Powershell script to set deny delete permissions

Aran Billen 866 Reputation points
2023-10-27T08:11:58.98+00:00

Hello, everyone. I'm looking to remotely configure permissions for the following location: C:\Users(all users)\appdata\Local\Microsoft\Edge\User Data\Default\Extensions. Specifically, I need to establish advanced permissions that deny both deletion and the deletion of subfolders. Can anyone assist with the script that can do this please?

Windows 10
Windows 10
A Microsoft operating system that runs on personal computers and tablets.
11,832 questions
Windows 10 Security
Windows 10 Security
Windows 10: A Microsoft operating system that runs on personal computers and tablets.Security: The precautions taken to guard against crime, attack, sabotage, espionage, or another threat.
2,953 questions
PowerShell
PowerShell
A family of Microsoft task automation and configuration management frameworks consisting of a command-line shell and associated scripting language.
2,676 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Ian Xue 38,546 Reputation points Microsoft Vendor
    2023-11-02T09:29:31.97+00:00

    Hi,

    You can use the Set-Acl cmdlet to change the security descriptor.

    $path = 'C:\Users(all users)\appdata\Local\Microsoft\Edge\User Data\Default\Extensions'
    $acl = Get-Acl -Path $path
    $ace = New-Object -TypeName System.Security.AccessControl.FileSystemAccessRule -ArgumentList "Everyone", "Delete",1,0, "Deny"
    $acl.AddAccessRule($ace)
    $acl | Set-Acl -Path $path
    

    Best Regards,

    Ian Xue


    If the Answer is helpful, please click "Accept Answer" and upvote it.

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.