Purging unmanaged ACL's

[AxisNL]

Hi I was wondering is there is a way in this module to achieve this:

I want to set ACL's on specific folders for end-users programatically. Sometimes users are added, sometimes users are removed. Adding users works perfectly, but whenever I run my dsc script, I want to purge the acl's that are not managed by DSC. Is there a way to do that?

I know I can set acls to absent, but I don't want to ensure 1000 users are absent when I only want to ensure 3 are present.

It currently works fine with AD groups (ensuring specific people are in a group, and the setting a single acl for that group. However, this requires users to log out and back in again, which is a real pain. I want to switch to ACL's for end-users directly.

[garetjax67]

I am seeing the same issue. I can present/Absent specific issues, but if I want to enforce my permissions to be exactly what I specify it does not appear to work.

Example:
cNtfsPermissionEntry 'FileShare1User1' {
Ensure = 'absent'
DependsOn = "[File]Share1Folder"
Principal = 'domain\user1'
Path = 'D:\FileShare1'
}

cNtfsPermissionEntry 'FileShare1read' {
Ensure = 'Present'
DependsOn = "[File]Share1Folder"
Principal = 'domain\user3'
Path = 'D:\FileShare1'
AccessControlInformation = @(
cNtfsAccessControlInformation
{
AccessControlType = 'Allow'
FileSystemRights = 'Read'
Inheritance = 'ThisFolderSubfoldersAndFiles'
NoPropagateInherit = $false
}
)
}

Will remove user1 but if user2 exist . . . ignores and does not remove user2. Will remove user1 and leave or add user3.