我正在尝试模仿右键单击文件夹,在文件夹上设置“修改”以及将权限应用于特定文件夹以及子文件夹和文件的操作。
我主要使用Powershell,但是继承仅被设置为“子文件夹和文件”而不是整个“此文件夹,子文件夹和文件”。
System.Security.AccessControl.PropagationFlags是否有一些未列出的标志会正确设置?
到目前为止,这是我正在使用的内容。
$Folders = Get-childItem c:\TEMP\
$InheritanceFlag = [System.Security.AccessControl.InheritanceFlags]::ContainerInherit -bor [System.Security.AccessControl.InheritanceFlags]::ObjectInherit
$PropagationFlag = [System.Security.AccessControl.PropagationFlags]::InheritOnly
$objType = [System.Security.AccessControl.AccessControlType]::Allow
foreach ($TempFolder in $Folders)
{
echo "Loop Iteration"
$Folder = $TempFolder.FullName
$acl = Get-Acl $Folder
$permission = "domain\user","Modify", $InheritanceFlag, $PropagationFlag, $objType
$accessRule = New-Object System.Security.AccessControl.FileSystemAccessRule $permission
$acl.SetAccessRule($accessRule)
Set-Acl $Folder $acl
}
答案 0 :(得分:63)
这是一个帮助查找不同权限组合所需标志的表格。
╔═════════════╦═════════════╦═══════════════════════════════╦════════════════════════╦══════════════════╦═══════════════════════╦═════════════╦═════════════╗
║ ║ folder only ║ folder, sub-folders and files ║ folder and sub-folders ║ folder and files ║ sub-folders and files ║ sub-folders ║ files ║
╠═════════════╬═════════════╬═══════════════════════════════╬════════════════════════╬══════════════════╬═══════════════════════╬═════════════╬═════════════╣
║ Propagation ║ none ║ none ║ none ║ none ║ InheritOnly ║ InheritOnly ║ InheritOnly ║
║ Inheritance ║ none ║ Container|Object ║ Container ║ Object ║ Container|Object ║ Container ║ Object ║
╚═════════════╩═════════════╩═══════════════════════════════╩════════════════════════╩══════════════════╩═══════════════════════╩═════════════╩═════════════╝
所以,正如大卫所说,你会想要的
InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit
PropagationFlags.None
答案 1 :(得分:30)
我认为您的答案可以在this page找到。从页面:
此文件夹,子文件夹和文件:
InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit PropagationFlags.None
答案 2 :(得分:8)
仅仅因为你在PowerShell中就不会忘记好的'exes'。有时他们可以提供最简单的解决方案,例如:
icacls.exe $folder /grant 'domain\user:(OI)(CI)(M)'
答案 3 :(得分:5)
这里有一些简洁的Powershell代码,可以通过修改现有的ACL(访问控制列表)将新权限应用于文件夹。
# Get the ACL for an existing folder
$existingAcl = Get-Acl -Path 'C:\DemoFolder'
# Set the permissions that you want to apply to the folder
$permissions = $env:username, 'Read,Modify', 'ContainerInherit,ObjectInherit', 'None', 'Allow'
# Create a new FileSystemAccessRule object
$rule = New-Object -TypeName System.Security.AccessControl.FileSystemAccessRule -ArgumentList $permissions
# Modify the existing ACL to include the new rule
$existingAcl.SetAccessRule($rule)
# Apply the modified access rule to the folder
$existingAcl | Set-Acl -Path 'C:\DemoFolder'
$permissions变量列表中的每个值都与this constructor类FileSystemAccessRule的参数相关。
由this page提供。
答案 4 :(得分:2)
这里是描述标志的the MSDN page以及各种组合的结果。
Flag combinations => Propagation results
=========================================
No Flags => Target folder.
ObjectInherit => Target folder, child object (file), grandchild object (file).
ObjectInherit and NoPropagateInherit => Target folder, child object (file).
ObjectInherit and InheritOnly => Child object (file), grandchild object (file).
ObjectInherit, InheritOnly, and NoPropagateInherit => Child object (file).
ContainerInherit => Target folder, child folder, grandchild folder.
ContainerInherit, and NoPropagateInherit => Target folder, child folder.
ContainerInherit, and InheritOnly => Child folder, grandchild folder.
ContainerInherit, InheritOnly, and NoPropagateInherit => Child folder.
ContainerInherit, and ObjectInherit => Target folder, child folder, child object (file), grandchild folder, grandchild object (file).
ContainerInherit, ObjectInherit, and NoPropagateInherit => Target folder, child folder, child object (file).
ContainerInherit, ObjectInherit, and InheritOnly => Child folder, child object (file), grandchild folder, grandchild object (file).
ContainerInherit, ObjectInherit, NoPropagateInherit, InheritOnly => Child folder, child object (file).
要让它以递归方式将权限应用于目录以及所有子目录和文件,您将需要使用这些标志:
InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit
PropagationFlags.None
因此,您需要为您的示例更改特定代码:
$PropagationFlag = [System.Security.AccessControl.PropagationFlags]::None