我有数千个文件夹需要通过Fullcontrol访问权限来修改用户以修改访问权限。以下是我所拥有的清单:
更改NTFS权限的脚本:
$ acl = Get-Acl“G:\ Folder” $ acl |格式列表 $ acl.GetAccessRules($ true,$ true,[System.Security.Principal.NTAccount]) #second $ true在以下行打开继承,$ False关闭 $ acl.SetAccessRuleProtection($ True,$ True) $ rule = New-Object System.Security.AccessControl.FileSystemAccessRule(“Administrators”,“FullControl”,“ContainerInherit,ObjectInherit”,“None”,“Allow”) $ acl.AddAccessRule($规则) $ rule = New-Object System.Security.AccessControl.FileSystemAccessRule(“My-ServerTeam”,“FullControl”,“ContainerInherit,ObjectInherit”,“None”,“Allow”) $ acl.AddAccessRule($规则) $ rule = New-Object System.Security.AccessControl.FileSystemAccessRule(“Users”,“Read”,“ContainerInherit,ObjectInherit”,“None”,“Allow”) $ acl.AddAccessRule($规则) Set-Acl“G:\ Folder”$ acl Get-Acl“G:\ Folder”|格式列表
包含需要从fullcontrol更改为修改的目录和用户的文本文件。
我总是可以为路径和/或用户名创建变量并创建ForEach循环,但我不确定如何将每个文件夹的ACL中存在的用户更改为“修改”,但将管理员帐户保留为完全控制。任何帮助将不胜感激。
答案 0 :(得分:0)
走了另一条路,得到了我需要的东西。我并不感到惊讶,没有人试图在这个问题上帮助我......这很艰难。我将为下一个遇到此问题的人发布脚本。 有两个脚本。第一个我从互联网上获得并改变了一点。第二个脚本使用自动化所需的参数启动第一个脚本。
第一个脚本命名为SetFolderPermission.ps1:
param ([string]$Path, [string]$Access, [string]$Permission = ("Modify"), [switch]$help)
function GetHelp() {
$HelpText = @"
DESCRIPTION:
NAME: SetFolderPermission.ps1
Sets FolderPermissions for User on a Folder.
Creates folder if not exist.
PARAMETERS:
-Path Folder to Create or Modify (Required)
-User User who should have access (Required)
-Permission Specify Permission for User, Default set to Modify (Optional)
-help Prints the HelpFile (Optional)
SYNTAX:
./SetFolderPermission.ps1 -Path C:\Folder\NewFolder -Access Domain\UserName -Permission FullControl
Creates the folder C:\Folder\NewFolder if it doesn't exist.
Sets Full Control for Domain\UserName
./SetFolderPermission.ps1 -Path C:\Folder\NewFolder -Access Domain\UserName
Creates the folder C:\Folder\NewFolder if it doesn't exist.
Sets Modify (Default Value) for Domain\UserName
./SetFolderPermission.ps1 -help
Displays the help topic for the script
Below Are Available Values for -Permission
"@
$HelpText
[system.enum]::getnames([System.Security.AccessControl.FileSystemRights])
}
<#
function CreateFolder ([string]$Path) {
# Check if the folder Exists
if (Test-Path $Path) {
Write-Host "Folder: $Path Already Exists" -ForeGroundColor Yellow
} else {
Write-Host "Creating $Path" -Foregroundcolor Green
New-Item -Path $Path -type directory | Out-Null
}
}
#>
function SetAcl ([string]$Path, [string]$Access, [string]$Permission) {
# Get ACL on FOlder
$GetACL = Get-Acl $Path
# Set up AccessRule
$Allinherit = [system.security.accesscontrol.InheritanceFlags]"ContainerInherit, ObjectInherit"
$Allpropagation = [system.security.accesscontrol.PropagationFlags]"None"
$AccessRule = New-Object system.security.AccessControl.FileSystemAccessRule($Access, $Permission, $AllInherit, $Allpropagation, "Allow")
# Check if Access Already Exists
if ($GetACL.Access | Where {$_.IdentityReference -eq $Access}) {
Write-Host "Modifying Permissions For: $Access on directory: $Path" -ForeGroundColor Yellow
$AccessModification = New-Object system.security.AccessControl.AccessControlModification
$AccessModification.value__ = 2
$Modification = $False
$GetACL.ModifyAccessRule($AccessModification, $AccessRule, [ref]$Modification) | Out-Null
} else {
Write-Host "Adding Permission: $Permission For: $Access"
$GetACL.AddAccessRule($AccessRule)
}
Set-Acl -aclobject $GetACL -Path $Path
Write-Host "Permission: $Permission Set For: $Access on directory: $Path" -ForeGroundColor Green
}
if ($help) { GetHelp }
if ($Access -AND $Permission) {
SetAcl $Path $Access $Permission
}
下一个脚本调用第一个脚本并添加所需的参数。包含2列的CSV,文件夹和用户名具有完全控制权。
$path = "C:\Scripts\scandata\TwoColumnCSVwithPathandUserwithFullControl.csv"
$csv = Import-csv -path $path
foreach($line in $csv){
$userN = $line.IdentityReference
$PathN = $line.Path
$dir = "$PathN"
$DomUser = "$userN"
$Perm = "Modify"
$scriptPath = "C:\Scripts\SetFolderPermission.ps1"
$argumentList1 = '-Path'
$argumentList2 = "$dir"
$argumentList3 = '-Access'
$argumentList4 = "$DomUser"
$argumentList5 = '-Permission'
$argumentList6 = "$Perm"
Invoke-Expression "$scriptPath $argumentList1 $argumentList2 $argumentList3 $argumentList4 $argumentList5 $argumentList6"