我會簡單地使用當前對象變量($_
):
Get-ChildItem $directory –Recurse | % {
$acl = Get-Acl -LiteralPath $_
$permission = 'domain\user', 'FullControl', 'Allow'
$accessRule = New-Object Security.AccessControl.FileSystemAccessRule $permission
$acl.SetAccessRule($accessRule)
Set-Acl -AclObject $acl -LiteralPath $_
}
,如果你只是由Get-ChildItem
調用的輸出分配給一個變量首先得到文件數組想要將ACL修改放入一個腳本中,並將其與Get-ChildItem
分離它我建議使腳本process pipelined input:
[CmdletBinding()]
Param(
[Parameter(
Mandatory=$true,
ValueFromPipeline=$true,
ValueFromPipelineByPropertyName=$true
)]
[IO.FileSystemInfo]$Path
)
Begin {
$permission = 'domain\user', 'FullControl', 'Allow'
$accessRule = New-Object Security.AccessControl.FileSystemAccessRule $permission
}
Process {
$acl = Get-Acl -LiteralPath $Path
$acl.SetAccessRule($accessRule)
Set-Acl -AclObject $acl -LiteralPath $Path
}
但是,請注意,Get-Acl
無法在您的帳戶和您的某個組都不是所有者的情況下修改ACL。您可以通過使用icacls
解決此問題:
[CmdletBinding()]
Param(
[Parameter(
Mandatory=$true,
ValueFromPipeline=$true,
ValueFromPipelineByPropertyName=$true
)]
[IO.FileSystemInfo]$Path
)
Begin {
$trustee = 'domain\user'
$permission = 'F'
}
Process {
& icacls $Path.FullName "/grant:r" "${trustee}:(CI)(OI)${permission}" | Out-Null
}