azcomputerguru/claudetools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
d0b98f769ea97f103e85d48e3fa3fa42e45f577d
claudetools/.claude/temp/fix-homes-ntfs2.ps1
Howard Enos 3a09746468 sync: auto-sync from HOWARD-HOME at 2026-05-20 22:41:35 
Author: Howard Enos
Machine: HOWARD-HOME
Timestamp: 2026-05-20 22:41:35
2026-05-20 22:41:38 -07:00

65 lines
2.4 KiB
PowerShell
Raw Blame History

$homesPath = 'D:\Homes'
$allow = [System.Security.AccessControl.AccessControlType]::Allow
Write-Output "=== Fixing homes root ACL ==="
$acl = Get-Acl $homesPath
# Remove all BUILTIN\Users entries (these inherit down to subfolders — that's the bug)
$removed = 0
$acl.Access | Where-Object { $_.IdentityReference.Value -eq 'BUILTIN\Users' } | ForEach-Object {
$acl.RemoveAccessRule($_) | Out-Null
$removed++
}
Write-Output "Removed $removed BUILTIN\Users rule(s) from root"
# Add back minimum: Authenticated Users, This Folder Only — list + create folders
$minRule = New-Object System.Security.AccessControl.FileSystemAccessRule(
'Authenticated Users',
[System.Security.AccessControl.FileSystemRights]'ReadAndExecute,Synchronize,CreateDirectories',
[System.Security.AccessControl.InheritanceFlags]::None,
[System.Security.AccessControl.PropagationFlags]::None,
$allow
)
$acl.AddAccessRule($minRule)
Set-Acl -Path $homesPath -AclObject $acl
Write-Output "[OK] Root: Authenticated Users — This Folder Only (list + create folders)"
Write-Output ""
Write-Output "=== Fixing user subfolder ACLs ==="
Get-ChildItem $homesPath -Directory -EA SilentlyContinue | ForEach-Object {
$folder = $_.FullName
$name = $_.Name
$subAcl = Get-Acl $folder
# Break inheritance — copy existing ACEs explicitly (no longer inherit from root)
$subAcl.SetAccessRuleProtection($true, $true)
Set-Acl -Path $folder -AclObject $subAcl
$subAcl = Get-Acl $folder
# Remove BUILTIN\Users entries that came from root inheritance
$count = 0
$subAcl.Access | Where-Object { $_.IdentityReference.Value -eq 'BUILTIN\Users' } | ForEach-Object {
$subAcl.RemoveAccessRule($_) | Out-Null
$count++
}
Set-Acl -Path $folder -AclObject $subAcl
Write-Output " [$name] Removed $count BUILTIN\Users rule(s), inheritance disabled [OK]"
}
Write-Output ""
Write-Output "=== Verification — root ACL ==="
(Get-Acl $homesPath).Access | ForEach-Object {
Write-Output " $($_.IdentityReference) | $($_.FileSystemRights) | Inherit:$($_.InheritanceFlags)"
}
Write-Output ""
Write-Output "=== Verification — subfolder ACLs ==="
Get-ChildItem $homesPath -Directory -EA SilentlyContinue | ForEach-Object {
Write-Output " --- $($_.Name) ---"
(Get-Acl $_.FullName).Access | ForEach-Object {
Write-Output " $($_.IdentityReference) | $($_.FileSystemRights) | Inherit:$($_.InheritanceFlags)"
}
}
Reference in New Issue View Git Blame Copy Permalink