编写代码以将权限添加到远程计算机中的特定文件夹。我们的代码与系统用户一起运行,因此在代码中我们执行了从系统到域用户的用户上下文切换。然后从本地计算机执行命令以在远程计算机文件夹中添加域用户权限。执行代码时获取访问被拒绝错误。以下是供您参考的代码。
更改权限的代码(test.ps1):
$colRights = [System.Security.AccessControl.FileSystemRights]"Read, Write"
$InheritanceFlag = [System.Security.AccessControl.InheritanceFlags]::None
$PropagationFlag = [System.Security.AccessControl.PropagationFlags]::None
$objType =[System.Security.AccessControl.AccessControlType]::Allow
$objUser = New-Object System.Security.Principal.NTAccount("domain\username")
$objACE = New-Object System.Security.AccessControl.FileSystemAccessRule ($objUser, $colRights, $InheritanceFlag, $PropagationFlag, $objType)
$objACL = Get-ACL "\\remote-computer\test"
$objACL.AddAccessRule($objACE)
Set-ACL "\\remote-computer\test" $objACL
执行用户上下文切换的代码:
$username = "domain\username"
$password = "Password"
$securePassword = ConvertTo-SecureString $password -AsPlainText -Force
$credential = New-Object System.Management.Automation.PSCredential $username, $securePassword
Enable-PSRemoting -Force
$session= new-pssession -ComputerName $Env:ComputerName -Credential $credential
invoke-command -Session $session -ScriptBlock {whoami}
invoke-command -Session $session -FilePath C:\Users\Desktop\test.ps1
错误:
拒绝访问CategoryInfo:PermissionDenied: (\ remote-computer \ test:String)[Get-ChildItem], UnauthorizedAccessException + FullyQualifiedErrorId:
ItemExistsUnauthorizedAccessError,Microsoft.PowerShell.Commands.GetChildItemCommand + PSComputerName:本地计算机