inheritance - Removing just one inherit permission using PowerShell -

i'm trying write script can remove access rights 1 (e.g. everyone) on folders have inherited permissions in place.

the other inherit permissions should stay intact. can remove inherit permissions , remove access group, inheritance broken. don't want enable inheritance after action because of subfolders having no inheritance being broken.

how remove group without messing rest of permissions?

you cannot (by design) remove inherited permission, "without messing rest of permissions".

what can

1. disallow inheritance, preserve inherited rules
2. remove/modify everyone ace after removing inheritance

like this:

$filepath = "c:\parentfolder\childitem.ext" $fileacl  = get-acl $filepath  # remove inheritance preserve existing entries $fileacl.setaccessruleprotection($true,$true) set-acl $filepath -aclobject $fileacl  # retrieve new explicit set of permissions $fileacl  = get-acl $filepath  # retrieve "everyone" rule $everyonerule = $fileacl.getaccessrules($true,$true,[system.security.principal.ntaccount]) | where-object {$_.identityreference -eq [system.security.principal.ntaccount]"everyone"}  # remove - or modify , use setaccessrule() instead $fileacl.removeaccessrule($everyonerule)  # set acl on file again set-acl $filepath -aclobject $fileacl