sync: auto-sync from HOWARD-HOME at 2026-05-20 17:08:25
Author: Howard Enos Machine: HOWARD-HOME Timestamp: 2026-05-20 17:08:25
This commit is contained in:
30
.claude/temp/frd-remove-authedusers2.ps1
Normal file
30
.claude/temp/frd-remove-authedusers2.ps1
Normal file
@@ -0,0 +1,30 @@
|
||||
$domain = 'cascades.local'
|
||||
$gpoName = 'CSC - Folder Redirection'
|
||||
$gpoGuid = '{512B43A4-F049-4CE5-BFAC-860AD13E92BE}'
|
||||
|
||||
# Remove Authenticated Users directly from the GPO AD object ACL
|
||||
$gpoADPath = "AD:CN=$gpoGuid,CN=Policies,CN=System,DC=$($domain.Replace('.',',DC='))"
|
||||
try {
|
||||
$acl = Get-Acl $gpoADPath -EA Stop
|
||||
$au = [System.Security.Principal.NTAccount]'NT AUTHORITY\Authenticated Users'
|
||||
$removed = 0
|
||||
$acl.Access | Where-Object { $_.IdentityReference.Value -like '*Authenticated Users*' } | ForEach-Object {
|
||||
$acl.RemoveAccessRule($_) | Out-Null
|
||||
$removed++
|
||||
}
|
||||
if ($removed -gt 0) {
|
||||
Set-Acl -Path $gpoADPath -AclObject $acl -EA Stop
|
||||
Write-Output "[OK] Removed $removed ACE(s) for Authenticated Users from GPO AD object"
|
||||
} else {
|
||||
Write-Output "[INFO] Authenticated Users not found in ACL"
|
||||
}
|
||||
} catch {
|
||||
Write-Output "[ERROR] ACL approach: $($_.Exception.Message)"
|
||||
}
|
||||
|
||||
# Verify via Get-GPPermission
|
||||
Write-Output ""
|
||||
Write-Output "=== GPO Security Filter (final) ==="
|
||||
Get-GPPermission -Name $gpoName -Domain $domain -All | ForEach-Object {
|
||||
Write-Output " $($_.Trustee.Name) [$($_.Trustee.TrusteeType)] — $($_.Permission)"
|
||||
}
|
||||
Reference in New Issue
Block a user