Clear-Host

#Valeurs nécessaire dans tous les cas
$ObjectToProcess = "C:\Mon repertoire"
$Operation = "del"
$UserNameToProcess = "Tout le monde"

#Valeurs supplémentaires nécessaires pour un ajout
$FileSystemRightsValue = "Modify, Synchronize"
$InheritanceFlagsValue = "ContainerInherit, ObjectInherit"
#Valeurs par défaut que l'on peut décommenter et modifier au besoin
#$PropagationFlagValue = "None"
#$objAccessControlTypeValue = "Allow"

function ModifyACL(){

	param([string]$ObjectToProcess, [string]$Operation, [string]$UserNameToProcess, [string]$FileSystemRightsValue = "Modify, Synchronize", [string]$InheritanceFlagsValue = "ContainerInherit, ObjectInherit", [string]$PropagationFlagValue = "None", [string]$objAccessControlTypeValue = "Allow")

	#On recupere les droits de l objet a traiter
	$objACL = Get-ACL $ObjectToProcess

	switch ($Operation) 
	{ 
		"add" {

			#On prealable, on retirer tous les anciens accès de ce compte
			foreach ($MySubACL in $objACL.Access)
			{
				#					Write-Host "___________________________"
				#				    Write-Host $MySubACL.AccessControlType
				#					Write-Host $MySubACL.FileSystemRights
				#					Write-Host $MySubACL.IsInherited
				#					Write-Host $MySubACL.PropagationFlags
				#					Write-Host $MySubACL.InheritanceFlags.value__
				#					Write-Host $MySubACL.IdentityReference

				if ($MySubACL.IdentityReference -eq $UserNameToProcess){
					#						$objUserToDelete = New-Object System.Security.Principal.NTAccount($UserNameToProcess) 
					#
					#						$objACEToDelete = New-Object System.Security.AccessControl.FileSystemAccessRule `
					#						($objUserToDelete, $MySubACL.FileSystemRights, $MySubACL.InheritanceFlags, $MySubACL.PropagationFlags, $MySubACL.AccessControlType)
					#						$objACL.RemoveAccessRule($objACEToDelete)

					#Si l'objet n'est pas hérité
					if ($MySubACL.IsInherited -eq $false){
						$objACL.RemoveAccessRule($MySubACL)
						Write-Host "Ancienne référence retirée"
					}
				}
			}
			#Maintenant on donne les accès au compte voulu
			$objUser = New-Object System.Security.Principal.NTAccount($UserNameToProcess) 
			#$FileSystemRights = [System.Security.AccessControl.FileSystemRights]"ReadAndExecute, Synchronize"
			$FileSystemRights = [System.Security.AccessControl.FileSystemRights]$FileSystemRightsValue
			$InheritanceFlag = [System.Security.AccessControl.InheritanceFlags]$InheritanceFlagsValue
			$PropagationFlag = [System.Security.AccessControl.PropagationFlags]::$PropagationFlagValue
			$objAccessControlType =[System.Security.AccessControl.AccessControlType]::$objAccessControlTypeValue

			$objACE = New-Object System.Security.AccessControl.FileSystemAccessRule `
			($objUser, $FileSystemRights, $InheritanceFlag, $PropagationFlag, $objAccessControlType) 

			$objACL.AddAccessRule($objACE)
			Write-Host "$UserNameToProcess ajouté aux accès de $ObjectToProcess"
		} 
		"del" {
			foreach ($MySubACL in $objACL.Access)
			{
				if ($MySubACL.IdentityReference -eq $UserNameToProcess){
					#						$objUserToDelete = New-Object System.Security.Principal.NTAccount($UserNameToProcess) 
					#
					#						$objACEToDelete = New-Object System.Security.AccessControl.FileSystemAccessRule `
					#						($objUserToDelete, $MySubACL.FileSystemRights, $MySubACL.InheritanceFlags, $MySubACL.PropagationFlags, $MySubACL.AccessControlType)
					#						$objACL.RemoveAccessRule($objACEToDelete)

					#Si l'objet n'est pas hérité
					if ($MySubACL.IsInherited -eq $false){
						$objACL.RemoveAccessRule($MySubACL)
						Write-Host "$MySubACL.IdentityReference retiré des accès de $ObjectToProcess"
					}

				}
			}			
		} 
		default {"Operation is not recognized"}
	}

	#On applique les droits sur le répertoire/objet
	Set-ACL $ObjectToProcess $objACL
}

#Suivant qu'on demande un ajout ou une suppression
switch ($Operation) 
{ 
	"add" {
		#Pour un ajout
		#			$AllChildObjectToProcess = Get-ChildItem $ObjectToProcess -recurse | Where-Object {$_.Attributes -eq "Directory"}
		#			foreach ($OneObject in $AllChildObjectToProcess){
		#				ModifyACL -ObjectToProcess $OneObject.FullName -Operation $Operation -UserNameToProcess $UserNameToProcess -FileSystemRightsValue $FileSystemRightsValue -InheritanceFlagsValue $InheritanceFlagsValue
		#			}
		ModifyACL -ObjectToProcess $ObjectToProcess -Operation $Operation -UserNameToProcess $UserNameToProcess -FileSystemRightsValue $FileSystemRightsValue -InheritanceFlagsValue $InheritanceFlagsValue
	}			
	"del" {
		#Pour une suppression
		ModifyACL -ObjectToProcess $ObjectToProcess -Operation $Operation -UserNameToProcess $UserNameToProcess
		$AllChildObjectToProcess = Get-ChildItem $ObjectToProcess -recurse #| Where-Object {$_.Attributes -eq "Directory"}
		foreach ($OneObject in $AllChildObjectToProcess){
			ModifyACL -ObjectToProcess $OneObject.FullName -Operation $Operation -UserNameToProcess $UserNameToProcess
		}
	}			
}