Powershell script to set deny delete permissions

Aran Billen 761

Hello, everyone. I'm looking to remotely configure permissions for the following location: C:\Users(all users)\appdata\Local\Microsoft\Edge\User Data\Default\Extensions. Specifically, I need to establish advanced permissions that deny both deletion and the deletion of subfolders. Can anyone assist with the script that can do this please?

1 answer

Ian Xue (Shanghai Wicresoft Co., Ltd.) 34,271 Microsoft Vendor

Hi,

You can use the Set-Acl cmdlet to change the security descriptor.

$path = 'C:\Users(all users)\appdata\Local\Microsoft\Edge\User Data\Default\Extensions'
$acl = Get-Acl -Path $path
$ace = New-Object -TypeName System.Security.AccessControl.FileSystemAccessRule -ArgumentList "Everyone", "Delete",1,0, "Deny"
$acl.AddAccessRule($ace)
$acl | Set-Acl -Path $path

Best Regards,

Ian Xue

If the Answer is helpful, please click "Accept Answer" and upvote it.

Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

Aran Billen 761

I need a script that prevents Azure AD users from deleting a folder. The current script I have doesn't achieve this. Can you please provide assistance in making it work for all Azure AD users: current script

# Get a list of all user profiles
$profiles = Get-WmiObject -Class Win32_UserProfile

foreach ($profile in $profiles) {
    # Construct the path to the folder within each user's profile
    $extensionFolderPath = Join-Path $profile.LocalPath "AppData\Local\Microsoft\Edge\User Data\Default\Extensions\dlcaglefdlidioooijnigjhfcndlncfp"
    
    # Check if the folder exists for the current user profile
    if (Test-Path -Path $extensionFolderPath) {
        # Get the current ACL
        $acl = Get-Acl -Path $extensionFolderPath
        
        # Create a rule to deny deletion and deletion of subfolders
        $rule = New-Object System.Security.AccessControl.FileSystemAccessRule("BUILTIN\Users", "Delete, DeleteSubdirectoriesAndFiles", "Deny")
        
        # Add the rule to the ACL
        $acl.AddAccessRule($rule)
        
        # Apply the modified ACL to the folder within the user profile
        Set-Acl -Path $extensionFolderPath -AclObject $acl
    }
}

The script you gave includes Users(all users) which is not a location I put that in my question as I need it to go to all user locations

Share via

Powershell script to set deny delete permissions

1 answer