如何仅为特定用户组授予对文件的访问权限?

时间:2014-01-27 09:43:18

标签: batch-file powershell powershell-v2.0 acl

我们试图将对exe的访问权限仅限于一组用户。

默认情况下,管理员也继承了访问权限。

如何删除对管理员的继承并仅提供对用户组名称的访问权限,请说“特殊日志管理员”?

1 个答案:

答案 0 :(得分:0)

在这里查看http://technet.microsoft.com/en-us/library/ff730951.aspxhttps://www.angryadmin.co.uk/?p=425

$colRights = [System.Security.AccessControl.FileSystemRights]"FullControl"

$InheritanceFlag = [System.Security.AccessControl.InheritanceFlags]::None
$PropagationFlag = [System.Security.AccessControl.PropagationFlags]::None

$objType =[System.Security.AccessControl.AccessControlType]::Allow

$objUser = New-Object System.Security.Principal.NTAccount("BUILTIN\Users")

$objACE = New-Object System.Security.AccessControl.FileSystemAccessRule `
    ($objUser, $colRights, $InheritanceFlag, $PropagationFlag, $objType)

$objACL = Get-ACL "C:\Scripts\Test.ps1"
$objACL.AddAccessRule($objACE)

#!!!Remove the parent folder inheritance and don't copy the previously inherited permissions.
$objAcl.SetAccessRuleProtection($true,$false)

Set-ACL "C:\Scripts\Test.ps1" $objACL