我们试图将对exe的访问权限仅限于一组用户。
默认情况下,管理员也继承了访问权限。
如何删除对管理员的继承并仅提供对用户组名称的访问权限,请说“特殊日志管理员”?
答案 0 :(得分:0)
在这里查看http://technet.microsoft.com/en-us/library/ff730951.aspx和https://www.angryadmin.co.uk/?p=425
$colRights = [System.Security.AccessControl.FileSystemRights]"FullControl"
$InheritanceFlag = [System.Security.AccessControl.InheritanceFlags]::None
$PropagationFlag = [System.Security.AccessControl.PropagationFlags]::None
$objType =[System.Security.AccessControl.AccessControlType]::Allow
$objUser = New-Object System.Security.Principal.NTAccount("BUILTIN\Users")
$objACE = New-Object System.Security.AccessControl.FileSystemAccessRule `
($objUser, $colRights, $InheritanceFlag, $PropagationFlag, $objType)
$objACL = Get-ACL "C:\Scripts\Test.ps1"
$objACL.AddAccessRule($objACE)
#!!!Remove the parent folder inheritance and don't copy the previously inherited permissions.
$objAcl.SetAccessRuleProtection($true,$false)
Set-ACL "C:\Scripts\Test.ps1" $objACL