Set-ADTItemPermission in 4.1.5 - Can't Remove All Permissions

burghdude · October 17, 2025, 6:08pm

Hello. I'm using PSADT 4.1.5 and would like to completely remove the permissions to a folder from a specified group. However, the 'None' parameter for permissions doesn't seem to be accepted, even though it's noted in the documentation.

Here's the line of code from my script:

Set-ADTItemPermission -LiteralPath 'C:\Folder\Subfolder' -User 'Authenticated Users' -Permission 'None' -Method 'RemoveAll'

Here is Example 3 from the PSADT reference for the Set-ADTItemPermission function:

Set-ADTItemPermission -LiteralPath 'C:\Temp\Private' -User 'DOMAIN\John' -Permission 'None' -Method 'RemoveAll'

When I run the script, the following error is thrown:

Cannot process argument transformation on parameter 'Permission'. Cannot convert value "None" to type "System.Security.AccessControl.FileSystemRights". Error: "Unable to match the identifier name None to a valid enumerator name. Specify one of the following enumerator names and try again: ListDirectory, ReadData, WriteData, CreateFiles, CreateDirectories, AppendData, ReadExtendedAttributes, WriteExtendedAttributes, Traverse, ExecuteFile, DeleteSubdirectoriesAndFiles, ReadAttributes, WriteAttributes, Write, Delete, ReadPermissions, Read, ReadAndExecute, Modify, ChangePermissions, TakeOwnership, Synchronize, FullControl"

Is the None parameter no longer valid in 4.1.5?

That-Annoying-Guy · October 17, 2025, 7:45pm

I was able to confirm this Example as invalid.

But I was also able to work out your issue.
Using -Permission 'None' is indeed invalid.
But it turns out -Method 'RemoveAll is invalid as well.

It's better to explain how the function works with an example:
Here I give BUILTIN\Users FullControl and Read permissions to `C:\Temp\Private' as 2 separate entries:

Set-ADTItemPermission -LiteralPath 'C:\Temp\Private' -User 'BUILTIN\Users' -Permission FullControl -Inheritance ObjectInherit,ContainerInherit
Set-ADTItemPermission -LiteralPath 'C:\Temp\Private' -User 'BUILTIN\Users' -Permission FullControl -Inheritance ObjectInherit,ContainerInherit

Now I want to remove ONE of those permissions.
To do this I must specify WHICH permission entry I want to remove.
Here I remove the FullControl permission:

Set-ADTItemPermission -LiteralPath 'C:\Temp\Private' -User 'BUILTIN\Users' -Permission FullControl -Method 'RemoveAccessRuleAll'

To remove the Read, I will need to specify.

NOTE: If the specified permission to remove does not exist in the permission entries, no errors are generated.

burghdude · October 17, 2025, 8:51pm

Fantastic. Following your guidance, I was able to resolve the issue I was encountering and was able to set the permissions as needed. Thank you very much!

And, if no one has told you and the other folks that work on and contribute to this project, you're really appreciated. The PSADT has been a godsend to me for application packaging tasks. I'm very grateful!

Topic		Replies	Views
Set-ADTItemPermission doesn't seem to be imported General Discussion	9	204	January 3, 2025
Icacls ==> Set-ADTItemPermission Syntax? General Discussion	12	96	January 14, 2026
Set-ADTItemPermission struggles General Discussion	10	282	June 29, 2025
Set folder permissions to a folder sub folders and all files inside that General Discussion	8	11468	March 19, 2025
Run PSADT as user without admin prompt General Discussion	5	3193	March 19, 2025

Set-ADTItemPermission in 4.1.5 - Can't Remove All Permissions

Related topics