以下代码将Domain Admins组设置得很好。但是,我还需要在我的文件夹上设置本地管理员[COMPUTER-NAME \ Administrators]组。
function Set-DirACLs
{
# Gets the names of the directories in the directory and adds them to an array.
$dircount = Get-ChildItem $UV | foreach-object -process { $_.FullName }
$cname = $env:computername
$localadmin = "$cname\" + "Administrators"
$userlist = @("MYDOMAIN\Domain Admins", $localadmin)
#Loops through the directories and sets the ACL on each.
foreach($folder in $dircount)
{
#Print some info to the console so we don't mistake the script being stuck.
Write-Host "Editing ACL for $folder "
Write-Host "Standby "
Write-Host $localadmin
$InheritanceFlag = [System.Security.AccessControl.InheritanceFlags]::ContainerInherit -bor [System.Security.AccessControl.InheritanceFlags]::ObjectInherit
$PropagationFlag = [System.Security.AccessControl.PropagationFlags]::none
$colRights = [System.Security.AccessControl.FileSystemRights]"FullControl"
$objType =[System.Security.AccessControl.AccessControlType]::Allow
$ACL = Get-Acl $folder
$folder = (convert-path $ACL.pspath)
$acl.SetAccessRuleProtection($True, $False)
#Now we have to iterate over the users in userlist for each directory.
foreach($user in $userlist)
{
$objUser = New-Object System.Security.Principal.NTAccount($user)
$rule = New-Object System.Security.AccessControl.FileSystemAccessRule($objUser, $colRights, $InheritanceFlag,$PropagationFlag, $objType)
$ACL.AddAccessRule($rule)
Set-Acl $folder $ACL
}
}
}
但是我一直收到这个错误,无论我如何更改$ localadmin变量来连接computername + \ Administrators我都会收到此错误
Exception calling "AddAccessRule" with "1" argument(s): "Some or all identity references could not be translated."
这让我疯了!!
答案 0 :(得分:2)
尝试改变这一点:
$localadmin = "BUILTIN\Administrators"
然后不再需要这一行:
$cname = $env:computername
答案 1 :(得分:0)
我对此感到困惑和兴奋,最后这是有效的:
$userlist = @("MYDOMAIN\Domain Admins", $cname + "\Administrators")
对不起的部分是我知道我尝试过之前我在这里问了这个问题并且没有用。我想我第一次离开了我的东西。