Powershell 更改ACL权限
是否可以从以下位置更改权限输出文件上下文: 帐户文件夹路径标识引用访问控制类型为Inherited InheritanceFlags PropagationFlags NT AUTHORITY\SYSTEM AllowFALSEContainerInherit ObjectInhertNone\uklonfap11\data\apps\ACCESS2 NT AUTHORITY\SYSTEM允许假容器Inherit ObjectInherit None 内置\Administrators AllowFALSEContainerInherit ObjectInhertNone\uklonfap11\data\apps\ACCESS2内置\Administrators允许假容器Inherit ObjectInherit None 例如: 帐户Ace字符串对象路径 系统允许完全控制此文件夹、子文件夹和继承的文件\UKSHEFAP08\e$\Data\Global\PHE测试用例\PHE\test cases\Benefit语句的备份 每个人都允许修改此文件夹、子文件夹和继承的文件\UKSHEFAP08\e$\Data\Global\PHE测试用例\PHE\test cases\Benefit语句的备份 这有意义吗,或者需要对代码进行完全更改:代码片段是:Powershell 更改ACL权限,powershell,Powershell,是否可以从以下位置更改权限输出文件上下文: 帐户文件夹路径标识引用访问控制类型为Inherited InheritanceFlags PropagationFlags NT AUTHORITY\SYSTEM AllowFALSEContainerInherit ObjectInhertNone\uklonfap11\data\apps\ACCESS2 NT AUTHORITY\SYSTEM允许假容器Inherit ObjectInherit None 内置\Administrators Allo
$OutFile = "C:\Users\munjanga\Documents\AoN Project\Execute\Output.csv"
$Header = "Folder Path,IdentityReference,AccessControlType,IsInherited,InheritanceFlags,PropagationFlags"
Del $OutFile
Add-Content -Value $Header -Path $OutFile
$RootPath = "C:\Users\munjanga\Documents\Operations Orchestration"
$Folders = dir $RootPath -recurse | where {$_.psiscontainer -eq $true}
$isInherited = @{
$true = 'Inherited'
$false = 'Not Inherited'
}
$inheritance = @{
0 = 'files only'
1 = 'this folder and subfolders'
2 = 'this folder and files'
3 = 'subfolders and files'
}
$fldr = $Folder.FullName
$Folders | % {
$fldr = $_.FullName
Get-Acl $fldr | select -Expand Access |
select @{n='Account';e={$_.IdentityReference}},
@{n='ACE String';e={"{0} {1}, {2} ({3})" -f $_.AccessControlType,
$_.FileSystemRights, $inheritance[$_.InheritanceFlags],
$isInherited[$_.IsInherited]}},
@{n='Object Path';e={$fldr}}}
您可以为此使用计算属性:
$fldr = $Folder.FullName
Get-Acl $fldr | select -Expand Access |
select @{n='Account';e={$_.IdentityReference}},
@{n='ACE String';e={"{0} {1}, {2} ({3})" -f $_.AccessControlType,
$_.FileSystemRights, $_.InheritanceFlags, $_.IsInherited}},
@{n='Object Path';e={$fldr}}
可通过哈希表提供自定义文本,例如:
$isInherited = @{
$true = 'Inherited'
$false = 'Not Inherited'
}
$inheritance = @{
0 = 'files only'
1 = 'this folder and subfolders'
2 = 'this folder and files'
3 = 'subfolders and files'
}
$fldr = $Folder.FullName
Get-Acl $fldr | select -Expand Access |
select @{n='Account';e={$_.IdentityReference}},
@{n='ACE String';e={"{0} {1}, {2} ({3})" -f $_.AccessControlType,
$_.FileSystemRights, $inheritance[$_.InheritanceFlags.value__],
$isInherited[$_.IsInherited]}},
@{n='Object Path';e={$fldr}}
但是,GUI中显示的权限有时由多个ACE组成,因此没有简单的方法可以完全实现您想要的。您必须评估任何给定ACL的所有ACE,并将符合特定条件的ACE合并到单个显示记录中
作为旁注:你不应该手工制作CSV。让PowerShell为您完成以下工作:
$Folders | % {
$fldr = $_.FullName
Get-Acl $fldr | select -Expand Access | ...
} | Export-Csv $OutFile -NoType
看起来您需要一个CSV文件。如果是这样,不要重新发明轮子。使用“选择对象”或“格式”作为。然后使用导出Csv导出。