我在使用PowerShell将ACL设置为文件夹时遇到问题。似乎我能够通过我的代码没有任何错误,但该文件夹仍然没有出现在该文件夹的安全属性中。我看到的其他文章似乎有答案,但随后评论,如果有的话,它不起作用,并且在尝试答案建议后,它不会导致该组出现在该文件夹的系统属性中。 / p>
到目前为止我的脚本如下:
$域= “DOMAIN” $ TLDN = “净”
SELECT * FROM `report_details` order by `report_id` <> 5, reference_no
修改
根据Mickey的评论,我添加了此代码以测试$pathArr=@()
$pathArr+=$path1=Read-Host -Prompt "Enter first path"
$pathArr+=$path2=Read-Host -Prompt "Enter second path"
[int]$projectNumber=try { Read-Host -Prompt "Enter project number" } catch { Write-Host "Not a numeric value. Please try again."; exit }
[string]$mainFolder=[string]${projectNumber}+"_"+(Read-Host -Prompt "Please give the main folder name")
$projectNumberString=[string]$projectNumber
$projectName=Read-Host -Prompt "Please give the project name"
$fullProjectName="${projectNumberString}_${projectName}"
$pathArr+=$path3="$path1\$mainFolder"
$pathArr+=$path4="$path2\$mainFolder"
$pathArr+=$path5="$path3\$fullProjectName"
$pathArr+=$path6="$path4\$fullProjectName"
# Region: Create organizational units in Active Directory
# Names
$ouN1="XYZOU"
$ouN2="ABCOU"
# Paths
$ouP0="DC=$domain,DC=$tldn"
$ouP1="OU=$ouN1,$ouP0"
$ouP2="OU=$ouN2,$ouP1"
Write-Host "Checking for required origanization units..."
try
{
New-ADOrganizationalUnit -Name $ouN1 -Path $ouP1
New-ADOrganizationalUnit -Name $ouN2 -Path $ouP2
}
catch
{
Out-Null
}
'的路径
$path6结果是路径写入主机并说if ( Test-Path -Path "$path6" )
{
Write-Host "$path6"
Write-Host "Path exists."
}
else
{
Write-Host "Path does not exist."
}
。
写主机“创建AD组......”
[字符串] $组= “BEST _ $ {projectNumberString}”
$ groupdomain = “$域\ $基”
Path exists.我尝试了$ADGroupParams= @{
'Name' = "$group"
'SamAccountName' = "$group"
'GroupCategory' = "Security"
'GroupScope' = "Global"
'DisplayName' = "$group"
'Path' = "OU=MyBusinessOU,DC=$domain,DC=$tldn"
'Description' = "Test share"
}
$secgroup=New-ADGroup @ADGroupParams
# Region: Set permissions
Write-Host "Setting permissions..."
# get permissions
$acl = Get-Acl -Path $path6
# add a new permission
$InheritanceFlags=[System.Security.AccessControl.InheritanceFlags]”ContainerInherit, ObjectInherit”
$FileSystemAccessRights=[System.Security.AccessControl.FileSystemRights]"Traverse","Executefile","ListDirectory","ReadData", "ReadAttributes", "ReadExtendedAttributes","CreateFiles","WriteData", 'ContainerInherit, ObjectInherit', "CreateDirectories","AppendData", "WriteAttributes", "WriteExtendedAttributes", "DeleteSubdirectoriesAndFiles", "ReadPermissions"
$InheritanceFlags=[System.Security.AccessControl.InheritanceFlags]”ContainerInherit, ObjectInherit”
$PropagationFlags=[System.Security.AccessControl.PropagationFlags]”None”
$AccessControl=[System.Security.AccessControl.AccessControlType]”Allow”
$permission = "$groupdomain", "$InheritanceFlags", "$PropagationFlags", "$AccessControl"
$rule = New-Object -TypeName System.Security.AccessControl.FileSystemAccessRule -ArgumentList $permission
$acl.SetAccessRule($rule)
# set new permissions
$acl | Set-Acl -Path $path6
,但这也无效。
同样,我没有得到任何错误。
我在Windows Server 2012 R2上的PowerShell ISE中运行PowerShell 4.0。我以管理员身份登录。
如果您有任何想法,我向他们开放。为了清楚起见,我的目标是将Set-Acl -ACLObject:$acl -Path:$path6添加到名为$groupdomain的文件夹中,并将此处概述的ACL应用于该组。
提前感谢您的帮助。