使用set-acl和powershell设置继承和传播标志
我试图模仿在文件夹上单击鼠标右键、在文件夹上设置“修改”以及将权限应用于特定文件夹、子文件夹和文件的操作 我在那里主要使用Powershell,但是继承只被设置为“子文件夹和文件”,而不是整个“此文件夹、子文件夹和文件” System.Security.AccessControl.PropagationFlags是否有一些未列出的标志可以正确设置 这是我目前正在做的工作使用set-acl和powershell设置继承和传播标志,powershell,permissions,file-permissions,Powershell,Permissions,File Permissions,我试图模仿在文件夹上单击鼠标右键、在文件夹上设置“修改”以及将权限应用于特定文件夹、子文件夹和文件的操作 我在那里主要使用Powershell,但是继承只被设置为“子文件夹和文件”,而不是整个“此文件夹、子文件夹和文件” System.Security.AccessControl.PropagationFlags是否有一些未列出的标志可以正确设置 这是我目前正在做的工作 $Folders = Get-childItem c:\TEMP\ $InheritanceFlag = [System.Se
$Folders = Get-childItem c:\TEMP\
$InheritanceFlag = [System.Security.AccessControl.InheritanceFlags]::ContainerInherit -bor [System.Security.AccessControl.InheritanceFlags]::ObjectInherit
$PropagationFlag = [System.Security.AccessControl.PropagationFlags]::InheritOnly
$objType = [System.Security.AccessControl.AccessControlType]::Allow
foreach ($TempFolder in $Folders)
{
echo "Loop Iteration"
$Folder = $TempFolder.FullName
$acl = Get-Acl $Folder
$permission = "domain\user","Modify", $InheritanceFlag, $PropagationFlag, $objType
$accessRule = New-Object System.Security.AccessControl.FileSystemAccessRule $permission
$acl.SetAccessRule($accessRule)
Set-Acl $Folder $acl
}
我想你的答案可以在网上找到。从页面: 此文件夹、子文件夹和文件:
InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit
PropagationFlags.None
不要因为你在PowerShell就忘记了好的前任。有时,他们可以提供最简单的解决方案,例如:
icacls.exe $folder /grant 'domain\user:(OI)(CI)(M)'
下面的表格有助于找到不同权限组合所需的标志 ╔═════════════╦═════════════╦═══════════════════════════════╦════════════════════════╦══════════════════╦═══════════════════════╦═════════════╦═════════════╗ ║ ║ folder only ║ folder, sub-folders and files ║ folder and sub-folders ║ folder and files ║ sub-folders and files ║ sub-folders ║ files ║ ╠═════════════╬═════════════╬═══════════════════════════════╬════════════════════════╬══════════════════╬═══════════════════════╬═════════════╬═════════════╣ ║ Propagation ║ none ║ none ║ none ║ none ║ InheritOnly ║ InheritOnly ║ InheritOnly ║ ║ Inheritance ║ none ║ Container|Object ║ Container ║ Object ║ Container|Object ║ Container ║ Object ║ ╚═════════════╩═════════════╩═══════════════════════════════╩════════════════════════╩══════════════════╩═══════════════════════╩═════════════╩═════════════╝
Flag combinations => Propagation results
=========================================
No Flags => Target folder.
ObjectInherit => Target folder, child object (file), grandchild object (file).
ObjectInherit and NoPropagateInherit => Target folder, child object (file).
ObjectInherit and InheritOnly => Child object (file), grandchild object (file).
ObjectInherit, InheritOnly, and NoPropagateInherit => Child object (file).
ContainerInherit => Target folder, child folder, grandchild folder.
ContainerInherit, and NoPropagateInherit => Target folder, child folder.
ContainerInherit, and InheritOnly => Child folder, grandchild folder.
ContainerInherit, InheritOnly, and NoPropagateInherit => Child folder.
ContainerInherit, and ObjectInherit => Target folder, child folder, child object (file), grandchild folder, grandchild object (file).
ContainerInherit, ObjectInherit, and NoPropagateInherit => Target folder, child folder, child object (file).
ContainerInherit, ObjectInherit, and InheritOnly => Child folder, child object (file), grandchild folder, grandchild object (file).
ContainerInherit, ObjectInherit, NoPropagateInherit, InheritOnly => Child folder, child object (file).
Flag combinations => Propagation results
=========================================
No Flags => Target folder.
ObjectInherit => Target folder, child object (file), grandchild object (file).
ObjectInherit and NoPropagateInherit => Target folder, child object (file).
ObjectInherit and InheritOnly => Child object (file), grandchild object (file).
ObjectInherit, InheritOnly, and NoPropagateInherit => Child object (file).
ContainerInherit => Target folder, child folder, grandchild folder.
ContainerInherit, and NoPropagateInherit => Target folder, child folder.
ContainerInherit, and InheritOnly => Child folder, grandchild folder.
ContainerInherit, InheritOnly, and NoPropagateInherit => Child folder.
ContainerInherit, and ObjectInherit => Target folder, child folder, child object (file), grandchild folder, grandchild object (file).
ContainerInherit, ObjectInherit, and NoPropagateInherit => Target folder, child folder, child object (file).
ContainerInherit, ObjectInherit, and InheritOnly => Child folder, child object (file), grandchild folder, grandchild object (file).
ContainerInherit, ObjectInherit, NoPropagateInherit, InheritOnly => Child folder, child object (file).
InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit
PropagationFlags.None
$PropagationFlag = [System.Security.AccessControl.PropagationFlags]::None
下面是一些简洁的Powershell代码,通过修改文件夹的现有ACL(访问控制列表)将新权限应用于文件夹
$permissions感谢。是的,我几乎解决了DOS批处理文件和icacls或setacl的问题,但我试图学习powershell。。最好的学习方法是用它解决问题,等等。我理解。OTOH我已经使用PowerShell超过5年了,如果它比PowerShell等效程序简单得多,我会毫不犹豫地退回到EXE。在PowerShell中有很多东西需要学习-有些比其他更有价值。:-)我制作了一个文件权限对话框和结果权限之间映射的图表:请添加下面代码中的修改,以使该表+1工作。如果我可以的话,我会给方框图字符加一个+1:)为什么文件夹/文件与继承中的子文件夹/文件不同?请添加代码好吗?链接到页面并引用IMO不是正确的答案。powershell的关键是将标志作为参数传递给FileSystemAccessRule(即新对象)的构造函数,只有此答案显示了这一点。