1. 首頁
  2. 問答
  3. 的PowerShell:刪除一個目錄下的所有權限的所有用戶

的PowerShell:刪除一個目錄下的所有權限的所有用戶

2012-07-13 75 views
0

我必須刪除一個目錄(及其子目錄和文件)的所有普通用戶(即非管理員)的所有權限。的PowerShell:刪除一個目錄下的所有權限的所有用戶

我試圖在PowerShell中以下,但什麼都沒有發生:

New-Item "C:\Test" -type Directory 
$acl=get-acl "C:\Test" 
$inherit=[system.security.accesscontrol.InheritanceFlags]"ContainerInherit,ObjectInherit" 
$propagation=[system.security.accesscontrol.Propagation]"None" 
$ar=New-Object system.security.accesscontrol.FileSystemAccessRule("Users","FullControl",$inherit,$propagation,"Allow") 
$acl.RemoveAccessRuleAll($ar) 
Set-Acl "C:\Test" $acl

如果我嘗試用$env:computername\Users(而不是僅僅Users)我得到以下錯誤: Exception calling "RemoveAccessRuleAll" with "1" argument(s): "Some or all identity references could not be translated.

什麼身份是否必須通過才能識別所有用戶?

來源

2012-07-13 Bletto

回答

0

首先您是否真的嘗試:

$($env:computername\Users)

你可以嘗試:

$(WinNT://WORKGROUP/$env:computername/Utilisateurs)

,看一下:

$obj = [ADSI]"WinNT://$env:COMPUTERNAME" 
$obj.children | where {$_.name -eq "users"} | fl *

來源

2012-07-13 06:37:21 JPBlanc

3

這將做到這一點:

function AddNTFSPermissions($path, $object, $permission) { 
    $FileSystemRights = [System.Security.AccessControl.FileSystemRights]$permission 
    $InheritanceFlag = [System.Security.AccessControl.InheritanceFlags]"ContainerInherit, ObjectInherit" 
    $PropagationFlag = [System.Security.AccessControl.PropagationFlags]"None" 
    $AccessControlType =[System.Security.AccessControl.AccessControlType]::Allow 
    $Account = New-Object System.Security.Principal.NTAccount($object) 
    $FileSystemAccessRule = New-Object System.Security.AccessControl.FileSystemAccessRule($Account, $FileSystemRights, $InheritanceFlag, $PropagationFlag, $AccessControlType) 
    $DirectorySecurity = Get-ACL $path 
    $DirectorySecurity.AddAccessRule($FileSystemAccessRule) 
    Set-ACL $path -AclObject $DirectorySecurity 
} 

function RemoveNTFSPermissions($path, $object, $permission) { 
    $FileSystemRights = [System.Security.AccessControl.FileSystemRights]$permission 
    $InheritanceFlag = [System.Security.AccessControl.InheritanceFlags]"ContainerInherit, ObjectInherit" 
    $PropagationFlag = [System.Security.AccessControl.PropagationFlags]"None" 
    $AccessControlType =[System.Security.AccessControl.AccessControlType]::Allow 
    $Account = New-Object System.Security.Principal.NTAccount($object) 
    $FileSystemAccessRule = New-Object System.Security.AccessControl.FileSystemAccessRule($Account, $FileSystemRights, $InheritanceFlag, $PropagationFlag, $AccessControlType) 
    $DirectorySecurity = Get-ACL $path 
    $DirectorySecurity.RemoveAccessRuleAll($FileSystemAccessRule) 
    Set-ACL $path -AclObject $DirectorySecurity 
} 

function RemoveInheritance($path) { 
    $isProtected = $true 
    $preserveInheritance = $true 
    $DirectorySecurity = Get-ACL $path 
    $DirectorySecurity.SetAccessRuleProtection($isProtected, $preserveInheritance) 
    Set-ACL $path -AclObject $DirectorySecurity 
} 

# Create folder 
$Path = "C:\Test" 
New-Item $Path -Type Directory 

# Remove permissions 
RemoveInheritance $Path 
RemoveNTFSPermissions $Path "Authenticated Users" "Modify, ChangePermissions" 
RemoveNTFSPermissions $Path "Users" "Modify, ChangePermissions"

來源

2012-07-14 01:17:18

相關問題

 相關問題