$accessControlEntryDefault = New-Object System.Security.AccessControl.FileSystemAccessRule @(“Domain\\adm1” , $readOnly, $inheritanceFlag, $propagationFlag, $type)
\n$accessControlEntryDefault2 = New-Object System.Security.AccessControl.FileSystemAccessRule @(\" Domain\\admuser2 \" , $readOnly, $inheritanceFlag, $propagationFlag, $type)
\n$accessControlEntryDefault3 = New-Object System.Security.AccessControl.FileSystemAccessRule @(\" Domain\\admuser 3\" , $readOnly, $inheritanceFlag, $propagationFlag, $type)
\n$accessControlEntryDefault4 = New-Object System.Security.AccessControl.FileSystemAccessRule @(\" Domain\\user4 \" , $readOnly, $inheritanceFlag, $propagationFlag, $type)
\n$accessControlEntryDefault5 = New-Object System.Security.AccessControl.FileSystemAccessRule @(\" Domain\\ adm user5 \" , $readOnly, $inheritanceFlag, $propagationFlag, $type)
\n$accessControlEntryDefault6 = New-Object System.Security.AccessControl.FileSystemAccessRule @(\" Domain\\ adm user6 \" , $readOnly, $inheritanceFlag, $propagationFlag, $type)
\n$accessControlEntryDefault7 = New-Object System.Security.AccessControl.FileSystemAccessRule @(\" Domain\\ adm user7\" , $readOnly, $inheritanceFlag, $propagationFlag, $type)
\n$accessControlEntryDefault8 = New-Object System.Security.AccessControl.FileSystemAccessRule @( Domain\\admuser 8\" , $readOnly, $inheritanceFlag, $propagationFlag, $type)<\/p>\n

$accessControlEntryDefaul9 = New-Object System.Security.AccessControl.FileSystemAccessRule @(“$RemoveAcl” , $readOnly, $inheritanceFlag, $propagationFlag, $type)<\/p>\n

$accessControlEntryRW = New-Object System.Security.AccessControl.FileSystemAccessRule @($userRW, $readWrite, $inheritanceFlag, $propagationFlag, $type)
\n$accessControlEntryR = New-Object System.Security.AccessControl.FileSystemAccessRule @($userR, $readOnly, $inheritanceFlag, $propagationFlag, $type)
\n$objACL = Get-ACL $newFolderFull<\/p>\n

##hör<\/span> ihop med rad 48 (hitta bättre lösning)
\n$objACL.RemoveAccessRuleAll($accessControlEntryDefault)
\n$objACL.RemoveAccessRuleAll($accessControlEntryDefault2)
\n$objACL.RemoveAccessRuleAll($accessControlEntryDefault3)
\n$objACL.RemoveAccessRuleAll($accessControlEntryDefault4)
\n$objACL.RemoveAccessRuleAll($accessControlEntryDefault5)
\n$objACL.RemoveAccessRuleAll($accessControlEntryDefault6)
\n$objACL.RemoveAccessRuleAll($accessControlEntryDefault7)
\n$objACL.RemoveAccessRuleAll($accessControlEntryDefault8)
\n$objACL.AddAccessRule($accessControlEntryRW)
\n$objACL.AddAccessRule($accessControlEntryR)
\nSet-ACL $newFolderFull $objACL
\n}<\/p>\n

Makes sence?!<\/p>","upvoteCount":6,"answerCount":6,"datePublished":"2021-10-07T20:46:58.000Z","author":{"@type":"Person","name":"spiceuser-84hdj","url":"https://community.spiceworks.com/u/spiceuser-84hdj"},"suggestedAnswer":[{"@type":"Answer","text":"

So, on our main fileserver where all the shares are (D:\\Data) we have inheritance turned on.
\nI have made a script that creates a new folder, creates a share, creates AD groups & creates a DFSN folder etc etc.<\/p>\n

The only problem is, that with this inheritance on the D:\\data, every single admin that goes in to D:\\data gets full access on every folder that gets created. My script removes evey adm user that currently has access manualy. The only problem is everytime someone goes in to D:\\Data they get access to new folders, I would have to modify the script. Could someone help me nail a For Each loop that gets rid of all of them. They all start with “Domain\\adm”<\/p>\n

With a variable simular to this? $users = Get-Acl “D:\\Data\\Testtest” | select Path -ExpandProperty Access | where {$_.IdentityReference -like \" domain\\adm*\"} | fl<\/p>\n

Se the part of the script that I want to optimize:<\/p>\n