Powershell script to set deny delete permissions

Aran Billen 761 Reputation points
2023-10-27T08:11:58.98+00:00

Hello, everyone. I'm looking to remotely configure permissions for the following location: C:\Users(all users)\appdata\Local\Microsoft\Edge\User Data\Default\Extensions. Specifically, I need to establish advanced permissions that deny both deletion and the deletion of subfolders. Can anyone assist with the script that can do this please?

Windows 10
Windows 10
A Microsoft operating system that runs on personal computers and tablets.
11,196 questions
Windows 10 Security
Windows 10 Security
Windows 10: A Microsoft operating system that runs on personal computers and tablets.Security: The precautions taken to guard against crime, attack, sabotage, espionage, or another threat.
2,841 questions
PowerShell
PowerShell
A family of Microsoft task automation and configuration management frameworks consisting of a command-line shell and associated scripting language.
2,329 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Ian Xue (Shanghai Wicresoft Co., Ltd.) 34,271 Reputation points Microsoft Vendor
    2023-11-02T09:29:31.97+00:00

    Hi,

    You can use the Set-Acl cmdlet to change the security descriptor.

    $path = 'C:\Users(all users)\appdata\Local\Microsoft\Edge\User Data\Default\Extensions'
    $acl = Get-Acl -Path $path
    $ace = New-Object -TypeName System.Security.AccessControl.FileSystemAccessRule -ArgumentList "Everyone", "Delete",1,0, "Deny"
    $acl.AddAccessRule($ace)
    $acl | Set-Acl -Path $path
    

    Best Regards,

    Ian Xue


    If the Answer is helpful, please click "Accept Answer" and upvote it.

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.