Removing Invalid SID from folder permissions using PowerShell or icacls

Question

I use the below code and tried with icacls too but didn't work at all, any idea please?

$path = "C:\TMP\Testing"
$acl = Get-Acl -Path $Path
foreach($acc in $acl.access )
{
$value = $acc.IdentityReference.Value
if($value -match "S-1-5-*")
{
$ACL.RemoveAccessRule($acc) | Out-Null
Set-Acl -Path $Path -AclObject $acl -ErrorAction Stop
Write-Host "Removed SID: $value from $Path "
}

Answer 1

Hi @Basil Shaikh ,

maybe this helps to get started:

https://www.alitajran.com/remove-orphaned-sids/
http://www.ruudborst.nl/ps-one-liner-6-remove-orphaned-unresolvable-sids/

----------

(If the reply was helpful please don't forget to upvote and/or accept as answer, thank you)

Regards
Andreas Baumgarten

Answer 2

You might be trying to remove an inherited rule.

$path = "c:\tmp\testing"  
$acl = Get-Acl -Path $Path  
foreach($acc in $acl.access )  
{  
    $value = $acc.IdentityReference.Value  
    #$value  
   
    if($value -match "S-1-5-*")  
    {   
        if ($acc.IsInherited)   
        {  
            "Skipping inherited Access rule: $value"  
        }   
        else    
        {  
            $ACL.RemoveAccessRule($acc) | Out-Null  
            Set-Acl -Path $Path -AclObject $acl -ErrorAction Stop  
            Write-Host "Removed SID: $value from $Path "  
        }  
    }  
}  

You should also be aware that some dead SID's aren't dead. They are Capability SIDs.

https://www.bleepingcomputer.com/news/microsoft/windows-10-could-break-if-capability-sids-are-removed-from-permissions/