我尝试在set-acl cmdlet中使用我的函数,但它确实正常工作,我的函数被识别为一个简单的"字符串"。
$acl = Get-Acl C:\MSI -Verbose
$acl.SetAccessRuleProtection($True, $False)
$rule = New-Object System.Security.AccessControl.FileSystemAccessRule ("Get-GroupName -SID 'S-1-1-0'","FullControl", "ContainerInherit, ObjectInherit", "None", "Allow") -Verbose
$acl.AddAccessRule($rule)
$rule = New-ObjectSystem.Security.AccessControl.FileSystemAccessRule("Get-GroupName -SID 'S-1-5-32-544'","Readandexecute", "ContainerInherit, ObjectInherit", "None", "Allow") -Verbose
$acl.AddAccessRule($rule)
Set-Acl C:\MSI $acl
答案 0 :(得分:2)
它被识别为一个字符串,因为你把它写成一个字符串。引号内的所有内容("或')都是字符串。
如果你的函数返回一个字符串值,那么你可以像这样使用它:
$acl = Get-Acl C:\MSI -Verbose
$acl.SetAccessRuleProtection($True, $False)
$rule = New-Object System.Security.AccessControl.FileSystemAccessRule ((Get-GroupName -SID 'S-1-1-0'),"FullControl", "ContainerInherit, ObjectInherit", "None", "Allow") -Verbose
$acl.AddAccessRule($rule)
$rule = New-ObjectSystem.Security.AccessControl.FileSystemAccessRule((Get-GroupName -SID 'S-1-5-32-544'),"Readandexecute", "ContainerInherit, ObjectInherit", "None", "Allow") -Verbose
$acl.AddAccessRule($rule)
Set-Acl C:\MSI $acl