PowerShell设置Acl新对象:找不到“的重载”;FileSystemAccessRule“;并且参数计数为:“quot;4“;
我完成了脚本中创建目录名的所有部分,根据预定义的目录结构创建目录,根据附加到硬编码名称的项目编号创建广告组,然后将该组添加到特定目录,并为该组设置ACL 我似乎无法绕过这个错误:PowerShell设置Acl新对象:找不到“的重载”;FileSystemAccessRule“;并且参数计数为:“quot;4“;,powershell,acl,Powershell,Acl,我完成了脚本中创建目录名的所有部分,根据预定义的目录结构创建目录,根据附加到硬编码名称的项目编号创建广告组,然后将该组添加到特定目录,并为该组设置ACL 我似乎无法绕过这个错误: 新对象:找不到“FileSystemAccessRule”的重载和参数计数:“4”。 以下是脚本: $domain="DOMAIN" $tldn="net" $pathArr=@() $pathArr+=$path1=Read-Host -Prompt "Enter first pat
新对象:找不到“FileSystemAccessRule”的重载和参数计数:“4”。
以下是脚本:
$domain="DOMAIN"
$tldn="net"
$pathArr=@()
$pathArr+=$path1=Read-Host -Prompt "Enter first path"
$pathArr+=$path2=Read-Host -Prompt "Enter second path"
[int]$projectNumber=try { Read-Host -Prompt "Enter project number" } catch { Write-Host "Not a numeric value. Please try again."; exit }
[string]$mainFolder=[string]${projectNumber}+"_"+(Read-Host -Prompt "Please give the main folder name")
$projectNumberString=[string]$projectNumber
$projectName=Read-Host -Prompt "Please give the project name"
$fullProjectName="${projectNumberString}_${projectName}"
$pathArr+=$path3="$path1\$mainFolder"
$pathArr+=$path4="$path2\$mainFolder"
$pathArr+=$path5="$path3\$fullProjectName"
$pathArr+=$path6="$path4\$fullProjectName"
# Region: Create organizational units in Active Directory
# Names
$ouN1="XYZOU"
$ouN2="ABCOU"
# Paths
$ouP0="DC=$domain,DC=$tldn"
$ouP1="OU=$ouN1,$ouP0"
$ouP2="OU=$ouN2,$ouP1"
Write-Host "Checking for required origanization units..."
try
{
New-ADOrganizationalUnit -Name $ouN1 -Path $ouP1
New-ADOrganizationalUnit -Name $ouN2 -Path $ouP2
}
catch
{
Out-Null
}
Write-Host "Creating AD Group..."
[string]$group="BEST_${projectNumberString}"
$groupdomain="$domain\$group"
$ADGroupParams= @{
'Name' = "$group"
'SamAccountName' = "$group"
'GroupCategory' = "Security"
'GroupScope' = "Global"
'DisplayName' = "$group"
'Path' = "OU=MyBusinessOU,DC=$domain,DC=$tldn"
'Description' = "Test share"
}
$secgroup=New-ADGroup @ADGroupParams
# Region: Set permissions
Write-Host "Setting permissions..."
# get permissions
$acl = Get-Acl -Path $path6
# add a new permission
$InheritanceFlags=[System.Security.AccessControl.InheritanceFlags]”ContainerInherit, ObjectInherit”
$FileSystemAccessRights=[System.Security.AccessControl.FileSystemRights]"Traverse","Executefile","ListDirectory","ReadData", "ReadAttributes", "ReadExtendedAttributes","CreateFiles","WriteData", 'ContainerInherit, ObjectInherit', "CreateDirectories","AppendData", "WriteAttributes", "WriteExtendedAttributes", "DeleteSubdirectoriesAndFiles", "ReadPermissions"
$InheritanceFlags=[System.Security.AccessControl.InheritanceFlags]”ContainerInherit, ObjectInherit”
$PropagationFlags=[System.Security.AccessControl.PropagationFlags]”None”
$AccessControl=[System.Security.AccessControl.AccessControlType]”Allow”
$permission = "$groupdomain", "$InheritanceFlags", "$PropagationFlags", "$AccessControl"
$rule = New-Object -TypeName System.Security.AccessControl.FileSystemAccessRule -ArgumentList $permission
$acl.SetAccessRule($rule)
# set new permissions
$acl | Set-Acl -Path $path6
同样,我正在尝试在Windows环境中在Active Directory中手动执行的操作
$FileSystemAccessRights
参数
$permission
变量已更改为:
$permission=“$groupdomain”、“$FileSystemAccessRights”、“$InheritanceFlags”、“$PropagationFlags”、“$AccessControl”
我仍然得到以下输出:
New-Object : Cannot convert argument "1", with value: "ExecuteFile Executefile ListDirectory ReadData ReadAttributes
ReadExtendedAttributes CreateFiles WriteData ContainerInherit, ObjectInherit CreateDirectories AppendData WriteAttributes
WriteExtendedAttributes DeleteSubdirectoriesAndFiles ReadPermissions", for "FileSystemAccessRule" to type
"System.Security.AccessControl.FileSystemRights": "Cannot convert value "ExecuteFile Executefile ListDirectory ReadData
ReadAttributes ReadExtendedAttributes CreateFiles WriteData ContainerInherit, ObjectInherit CreateDirectories AppendData
WriteAttributes WriteExtendedAttributes DeleteSubdirectoriesAndFiles ReadPermissions" to type
"System.Security.AccessControl.FileSystemRights". Error: "Unable to match the identifier name ExecuteFile Executefile ListDirectory
ReadData ReadAttributes ReadExtendedAttributes CreateFiles WriteData ContainerInherit, ObjectInherit CreateDirectories AppendData
