我有一个目录,我想通过递归的方式去设置所有文件夹的权限。 所以操作的顺序应该是:
从文件夹中删除所有ACL 将ACL添加到文件夹 设置ACL我尝试了下面的代码,但我得到了错误
foreach ($folder in Get-ChildItem -Path c:\perms -Recurse -Directory) { $AccessRule = New-Object System.Security.Accesscontrol.FileSystemAccessRule ("user", "FullControl", "ContainerInherit,ObjectInherit", "InheritOnly", "Allow") $acl = Get-Acl $folder $acl.SetAcccessRule($AccessRule) Set-Acl -Path $folder.FullName -AclObject $acl }无法设置ACL,因为它需要调用的方法SetSecurityDescriptor不存在。
我摆脱了错误信息,并添加了ACL,但我想从文件夹中删除所有ACL并添加新的ACL。
我更新了我的脚本,如下所示:
$acl = Get-Acl -Path "c:\perms" $acl.SetAccessRuleProtection($true,$false) $acl.Access | ForEach-Object { $acl.RemoveAccessRule($_) | Out-Null } $ace = New-Object System.Security.Accesscontrol.FileSystemAccessRule ("user", "FullControl", "ContainerInherit,ObjectInherit", "InheritOnly", "Allow") $acl.AddAccessRule($ace) Set-Acl -Path "c:\perms" -AclObject $acl如果我想添加多个$ace ,是否只需要声明$ace2 , $ace3 ,然后调用$acl.AddAccessRule($ace2) , $acl.AddAccessRule($ace3) 。
I have a directory which I want to go through recursively and set permissions on all the folders. So the order of operations should be:
Remove all ACL from folder Add ACL to folder Set ACLI tried the below code, but I am getting the error
foreach ($folder in Get-ChildItem -Path c:\perms -Recurse -Directory) { $AccessRule = New-Object System.Security.Accesscontrol.FileSystemAccessRule ("user", "FullControl", "ContainerInherit,ObjectInherit", "InheritOnly", "Allow") $acl = Get-Acl $folder $acl.SetAcccessRule($AccessRule) Set-Acl -Path $folder.FullName -AclObject $acl }Cannot set the ACL because the method that it needs to invoke, SetSecurityDescriptor, does not exist.
I got rid of the error message, and it added the ACL, but I want to basically remove all ACLs from the folder and add new ones.
I updated my script to look like this:
$acl = Get-Acl -Path "c:\perms" $acl.SetAccessRuleProtection($true,$false) $acl.Access | ForEach-Object { $acl.RemoveAccessRule($_) | Out-Null } $ace = New-Object System.Security.Accesscontrol.FileSystemAccessRule ("user", "FullControl", "ContainerInherit,ObjectInherit", "InheritOnly", "Allow") $acl.AddAccessRule($ace) Set-Acl -Path "c:\perms" -AclObject $aclIf I want to add multiple $ace, is it just a matter of declaring $ace2, $ace3 and then calling $acl.AddAccessRule($ace2), $acl.AddAccessRule($ace3).
最满意答案
使用SetAccessRuleProtection()禁用继承并删除继承的ACE:
$acl.SetAccessRuleProtection($true, $false)使用RemoveAccessRule()删除现有的(非继承的)ACE:
$acl.Access | ForEach-Object { $acl.RemoveAccessRule($_) | Out-Null }使用AddAccessRule()添加新的ACE:
$ace = New-Object Security.AccessControl.FileSystemAccessRule "user", ... $acl.AddAccessRule($ace) ...只为最顶层的文件夹执行此操作。 在下面的任何位置启用继承,以便您的更改自动传播。
Use SetAccessRuleProtection() to disable inheritance and remove inherited ACEs:
$acl.SetAccessRuleProtection($true, $false)Use RemoveAccessRule() to remove existing (non-inherited) ACEs:
$acl.Access | ForEach-Object { $acl.RemoveAccessRule($_) | Out-Null }Use AddAccessRule() to add new ACEs:
$ace = New-Object Security.AccessControl.FileSystemAccessRule "user", ... $acl.AddAccessRule($ace) ...Do this only for the topmost folder. Leave inheritance enabled everywhere below, so your changes are propagated automatically.
