这个让我很难过。我试图用PowerShell做到这一点,但它不一定是......
基本上,我有一个文本文件,其中包含已迁移的大型目录结构的ACL信息(我意识到内容有很多需要,但我们不再能访问原始文件系统,所以这就是我们的意思必须与之合作。
我需要生成一个批处理文件来重新激活新的(复制的)文件系统。
简而言之,我需要转换这样的文本(抱歉滚动,但我试图保留行间距):
Path: \\Share.Domain.com\Directory01$\Subdirectory01
AccessToString : DOMAIN\Group01-Knuckleheads Allow ReadAndExecute, Synchronize
BUILTIN\Administrators
Path: \\Share.Domain.com\Directory02$\Subdirectory01
AccessToString : DOMAIN\Different-Group02 Allow FullControl
BUILTIN\Administrators Allow FullControl
使用如下内容进入新文件(或相同文件,无关紧要):
ICacls "\\Share.Domain.com\Directory01$\Subdirectory01" /Grant "DOMAIN\Group01-Knuckleheads":(OI)(CI)R,X,S /t /c /l /q /inheritance:r
ICacls "\\Share.Domain.com\Directory01$\Subdirectory01" /Grant "BUILTIN\Administrators":(OI)(CI)F /t /c /l /q /inheritance:r
ICacls "\\Share.Domain.com\Directory02$\Subdirectory01" /Grant "DOMAIN\Different-Group02":(OI)(CI)F /c /l /q /inheritance:r
ICacls "\\Share.Domain.com\Directory02$\Subdirectory01" /Grant "BUILTIN\Administrators":(OI)(CI)F /c /l /q /inheritance:r
我试图解决这个问题的半可怜尝试仍然在进行中,但我意识到这个敌人比我的魔法还要大:
#$ACLs = Get-Content C:\Scripts\Test\AndTest.txt
#ForEach-Object ($ACL in $ACLs)
#{
#Figure out how to break strings into variables....
#}
#Declare Var - Need to populate from the imported text file
$FilePath = "\\Share.Domain.com\Directory01$\Subdirectory01"
$GroupName = "DOMAIN\Domain Admins"
$TestPerm = "ReadAndExecute"
If ($TestPerm = "FullControl"){$Perms = "F"}
Elseif ($TestPerm = "ReadAndExecute"){$Perms = "RX"}
Elseif ($TestPerm = "Modify"){$Perms = "M"}
Elseif ($TestPerm = "Deny"){$Perms = "D"}
Elseif ($TestPerm = "Read"){$Perms = "R"}
Elseif ($TestPerm = "Write"){$Perms = "W"}
cls
#Build icacls string -Test Output
Write-Host "ICacls ""$FilePath"" /Grant ""$GroupName"":(OI)(CI)$Perms /t /c /l /q /inheritance:r"
#Write icacls batch file
#Out-File "C:\Scripts\Test\re-acl.cmd" "ICacls ""$FilePath"" /Grant ""$GroupName"":(OI)(CI)$Perms /t /c /l /q /inheritance:r"
我意识到这里有很多工作要做。我刚刚开始明白这一点。例如,我想我需要将权限列入数组并构建字符串。还必须有特殊权限等......
但是现在,我试图弄清楚如何导入文本文件,然后将其分解为变量......就像我说的,我在Powershell工作,但它确实可以是任何东西...... VB或Python也许?
提前非常感谢!
答案 0 :(得分:1)
好的,我认为你的大部分问题都是解析文本,所以这主要是我在这里帮助的。我确实构建了字符串,如果你想要包含更多权限,你应该能够弄清楚如何将它们添加到switch。为此,我们希望将整个文本文件作为一个大的多行字符串读取。然后我们根据关键字" Path:"将其拆分成块。然后,对于每个记录,我将路径作为字符串获取,获取权限,并解析帐户,允许/拒绝和单独访问。然后我将访问转换为icacls接受的短版本,并将参数构建为格式化字符串。
我输出到主机,但是一旦你对它看起来很满意,你可以删除Write-Host "和尾随",它只会执行它(假设icacls在您在其中或在PATH环境变量中的相同文件夹。
$Text = Get-Content C:\Scripts\Test\AndTest.txt -Raw
$Records = $Text -split "(?s)(Path:.*?)(?=Path:|$)"|?{$_}
#Loop through each file/ACL
ForEach($Record in $Records){
$FilePath = ($Record -split "[\r\n]+")[0].Substring(6)
$PermRecords = ($Record -split "(?s)AccessToString : "|Select -skip 1) -split "[\r\n]+"|?{$_}
$Perms = $PermRecords|?{$_ -match "(.*\\.*?)\s+(Allow|Deny)(.*)$"}|%{[pscustomobject]@{'Account'=$Matches[1].Trim();'Type'=$Matches[2];'Perms'=$Matches[3].Trim()}}
#Loop through each perm for the current file
$Perms | %{
#Convert friendly names to abbreviations
$ShortPerms = ''
Switch -regex ($_.Perms){
"FullControl" {$ShortPerms = "F";Continue}
"ReadAndExecute" {$ShortPerms += "RX,"}
"Synchronize" {$ShortPerms += "S,"}
"Modify" {$ShortPerms += "M,"}
"Read(?=,|$)" {$ShortPerms += "R,"}
"Write" {$ShortPerms += "W,"}
}
$ShortPerms = $ShortPerms.TrimEnd(',')
$Arguments = '"{0}" /{4} "{1}":(OI)(CI)({2}) /t /c /l /q /inheritance:r' -f $FilePath, $_.Account, $ShortPerms,$(If($_.Type -eq 'Allow'){'Grant'}else{'Deny'})
write-host "& ICAcls $Arguments"
}
}
如果-Raw参数不适合您,您可以使用
(Get-Content C:\Scripts\Test\AndTest.txt) -join "`r`n"
如果您有任何疑问或问题,请与我联系。