WriteAttributes WriteExtendedAttributes DeleteSubdirectoriesAndFiles ReadPermissions to a valid enumerator name. Specify one of the
following enumerator names and try again: ListDirectory, ReadData, WriteData, CreateFiles, CreateDirectories, AppendData,
ReadExtendedAttributes, WriteExtendedAttributes, Traverse, ExecuteFile, DeleteSubdirectoriesAndFiles, ReadAttributes,
WriteAttributes, Write, Delete, ReadPermissions, Read, ReadAndExecute, Modify, ChangePermissions, TakeOwnership, Synchronize,
FullControl""
编辑
我尝试从变量中删除引号,因为除了$groupdomain
,似乎每个变量都有引号,然后出现以下错误:
New-Object : Cannot convert argument "1", with value: "System.Object[]", for "FileSystemAccessRule" to type
"System.Security.AccessControl.FileSystemRights": "Cannot convert value
"ExecuteFile,Executefile,ListDirectory,ReadData,ReadAttributes,ReadExtendedAttributes,CreateFiles,WriteData,ContainerInherit,
ObjectInherit,CreateDirectories,AppendData,WriteAttributes,WriteExtendedAttributes,DeleteSubdirectoriesAndFiles,ReadPermissions" to
type "System.Security.AccessControl.FileSystemRights". Error: "Unable to match the identifier name
ExecuteFile,Executefile,ListDirectory,ReadData,ReadAttributes,ReadExtendedAttributes,CreateFiles,WriteData,ContainerInherit,
ObjectInherit,CreateDirectories,AppendData,WriteAttributes,WriteExtendedAttributes,DeleteSubdirectoriesAndFiles,ReadPermissions to a
valid enumerator name. Specify one of the following enumerator names and try again: ListDirectory, ReadData, WriteData,
CreateFiles, CreateDirectories, AppendData, ReadExtendedAttributes, WriteExtendedAttributes, Traverse, ExecuteFile,
DeleteSubdirectoriesAndFiles, ReadAttributes, WriteAttributes, Write, Delete, ReadPermissions, Read, ReadAndExecute, Modify,
ChangePermissions, TakeOwnership, Synchronize, FullControl""
Cannot convert argument "rule", with value: "New-Object -TypeName System.Security.AccessControl.FileSystemAccessRule -ArgumentList
WOLF\Elite_1035 Write, Read ContainerInherit, ObjectInherit None Allow", for "SetAccessRule" to type
"System.Security.AccessControl.FileSystemAccessRule": "Cannot convert the "New-Object -TypeName
System.Security.AccessControl.FileSystemAccessRule -ArgumentList WOLF\Elite_1035 Write, Read ContainerInherit, ObjectInherit None
Allow" value of type "System.String" to type "System.Security.AccessControl.FileSystemAccessRule"."
编辑
尝试Stephen的建议,用引号将整个新对象括起来,然后出现以下错误:
New-Object : Cannot convert argument "1", with value: "System.Object[]", for "FileSystemAccessRule" to type
"System.Security.AccessControl.FileSystemRights": "Cannot convert value
"ExecuteFile,Executefile,ListDirectory,ReadData,ReadAttributes,ReadExtendedAttributes,CreateFiles,WriteData,ContainerInherit,
ObjectInherit,CreateDirectories,AppendData,WriteAttributes,WriteExtendedAttributes,DeleteSubdirectoriesAndFiles,ReadPermissions" to
type "System.Security.AccessControl.FileSystemRights". Error: "Unable to match the identifier name
ExecuteFile,Executefile,ListDirectory,ReadData,ReadAttributes,ReadExtendedAttributes,CreateFiles,WriteData,ContainerInherit,
ObjectInherit,CreateDirectories,AppendData,WriteAttributes,WriteExtendedAttributes,DeleteSubdirectoriesAndFiles,ReadPermissions to a
valid enumerator name. Specify one of the following enumerator names and try again: ListDirectory, ReadData, WriteData,
CreateFiles, CreateDirectories, AppendData, ReadExtendedAttributes, WriteExtendedAttributes, Traverse, ExecuteFile,
DeleteSubdirectoriesAndFiles, ReadAttributes, WriteAttributes, Write, Delete, ReadPermissions, Read, ReadAndExecute, Modify,
ChangePermissions, TakeOwnership, Synchronize, FullControl""
Cannot convert argument "rule", with value: "New-Object -TypeName System.Security.AccessControl.FileSystemAccessRule -ArgumentList
WOLF\Elite_1035 Write, Read ContainerInherit, ObjectInherit None Allow", for "SetAccessRule" to type
"System.Security.AccessControl.FileSystemAccessRule": "Cannot convert the "New-Object -TypeName
System.Security.AccessControl.FileSystemAccessRule -ArgumentList WOLF\Elite_1035 Write, Read ContainerInherit, ObjectInherit None
Allow" value of type "System.String" to type "System.Security.AccessControl.FileSystemAccessRule"."
