find it here https://gallery.technet.microsoft.com/scriptcenter/1abd77a5-9c0b-4a2b-acef-90dbb2b84e85


#Groups to delete

$localGroup = “Builtin\Users”

$domainGroup = “Domain\Domain Users”

#Root folder

$folderRoot = ‘Z:\Users\’

#Get sub folders in root folder

$folderlist = Get-childitem -path $folderRoot

ForEach ($folder in $folderlist)


$folderpath = “$folderroot” + $folder.name.tostring() + “\”


#Disable the inheritence

$acl = Get-ACL -Path $folderpath

$acl.SetAccessRuleProtection($True, $True)

Set-Acl -Path $folderpath -AclObject $acl

#Delete ACLs

Get-NTFSAccess -Path $folderpath -Account $localgroup | Remove-NTFSAccess

Get-NTFSAccess -Path $folderpath -Account $domainGroup | Remove-NTFSAccess


After running this script, ACLs on the folders are clean.


Leave a comment

Your email address will not be published.