[Bug] Set-ADTItemPermission cannot remove inherited permissions #1682
Description
Prerequisites
- Ensure you write a short, descriptive title after [Bug] above.
- Make sure to search for any existing issues before filing a new one.
- Verify you are able to reproduce the issue with the latest released version
PSAppDeployToolkit version
4.1.3
Describe the bug
I have a folder with these default permissions:
I need to remove access for the BUILTIN\Users group. Back in 4.0.6, this would work:
In 4.1.3, that same instruction runs successfully, but permissions are not modified:
Since no error is thrown, we didn't immediately notice this issue after migrating some of our deployments to 4.1.3. We were made aware when we realized some of our users had write permissions on files they shouldn't have (no harm done thankfully).
This seems related to #1358 where the code that disabled inheritance was removed. Set-ADTItemPermission doesn't have a -DisableInheritance switch. Is there no longer any way to remove inherited permissions with PSADT, or am I missing something?
As a side note, it is semantically odd that the "DisableInheritance" parameter set no longer does what its name entails.
Thanks!
Steps to reproduce
- Try to remove any inherited permissions on a folder using Set-ADTItemPermission. E.g.:
Set-ADTItemPermission -Path 'C:\Test' -User '*S-1-5-32-545' -Permission 'FullControl' -Method RemoveAccessRuleAll -Verbose
Environment data
OsName : Microsoft Windows 11 Education
OSDisplayVersion : 23H2
OsOperatingSystemSKU : 121
OsArchitecture : 64-bit
WindowsVersion : 2009
WindowsProductName : Windows 10 Education
WindowsBuildLabEx : 22621.1.amd64fre.ni_release.220506-1250
OsLanguage : fr-FR
OsMuiLanguages : {fr-FR, en-GB, ja-JP}
KeyboardLayout : en-CA
TimeZone : (UTC-05:00) Eastern Time (US & Canada)
HyperVisorPresent : True
CsPartOfDomain : True
CsPCSystemType : Desktop
.NET SDK:
Version: 9.0.201
Commit: 071aaccdc2
Workload version: 9.0.200-manifests.a3a1a094
MSBuild version: 17.13.13+1c2026462
Runtime Environment:
OS Name: Windows
OS Version: 10.0.22631
OS Platform: Windows
RID: win-x64
Base Path: C:\Program Files\dotnet\sdk\9.0.201\
.NET workloads installed:
There are no installed workloads to display.
Configured to use loose manifests when installing new manifests.
Host:
Version: 9.0.3
Architecture: x64
Commit: 831d23e561
.NET SDKs installed:
9.0.201 [C:\Program Files\dotnet\sdk]
.NET runtimes installed:
Microsoft.AspNetCore.App 8.0.14 [C:\Program Files\dotnet\shared\Microsoft.AspNetCore.App]
Microsoft.AspNetCore.App 9.0.3 [C:\Program Files\dotnet\shared\Microsoft.AspNetCore.App]
Microsoft.NETCore.App 5.0.17 [C:\Program Files\dotnet\shared\Microsoft.NETCore.App]
Microsoft.NETCore.App 8.0.14 [C:\Program Files\dotnet\shared\Microsoft.NETCore.App]
Microsoft.NETCore.App 9.0.3 [C:\Program Files\dotnet\shared\Microsoft.NETCore.App]
Microsoft.WindowsDesktop.App 5.0.17 [C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App]
Microsoft.WindowsDesktop.App 8.0.14 [C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App]
Microsoft.WindowsDesktop.App 9.0.3 [C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App]
Other architectures found:
x86 [C:\Program Files (x86)\dotnet]
registered at [HKLM\SOFTWARE\dotnet\Setup\InstalledVersions\x86\InstallLocation]
Environment variables:
Not set
global.json file:
Not found
Learn more:
https://aka.ms/dotnet/info
Download .NET:
https://aka.ms/dotnet/download