使用PowerShell

Question

我做了一些研究，似乎仍不能找到一種方法，以取代與父ACL的ACL像是用這一個命令使用FILEACL完成與繼承更換ACL：

FILEACL.exe c:\parent_folder\child_folder /INHERIT /REPLACE /SUB 

我知道使用get-acl和set-acl cmdlet，甚至使用.NET，但也許我缺少某種.NET方法。

我undersand我可以做這樣的事情，但它似乎並沒有做什麼，我與更換parent_folder的ACL或任何其子女的希望：

$acl = get-acl "c:\parent_folder" 
$acl.SetAccessRuleProtection($False, $True) # Turn on inheritence; 2nd paramter ignored if 1st is false 

任何幫助將不勝感激。

Answer 1

function Reset-FolderPermissionsRecursively { 
    param (
     [Parameter(Mandatory=$true)][string]$modelFolder, 
     [Parameter(Mandatory=$true)][string]$targetFolder 
    ) 

    # Reset permissions for parent folder and remove explicit (non-inherited) permissions 
    $modelFolderAcl = Get-Acl -path $modelFolder 
    Write-Host "Setting permissions on $targetFolder to match $modelFolder" 
    Set-Acl -path $targetFolder -aclObject $modelFolderAcl 
    $acl = Get-Acl $targetFolder 
    $aces = $acl.Access 
    foreach ($ace in $aces) { 
     if ($ace.IsInherited -eq $FALSE) { 
      Write-Host "Removing $ace on $targetFolder" 
      $acl.RemoveAccessRule($ace) 
      Set-Acl $targetFolder $acl 
     } 
    } 

    # Reset permissions for parent folder's children and remove explicit (non-inherited) permissions 
    Get-ChildItem $targetFolder -recurse -attributes d | foreach { 
     Write-Host "Setting permissions on" $_.fullName "to match $modelFolder" 
     Set-Acl -path $_.fullName -aclObject $modelFolderAcl 
     $acl = Get-Acl $_.FullName 
     $aces = $acl.Access 
     foreach ($ace in $aces) { 
      if ($ace.IsInherited -eq $FALSE) { 
       Write-Host "Removing $ace on" $_.fullName 
       $acl.RemoveAccessRule($ace) 
       Set-Acl $_.FullName $acl 
      } 
     } 
    } 
}