使用Powershell递归设置文件夹权限?(Recursively set permissions on folders using Powershell?)我有一个目录,我想通过递归的方式去设置所有文件夹的权限。 所以操作的顺序应该是:
从文件夹中删除所有ACL 将ACL添加到文件夹 设置ACL我尝试了下面的代码,但我得到了错误
foreach ($folder in Get-ChildItem -Path c:\perms -Recurse -Directory) { $AccessRule = New-Object System.Security.Accesscontrol.FileSystemAccessRule ("user", "FullControl", "ContainerInherit,ObjectInherit", "InheritOnly", "Allow") $acl = Get-Acl $folder $acl.SetAcccessRule($AccessRule) Set-Acl -Path $folder.FullName -AclObject $acl }无法设置ACL,因为它需要调用的方法SetSecurityDescriptor不存在。
我摆脱了错误信息,并添加了ACL,但我想从文件夹中删除所有ACL并添加新的ACL。
我更新了我的脚本,如下所示:
$acl = Get-Acl -Path "c:\perms" $acl.SetAccessRuleProtection($true,$false) $acl.Access | ForEach-Object { $acl.RemoveAccessRule($_) | Out-Null } $ace = New-Object System.Security.Accesscontrol.FileSystemAccessRule ("user", "FullControl", "ContainerInherit,ObjectInherit", "InheritOnly", "Allow") $acl.AddAccessRule($ace) Set-Acl -Path "c:\perms" -AclObject $acl如果我想添加多个$ace ,是否只需要声明$ace2 , $ace3 ,然后调用$acl.AddAccessRule($ace2) , $acl.AddAccessRule($ace3) 。
I have a directory which I want to go through recursively and set permissions on all the folders. So the order of operations should be:
Remove all ACL from folder Add ACL to folder Set ACLI tried the below code, but I am getting the error
foreach ($folder in Get-ChildItem -Path c:\perms -Recurse -Directory) { $AccessRule = New-Object System.Security.Accesscontrol.FileSystemAccessRule ("user", "FullControl", "ContainerInherit,ObjectInherit", "InheritOnly", "Allow") $acl = Get-Acl $folder $acl.SetAcccessRule($AccessRule) Set-Acl -Path $folder.FullName -AclObject $acl }Cannot set the ACL because the method that it needs to invoke, SetSecurityDescriptor, does not exist.
I got rid of the error message, and it added the ACL, but I want to basically remove all ACLs from the folder and add new ones.
I updated my script to look like this:
$acl = Get-Acl -Path "c:\perms" $acl.SetAccessRuleProtection($true,$false) $acl.Access | ForEach-Object { $acl.RemoveAccessRule($_) | Out-Null } $ace = New-Object System.Security.Accesscontrol.FileSystemAccessRule ("user", "FullControl", "ContainerInherit,ObjectInherit", "InheritOnly", "Allow") $acl.AddAccessRule($ace) Set-Acl -Path "c:\perms" -AclObject $aclIf I want to add multiple $ace, is it just a matter of declaring $ace2, $ace3 and then calling $acl.AddAccessRule($ace2), $acl.AddAccessRule($ace3).
最满意答案
使用SetAccessRuleProtection()禁用继承并删除继承的ACE:
$acl.SetAccessRuleProtection($true, $false)使用RemoveAccessRule()删除现有的(非继承的)ACE:
$acl.Access | ForEach-Object { $acl.RemoveAccessRule($_) | Out-Null }使用AddAccessRule()添加新的ACE:
$ace = New-Object Security.AccessControl.FileSystemAccessRule "user", ... $acl.AddAccessRule($ace) ...只为最顶层的文件夹执行此操作。 在下面的任何位置启用继承,以便您的更改自动传播。
Use SetAccessRuleProtection() to disable inheritance and remove inherited ACEs:
$acl.SetAccessRuleProtection($true, $false)Use RemoveAccessRule() to remove existing (non-inherited) ACEs:
$acl.Access | ForEach-Object { $acl.RemoveAccessRule($_) | Out-Null }Use AddAccessRule() to add new ACEs:
$ace = New-Object Security.AccessControl.FileSystemAccessRule "user", ... $acl.AddAccessRule($ace) ...Do this only for the topmost folder. Leave inheritance enabled everywhere below, so your changes are propagated automatically.
发布评论