JSI Tip 9942. How can I remove unknown users or groups from NTFS permission?

When you inspect permissions on the Security tab of the Properties sheet of a file or folder, unknown users and groups are listed by their SID, in a format that starts with S-1-.

Using the corrected version of SubInAcl, I have scripted RevokePermSID.bat to revoke the permissions of unknown users or groups.

The syntax for using RevokePermSID.bat is:

RevokePermSID DriveOrFolder1 \[DriveOrFolder2 ... DriveOrFolderN\]

Where each DriveOrFolderX is a drive or folder you wish to purge.

RevokePermSID.bat contains:

@echo off
if \{%1\}

\{\} @echo Syntax RevokePermSID DriveOrFolder1 \[DriveOrFolder2 ... DriveOrFolderN\]&goto :EOF setlocal set work="%TEMP%\RevokePermSID_%RANDOM%.TMP" :loop if \{%1\}

\{\} goto finish set obj=%1 shift call :findSID %obj% for /f "Tokens=*" %%a in ('dir %obj% /s /b /a') do ( call :findSID "%%a" ) goto loop :finish del /q %work% endlocal goto :EOF :findSID subinacl /outputlog=%work% /nostatistic /File %1 for /f "Tokens=*" %%b in ('type %work%^|FIND "=S-1-"') do ( for /f "Tokens=1* Delims==" %%c in ('@echo %%b') do ( for /f "Tokens=1" %%e in ('@echo %%d') do ( subinacl /nostatistic /File %1 /revoke=%%e ) ) )