编辑
错误消失了,但我仍然没有看到任何组添加到$path6
的安全属性中
理论上,我还可以通过这样做添加所有权限:
$FileSystemAccessRights=[System.Security.AccessControl.FileSystemRights]“遍历、Executefile、ListDirectory、ReadData、ReadAttributes、ReadExtendedAttributes、CreateFiles、WriteData、CreateDirectory、AppendData、WriteAttributes、WriteExtendedAttributes、DeleteSubdirectories和Files、ReadPermissions”
您在参数中忘记了$FileSystemAccessRights
$permission = $groupdomain, $FileSystemAccessRights, $InheritanceFlags, $PropagationFlags, $AccessControl
编辑,删除双引号
您还有两个问题:
首先创建一个$principal对象
$principal = New-Object System.Security.Principal.NTAccount($groupdomain)
然后尝试减少$FileSystemAccessRights,因为它有问题,尝试一些简单的方法,比如读/写访问
$FileSystemAccessRights=[System.Security.AccessControl.FileSystemRights]"Read, Write"
更新变量$permission的创建以包括主体:
$permission = $principal, $FileSystemAccessRights, $InheritanceFlags, $PropagationFlags, $AccessControl
新对象:找不到“FileSystemAccessRule”和参数计数“5”的重载
此错误的解决方案是展开变量时不使用字符串(字符串周围没有引号)。因此,字符串变量中的任何COMA都被解析为参数
Powershell可以使用@
子句将变量扩展为字符串
解决方案:
请注意,我以其他方式使用函数,因为OP post和OP忘记将$secgroup
变量传递给函数。
根据我的经验,这是在powershell中设置ACL最可靠的方法。感谢您指出这一点。我修改了脚本,仍然收到类似的错误消息。有什么想法吗?是的,请尝试删除双引号,我更新了答案。看起来第一个参数是$FileSystemAccessRights,应该是$groupdomain,如答案中所示。我将我的
$permission
变量完全替换为您的变量。似乎是出于某种原因,将大多数参数读取为一个字符串?@MickyBalledelli我发现对于$FileSystemAccessRights
变量,您的语法与我的不同。我在每个权限属性周围使用了双引号,而您只使用它们对所有属性进行分组(例如,“读,写”
)。我在我的线路上做了同样的事情,它成功了<代码>$FileSystemAccessRights=[System.Security.AccessControl.FileSystemRights]“遍历、Executefile、ListDirectory、ReadData、ReadAttributes、ReadExtendedAttributes、CreateFiles、WriteData、CreateDirectory、AppendData、WriteAttributes、WriteExtendedAttributes、DeleteSubdirectories和Files、ReadPermissions”您是否尝试将$permission括在新对象行的括号中?您也可以在整个New Object子句周围加括号。@StephenGTuggy我试过了,然后更新了我的问题。
$InheritanceFlags = "ContainerInherit, ObjectInherit"
$FileSystemAccessRights = "Traverse,Executefile,ListDirectory,ReadData, ReadAttributes,ReadExtendedAttributes,CreateFiles,WriteData,CreateDirectories,AppendData,WriteAttributes,WriteExtendedAttributes,DeleteSubdirectoriesAndFiles,ReadPermissions"
.
etc...
# Region: Set permissions
Write-Host "Setting permissions..."
# get permissions
$acl = Get-Acl -Path $path6
# add a new permission
$user = $secgroup
$InheritanceFlags="ContainerInherit, ObjectInherit"
$FileSystemAccessRights="Traverse,Executefile,ListDirectory,ReadData, ReadAttributes,ReadExtendedAttributes,CreateFiles,WriteData,CreateDirectories,AppendData,WriteAttributes,WriteExtendedAttributes,DeleteSubdirectoriesAndFiles,ReadPermissions"
$PropagationFlags="None"
$AccessControl="Allow"
$rule = New-Object System.Security.AccessControl.FileSystemAccessRule(@($user), @($FileSystemAccessRights), @($InheritanceFlags), @($PropagationFlags), @($AccessControl))
$acl.SetAccessRule($rule)
#set new permissions
path6.SetAccessControl($acl)