Delete Orphaned SIDs In ACLs !LINK!
I need to delete all the orphaned SIDs in the ACLs of about 20 shares (between 100GB/6TB) and change full control of users groups to other permissions (modify or read/execute). I have done this script but I'm pretty sure it's easy to improve. Any advice?
Delete orphaned SIDs in ACLs
One of the possible concerns with blocking inherited permissions is that you might create an orphaned object where no one has any permissions. For example, you can create an OU, block all permissions inheritance to that OU, and assign the permissions to only one administrative group. You can even remove the Domain Admins group from the ACL of the OU so that the Domain Admins does not have any permissions under normal circumstances. If that administrative group gets deleted, the OU would have no group with administrative control. In this case, the Domain Admins group would have to take ownership of the object and reassign permissions.
I have no idea what is causing the cache folder to fill up or whether you can delete the cache files. I know you can manually delete orphaned file storage blobs (app installers) that would be stored on the configured file storage path. For this, use the PurgeUtility log to determine what is not being purged.