1. 首頁
  2. 問答
  3. 與powershell分配文件夾權限的問題

與powershell分配文件夾權限的問題

2015-10-15 15 views
1

我想這個PowerShell腳本創建一個新的目錄,並添加/分配組的權限。與powershell分配文件夾權限的問題

該組正在添加,但權限未顯示在「安全」選項卡上的「屬性」下。如果要升級安全性,則權限確實顯示在那裏。

另外,父文件夾權限不會根據需要從新子文件夾中刪除。

$groups = "DOMAIN\GROUP" 
$Perm = "MODIFY" 
$Permission = [System.Security.AccessControl.FileSystemRights] $Perm 
$AllInherit = [System.Security.AccessControl.InheritanceFlags] "None" 
$AllPropagation = [System.Security.AccessControl.PropagationFlags] "InheritOnly" 
$path = "c:\temp\test" 
new-item -path $path -itemtype directory -force 
$group = $groups 
$GetACL = Get-Acl $Path 
$Access = New-Object System.Security.Principal.NTAccount ($group) 
$AccessRule = New-Object system.security.AccessControl.FileSystemAccessRule($Access, $perm, $AllInherit, $Allpropagation, "Allow") 
$GetACL.SetAccessRule($AccessRule) 
SET-ACL -PATH $path $getacl

來源

2015-10-15 Grishanko

+0

此外,InheritOnly傳播沒有正確設置。 –

回答

0

這裏有一個功能我寫了一個相似的目的:

function Add-AclEntry { 
    # Adds a new entry to the specified file system object ACL. For 
    # folders the new permissions are applied recursively. 
    # Returns: null. 
    param(
     [Parameter(Mandatory=$true)] 
     [ValidateNotNullOrEmpty()] 
     [String]$sPath, 

     [Parameter(Mandatory=$true)] 
     [ValidateNotNullOrEmpty()] 
     # Access group (full notation). 
     [String]$sGroup, 

     [Parameter(Mandatory=$true)] 
     [ValidateNotNullOrEmpty()] 
     # List of access rights, comma separated. 
     [String]$sRights, 

     [Parameter(Mandatory=$false)] 
     [ValidateSet("Allow", "Deny")] 
     [String]$sType = "Allow" 
    ) 

    $cRights = [System.Security.AccessControl.FileSystemRights]$sRights 
    $oType = [System.Security.AccessControl.AccessControlType]::$sType 
    $oGroup = New-Object -TypeName System.Security.Principal.NTAccount($sGroup) 

    # Inheritance flags: full inheritance. 
    if ((Get-Item $sPath).PSIsContainer) { 
     $oInheritanceFlags = (` 
      [System.Security.AccessControl.InheritanceFlags]::ObjectInherit ` 
     -bor [System.Security.AccessControl.InheritanceFlags]::ContainerInherit) 
    } else { 
     $oInheritanceFlags = ` 
      [System.Security.AccessControl.InheritanceFlags]::None 
    } 
    $oPropagationFlags = [System.Security.AccessControl.PropagationFlags]::None 

    # Creating access control entry and adding it to the ACL. 
    $oAce = New-Object ` 
     -TypeName System.Security.AccessControl.FileSystemAccessRule ` 
     ($oGroup, $cRights, $oInheritanceFlags, $oPropagationFlags, $oType) 
    $oAcl = Get-Acl -Path $sPath 
    $oAcl.AddAccessRule($oAce) 
    Set-Acl -Path $sPath -AclObject $oAcl 

    return $null 
}

用法示例(添加爲Authenticated UsersModify權限):

$sGroup = "NT AUTHORITY\Authenticated Users" 
$sRights = "Delete, Read, Traverse, Write" 
Add-AclEntry -sPath $sFolder -sGroup $sGroup -sRights $sRights

希望有所幫助。

來源

2015-10-15 20:33:50

相關問題

 相關問題