Script Repository


Revoke permissions for user home folder

September 29, 2021
62

The script updates permissions for the target user home folder to keep only full access for the user themselves and inherited permissions. To execute the script, create a custom command, business rule or scheduled task configured for the User object type.

Edit Remove
PowerShell
try
{
    $folderPath = $Context.TargetObject.Get("homeDirectory")
}
catch
{
    return
}

# Get ACL object
$aclObject = Get-Acl -Path $folderPath

# Get rules
$rules = $aclObject.GetAccessRules($true, $false, [System.Security.Principal.SecurityIdentifier])

# Get user SID
$userSidBinary = $Context.TargetObject.Get("objectSid")
$userSid = New-Object System.Security.Principal.SecurityIdentifier($userSidBinary, 0)

# Check rules
$addRuleForUser = $True
foreach ($rule in $rules)
{
    if ($rule.IdentityReference -ne $userSid)
    {
        $aclObject.RemoveAccessRule($rule)
        continue
    }
    
    if ($rule.FileSystemRights.HasFlag([System.Security.AccessControl.FileSystemRights]::FullControl))
    {
        $addRuleForUser = $False
        continue
    }
}

if ($addRuleForUser)
{
    $rule = New-Object System.Security.AccessControl.FileSystemAccessRule($userSid, [System.Security.AccessControl.FileSystemRights]::FullControl, "ContainerInherit,ObjectInherit", "None", "Allow")
    $aclObject.AddAccessRule($rule)
}

try
{
    Set-Acl -Path $folderPath -AclObject $aclObject -ErrorAction Stop
}
catch
{
    $Context.LogMessage("An error occurred while updating folder permissions. Error: " + $_.Exception.Message, "Error")
}

Comments ( 0 )
No results found.
Leave a comment