azcomputerguru/claudetools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
0a264ee3fabfdfded7e2bb64dc86ece16c31d99e
claudetools/.claude/temp/frd-remove-authedusers2.ps1
Howard Enos bc984d9c78 sync: auto-sync from HOWARD-HOME at 2026-05-20 17:08:25 
Author: Howard Enos
Machine: HOWARD-HOME
Timestamp: 2026-05-20 17:08:25
2026-05-20 17:08:29 -07:00

31 lines
1.2 KiB
PowerShell
Raw Blame History

$domain = 'cascades.local'
$gpoName = 'CSC - Folder Redirection'
$gpoGuid = '{512B43A4-F049-4CE5-BFAC-860AD13E92BE}'
# Remove Authenticated Users directly from the GPO AD object ACL
$gpoADPath = "AD:CN=$gpoGuid,CN=Policies,CN=System,DC=$($domain.Replace('.',',DC='))"
try {
$acl = Get-Acl $gpoADPath -EA Stop
$au = [System.Security.Principal.NTAccount]'NT AUTHORITY\Authenticated Users'
$removed = 0
$acl.Access | Where-Object { $_.IdentityReference.Value -like '*Authenticated Users*' } | ForEach-Object {
$acl.RemoveAccessRule($_) | Out-Null
$removed++
}
if ($removed -gt 0) {
Set-Acl -Path $gpoADPath -AclObject $acl -EA Stop
Write-Output "[OK] Removed $removed ACE(s) for Authenticated Users from GPO AD object"
} else {
Write-Output "[INFO] Authenticated Users not found in ACL"
}
} catch {
Write-Output "[ERROR] ACL approach: $($_.Exception.Message)"
}
# Verify via Get-GPPermission
Write-Output ""
Write-Output "=== GPO Security Filter (final) ==="
Get-GPPermission -Name $gpoName -Domain $domain -All | ForEach-Object {
Write-Output " $($_.Trustee.Name) [$($_.Trustee.TrusteeType)] — $($_.Permission)"
}
Reference in New Issue View Git Blame Copy Permalink