本文介绍了使用Powershell递归设置文件夹权限?的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
我有一个目录,要递归浏览并设置所有文件夹的权限。因此,操作顺序应为:
- 从文件夹中删除所有ACL
- 将ACL添加到文件夹
- 设置ACL
我尝试了以下代码,但出现错误
foreach ($folder in Get-ChildItem -Path c:\perms -Recurse -Directory) {
$AccessRule = New-Object System.Security.Accesscontrol.FileSystemAccessRule ("user", "FullControl", "ContainerInherit,ObjectInherit", "InheritOnly", "Allow")
$acl = Get-Acl $folder
$acl.SetAcccessRule($AccessRule)
Set-Acl -Path $folder.FullName -AclObject $acl
}
I got rid of the error message, and it added the ACL, but I want to basically remove all ACLs from the folder and add new ones.
I updated my script to look like this:
$acl = Get-Acl -Path "c:\perms"
$acl.SetAccessRuleProtection($true,$false)
$acl.Access | ForEach-Object { $acl.RemoveAccessRule($_) | Out-Null }
$ace = New-Object System.Security.Accesscontrol.FileSystemAccessRule ("user", "FullControl", "ContainerInherit,ObjectInherit", "InheritOnly", "Allow")
$acl.AddAccessRule($ace)
Set-Acl -Path "c:\perms" -AclObject $acl
If I want to add multiple $ace, is it just a matter of declaring $ace2, $ace3 and then calling $acl.AddAccessRule($ace2), $acl.AddAccessRule($ace3).
解决方案
Use SetAccessRuleProtection() to disable inheritance and remove inherited ACEs:
$acl.SetAccessRuleProtection($true, $false)
Use RemoveAccessRule() to remove existing (non-inherited) ACEs:
$acl.Access | ForEach-Object { $acl.RemoveAccessRule($_) | Out-Null }
Use AddAccessRule() to add new ACEs:
$ace = New-Object Security.AccessControl.FileSystemAccessRule "user", ...
$acl.AddAccessRule($ace)
...
Do this only for the topmost folder. Leave inheritance enabled everywhere below, so your changes are propagated automatically.
这篇关于使用Powershell递归设置文件夹权限?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!