JSI Tip 9942. How can I remove unknown users or groups from NTFS permission?

When you inspect permissions on the Security tab of the Properties sheet of a file or folder, unknown users and groups are listed by their SID, in a format that starts with S-1-.

Using the corrected version of SubInAcl, I have scripted RevokePermSID.bat to revoke the permissions of unknown users or groups.

The syntax for using RevokePermSID.bat is:

RevokePermSID DriveOrFolder1 [DriveOrFolder2 ... DriveOrFolderN]

Where each DriveOrFolderX is a drive or folder you wish to purge.

RevokePermSID.bat contains:

@echo offif {%1}

{} @echo Syntax RevokePermSID DriveOrFolder1 [DriveOrFolder2 ... DriveOrFolderN]&goto :EOFsetlocalset work="%TEMP%RevokePermSID_%RANDOM%.TMP":loopif {%1}

{} goto finishset obj=%1shiftcall :findSID %obj%for /f "Tokens=*" %%a in ('dir %obj% /s /b /a') do ( call :findSID "%%a")goto loop:finishdel /q %work%endlocalgoto :EOF:findSIDsubinacl /outputlog=%work% /nostatistic /File %1for /f "Tokens=*" %%b in ('type %work%^|FIND "=S-1-"') do ( for /f "Tokens=1* Delims==" %%c in ('@echo %%b') do (   for /f "Tokens=1" %%e in ('@echo %%d') do (     subinacl /nostatistic /File %1 /revoke=%%e   ) ))