我需要创建一个脚本,该脚本将对许多文件夹应用权限,具有不同的权限,具体取决于文件夹名称。有一个根文件夹共享,其中是一个代表每个客户端的文件夹。每个客户端文件夹内部都是一个部门文件夹。我需要限制安全组对每个部门文件夹的访问权限,以便只有属于该部门的人员才能访问它们。
它看起来如下:
ROOT FOLDER SHARE
|
|-----CLIENT1 (everyone has access)
|.......|------DEPARTMENT1 (only members of department1 have access)
|.......|------DEPARTMENT2 (only members of department2 have access)
|.......|------DEPARTMENT3 (only members of department3 have access)
|
|-----CLIENT2 (everyone has access)
|.......|------DEPARTMENT1 (only members of department1 have access)
|.......|------DEPARTMENT2 (only members of department2 have access)
|.......|------DEPARTMENT3 (only members of department3 have access)
|
|-----CLIENT3 (everyone has access)
........|------DEPARTMENT1 (only members of department1 have access)
........|------DEPARTMENT2 (only members of department2 have access)
........|------DEPARTMENT3 (only members of department3 have access)
我不完全确定如何正确地解决这个问题。请有人帮我指点正确的方向吗?这是在运行带有活动目录设置的Windows Server 2008 R2的服务器上。
我目前看起来像这样(看起来很有效):
$Path = Read-Host "What is the starting path?"
$DirectoryName = Read-Host "What is the name of the directory?"
$SecurityGroup = Read-Host "What is the name of the security group that will be given permissions on these directories?"
$ListOfDirectories = Get-ChildItem $Path -Recurse | Where-Object { $_.PSIsContainer } | Where-Object { $_.name -eq $DirectoryName } | foreach-object -process { $_.FullName }
foreach ($directory in $ListOfDirectories) {
icacls.exe $directory /grant ""$SecurityGroup":M" /t
}
答案 0 :(得分:2)
您可以使用Set-ACL命令通过PowerShell自动执行权限设置。
有一篇好文章overhere可以帮助您完成这项任务......
http://technet.microsoft.com/en-us/magazine/2008.02.powershell.aspx