0

I have an AD group called "Admins" and it has specific members but under the Security Tab, how can I use Powershell to remove certain users/groups from the Security list and/or modify the Security permissions for users/groups (e.g. Bob or "Admins") to have Read-only or deny other permissions?

Thanks!

Lance
  • 1
  • 1
  • 1
    So you want to remove Access Control Entries from the Access Control List of the group so that certain security principals can't modify the group? If so, then disable permissions inheritance on the group and then remove the users/groups from the ACL. – joeqwerty Mar 26 '21 at 13:48
  • Agree with Joe---probably also needs some more clarity on your question. Can you provide an example scenario? https://mywiki.wooledge.org/XyProblem – TheCleaner Mar 26 '21 at 14:11
  • I have an already existing OU that has a "Security Group" Group which users are apart of. That group already has an existing Security setup, I want to programmatically remove the existing ACLs that exist using Powershell. Also, this Domain has many of these that already exist, and why I need to write something to go into each group to revoke and/or change the Deny/Allow permissions. – Lance Mar 27 '21 at 01:59

1 Answers1

0

I figured it out.

new-object System.DirectoryServices.ActiveDirectoryAccessRule $identity,"WriteProperty",$type,$inheritanceType,$inheritedobjectguid
Lance
  • 1
  • 1