Removing permissions from a list in MOSS 2007 using PowerShell
Published May 15 2019 10:13 PM 333 Views

First published on TECHNET on Aug 29, 2016
Hello Guys,

Recently my customer asked me to create a script to remove permissions from a list, specifically it would remove all permissions except for one group that they would designate.

Started doing some research and quickly realized that there was no information out there on how to do this, so I did a lot of digging and came up with this script.

You can download the script from this location

The heart of the script is the function CleanupAcl

Function CleanUpAcl
{
param($SPObject, $GroupName)

$Title = $SPObject.Title
Write-Host "Removing permissions from $Title"
$RoleAssignmentsCount = $SPObject.RoleAssignments.Count

For($i = $RoleAssignmentsCount - 1; $i -ge 0; $i--)
{
if($SPObject.RoleAssignments[$i].Member.Name -ne $GroupName)
{
$DeletedGroupName = $SPObject.RoleAssignments[$i].Member.Name
Write-Host "`t Removing Group/User $DeletedGroupName..."
$SPObject.RoleAssignments.RemoveByID($SPObject.RoleAssignments[$i].Member.ID)
}
}
}

For me the big surprise was having to use the For loop instead of being able to use the ForEach loop. The reason I did this is when I was testing I go the following error message:
An error occurred while enumerating through a collection: Collection was modified; enumeration operation may not execute..
At C:\Users\Administrator.WEAVER\Documents\Viewstest2.ps1:11 char:1
+  <<<< $List.RoleAssignments | ForEach-Object{
+ CategoryInfo          : InvalidOperation: (Microsoft.Share...on+SPEnumerator:SPEnumerator) [], RuntimeException
+ FullyQualifiedErrorId : BadEnumeration


I quickly realized that I was deleting the object I was trying to enumerate so I changed to the For loop and went from the bottom up.

Hope this script is helpful to you.

Pax

Version history
Last update:
‎Apr 28 2020 03:21 PM
Updated by: