PowerShell v3管理共享/NTFS权限
背景:PowerShell v3管理共享/NTFS权限,powershell,permissions,share,ntfs,Powershell,Permissions,Share,Ntfs,背景: # Setting NTFS directory permissions $acl = Get-Acl "\\$servername\folderpath" $rule = New-Object System.Security.AccessControl.FileSystemAccessRule("domain\user or usergroup","Modify", "ContainerInherit, ObjectInherit", "None", "Allow") $acl.A
# Setting NTFS directory permissions
$acl = Get-Acl "\\$servername\folderpath"
$rule = New-Object System.Security.AccessControl.FileSystemAccessRule("domain\user or usergroup","Modify", "ContainerInherit, ObjectInherit", "None", "Allow")
$acl.AddAccessRule($rule)
$rule = New-Object System.Security.AccessControl.FileSystemAccessRule("Users","Modify", "ContainerInherit, ObjectInherit", "None", "Allow")
$acl.AddAccessRule($rule)
Set-Acl "\\$servername\folderpath" $acl
# Configures the folders to have necessary permissions
# Set the folder path
$Server = Enter your server name here (ex: \\test)
$Share = Enter the path to the folder here (ex: C:\Test)
# Assign the Share Permissions
# User Name/Group to give permissions to
$trustee = ([wmiclass]'Win32_trustee').psbase.CreateInstance()
$trustee.Domain = "Corp"
$trustee.Name = "$gname"
$trustee2 = ([wmiclass]'Win32_trustee').psbase.CreateInstance()
$trustee2.Domain = "Domain"
$trustee2.Name = "Domain Admins"
# Access mask values
$fullcontrol = 2032127
$change = 1245631
$read = 1179785
# Create access-list
$ace = ([wmiclass]'Win32_ACE').psbase.CreateInstance()
$ace.AccessMask = $fullcontrol
$ace.AceFlags = 3
$ace.AceType = 0
$ace.Trustee = $trustee
$ace2 = ([wmiclass]'Win32_ACE').psbase.CreateInstance()
$ace2.AccessMask = $fullcontrol
$ace2.AceFlags = 3
$ace2.AceType = 0
$ace2.Trustee = $trustee2
# Security descriptor containing access
$sd = ([wmiclass]'Win32_SecurityDescriptor').psbase.CreateInstance()
$sd.ControlFlags = 4
$sd.DACL = $ace, $ace2
$sd.group = $trustee
$sd.owner = $trustee
$newShare = Get-WmiObject Win32_Share -List -ComputerName "$Server"
$newShare.create("$Share", "Name of the share", 0, 100, "", "", $sd)
我一直在尝试编写PowerShell脚本来添加/删除文件夹的权限。这个脚本是一系列脚本中的第五个脚本,这些脚本一个接一个地启动。脚本具有共享变量等
脚本如下所示:
# Setting NTFS directory permissions
$acl = Get-Acl "\\$servername\folderpath"
$rule = New-Object System.Security.AccessControl.FileSystemAccessRule("domain\user or usergroup","Modify", "ContainerInherit, ObjectInherit", "None", "Allow")
$acl.AddAccessRule($rule)
$rule = New-Object System.Security.AccessControl.FileSystemAccessRule("Users","Modify", "ContainerInherit, ObjectInherit", "None", "Allow")
$acl.AddAccessRule($rule)
Set-Acl "\\$servername\folderpath" $acl
# Configures the folders to have necessary permissions
# Set the folder path
$Server = Enter your server name here (ex: \\test)
$Share = Enter the path to the folder here (ex: C:\Test)
# Assign the Share Permissions
# User Name/Group to give permissions to
$trustee = ([wmiclass]'Win32_trustee').psbase.CreateInstance()
$trustee.Domain = "Corp"
$trustee.Name = "$gname"
$trustee2 = ([wmiclass]'Win32_trustee').psbase.CreateInstance()
$trustee2.Domain = "Domain"
$trustee2.Name = "Domain Admins"
# Access mask values
$fullcontrol = 2032127
$change = 1245631
$read = 1179785
# Create access-list
$ace = ([wmiclass]'Win32_ACE').psbase.CreateInstance()
$ace.AccessMask = $fullcontrol
$ace.AceFlags = 3
$ace.AceType = 0
$ace.Trustee = $trustee
$ace2 = ([wmiclass]'Win32_ACE').psbase.CreateInstance()
$ace2.AccessMask = $fullcontrol
$ace2.AceFlags = 3
$ace2.AceType = 0
$ace2.Trustee = $trustee2
# Security descriptor containing access
$sd = ([wmiclass]'Win32_SecurityDescriptor').psbase.CreateInstance()
$sd.ControlFlags = 4
$sd.DACL = $ace, $ace2
$sd.group = $trustee
$sd.owner = $trustee
$newShare = Get-WmiObject Win32_Share -List -ComputerName "$Server"
$newShare.create("$Share", "Name of the share", 0, 100, "", "", $sd)
# Setting NTFS directory permissions
$acl = Get-Acl "\\$servername\folderpath"
$rule = New-Object System.Security.AccessControl.FileSystemAccessRule("domain\user or usergroup","Modify", "ContainerInherit, ObjectInherit", "None", "Allow")
$acl.AddAccessRule($rule)
$rule = New-Object System.Security.AccessControl.FileSystemAccessRule("Users","Modify", "ContainerInherit, ObjectInherit", "None", "Allow")
$acl.AddAccessRule($rule)
Set-Acl "\\$servername\folderpath" $acl
# Configures the folders to have necessary permissions
# Set the folder path
$Server = Enter your server name here (ex: \\test)
$Share = Enter the path to the folder here (ex: C:\Test)
# Assign the Share Permissions
# User Name/Group to give permissions to
$trustee = ([wmiclass]'Win32_trustee').psbase.CreateInstance()
$trustee.Domain = "Corp"
$trustee.Name = "$gname"
$trustee2 = ([wmiclass]'Win32_trustee').psbase.CreateInstance()
$trustee2.Domain = "Domain"
$trustee2.Name = "Domain Admins"
# Access mask values
$fullcontrol = 2032127
$change = 1245631
$read = 1179785
# Create access-list
$ace = ([wmiclass]'Win32_ACE').psbase.CreateInstance()
$ace.AccessMask = $fullcontrol
$ace.AceFlags = 3
$ace.AceType = 0
$ace.Trustee = $trustee
$ace2 = ([wmiclass]'Win32_ACE').psbase.CreateInstance()
$ace2.AccessMask = $fullcontrol
$ace2.AceFlags = 3
$ace2.AceType = 0
$ace2.Trustee = $trustee2
# Security descriptor containing access
$sd = ([wmiclass]'Win32_SecurityDescriptor').psbase.CreateInstance()
$sd.ControlFlags = 4
$sd.DACL = $ace, $ace2
$sd.group = $trustee
$sd.owner = $trustee
$newShare = Get-WmiObject Win32_Share -List -ComputerName "$Server"
$newShare.create("$Share", "Name of the share", 0, 100, "", "", $sd)
# Setting NTFS directory permissions
$acl = Get-Acl "\\$servername\folderpath"
$rule = New-Object System.Security.AccessControl.FileSystemAccessRule("domain\user or usergroup","Modify", "ContainerInherit, ObjectInherit", "None", "Allow")
$acl.AddAccessRule($rule)
$rule = New-Object System.Security.AccessControl.FileSystemAccessRule("Users","Modify", "ContainerInherit, ObjectInherit", "None", "Allow")
$acl.AddAccessRule($rule)
Set-Acl "\\$servername\folderpath" $acl
# Configures the folders to have necessary permissions
# Set the folder path
$Server = Enter your server name here (ex: \\test)
$Share = Enter the path to the folder here (ex: C:\Test)
# Assign the Share Permissions
# User Name/Group to give permissions to
$trustee = ([wmiclass]'Win32_trustee').psbase.CreateInstance()
$trustee.Domain = "Corp"
$trustee.Name = "$gname"
$trustee2 = ([wmiclass]'Win32_trustee').psbase.CreateInstance()
$trustee2.Domain = "Domain"
$trustee2.Name = "Domain Admins"
# Access mask values
$fullcontrol = 2032127
$change = 1245631
$read = 1179785
# Create access-list
$ace = ([wmiclass]'Win32_ACE').psbase.CreateInstance()
$ace.AccessMask = $fullcontrol
$ace.AceFlags = 3
$ace.AceType = 0
$ace.Trustee = $trustee
$ace2 = ([wmiclass]'Win32_ACE').psbase.CreateInstance()
$ace2.AccessMask = $fullcontrol
$ace2.AceFlags = 3
$ace2.AceType = 0
$ace2.Trustee = $trustee2
# Security descriptor containing access
$sd = ([wmiclass]'Win32_SecurityDescriptor').psbase.CreateInstance()
$sd.ControlFlags = 4
$sd.DACL = $ace, $ace2
$sd.group = $trustee
$sd.owner = $trustee
$newShare = Get-WmiObject Win32_Share -List -ComputerName "$Server"
$newShare.create("$Share", "Name of the share", 0, 100, "", "", $sd)
# Setting NTFS directory permissions
$acl = Get-Acl "\\$servername\folderpath"
$rule = New-Object System.Security.AccessControl.FileSystemAccessRule("domain\user or usergroup","Modify", "ContainerInherit, ObjectInherit", "None", "Allow")
$acl.AddAccessRule($rule)
$rule = New-Object System.Security.AccessControl.FileSystemAccessRule("Users","Modify", "ContainerInherit, ObjectInherit", "None", "Allow")
$acl.AddAccessRule($rule)
Set-Acl "\\$servername\folderpath" $acl
# Configures the folders to have necessary permissions
# Set the folder path
$Server = Enter your server name here (ex: \\test)
$Share = Enter the path to the folder here (ex: C:\Test)
# Assign the Share Permissions
# User Name/Group to give permissions to
$trustee = ([wmiclass]'Win32_trustee').psbase.CreateInstance()
$trustee.Domain = "Corp"
$trustee.Name = "$gname"
$trustee2 = ([wmiclass]'Win32_trustee').psbase.CreateInstance()
$trustee2.Domain = "Domain"
$trustee2.Name = "Domain Admins"
# Access mask values
$fullcontrol = 2032127
$change = 1245631
$read = 1179785
# Create access-list
$ace = ([wmiclass]'Win32_ACE').psbase.CreateInstance()
$ace.AccessMask = $fullcontrol
$ace.AceFlags = 3
$ace.AceType = 0
$ace.Trustee = $trustee
$ace2 = ([wmiclass]'Win32_ACE').psbase.CreateInstance()
$ace2.AccessMask = $fullcontrol
$ace2.AceFlags = 3
$ace2.AceType = 0
$ace2.Trustee = $trustee2
# Security descriptor containing access
$sd = ([wmiclass]'Win32_SecurityDescriptor').psbase.CreateInstance()
$sd.ControlFlags = 4
$sd.DACL = $ace, $ace2
$sd.group = $trustee
$sd.owner = $trustee
$newShare = Get-WmiObject Win32_Share -List -ComputerName "$Server"
$newShare.create("$Share", "Name of the share", 0, 100, "", "", $sd)
如果我在本地使用这个方法,效果会很好。它共享一个文件夹,例如“C:Test”,没有问题。但是我不能让它在服务器上运行(不确定是因为我使用了变量还是什么)。在本例中,我正试图更改对数据文件夹的权限
# Configures the folders to have necessary permissions
# Set the folder path
# gname, sharedcomputername, and clientname all come from values in previous script
$Server = $ShareComputerName
$Share = "\d$\Tran\"+$ClientName
$FullSharePath = "$Server"+"$Share"
# Assign the permissions
net share $gname=$FullSharePath '/Grant:Administrators,FULL' '/Grant:Domain\Account,CHANGE'
服务器操作系统是2008 R2和PowerShell v3。但DC/AD是2012年。
编辑4/2/15-这不是一个重复的问题(我想有人这样标记了它)…请参阅下面我对用户的回答。问题是您使用的是NET SHARE,它只用于共享本地目录。您不能使用它共享远程目录。您必须在远程系统上运行NET SHARE。不过有几个选择。一种方法是使用PowerShell远程处理来远程访问服务器,然后运行您的NET SHARE命令。另一种方法是使用WMI远程创建共享 使用远程处理应该是直截了当的,但是WMI有点棘手。问题是权限。这里有几个链接可以查看 -您可以将此链接与第二个链接结合使用,以添加安全描述符
编辑4/6/15-我是如何完成我想做的事情的 多亏了Rich Chiavaroli的指针(指向其他线程/源代码),我终于做到了这一点 为了处理NTFS权限,我执行了以下操作:
# Setting NTFS directory permissions
$acl = Get-Acl "\\$servername\folderpath"
$rule = New-Object System.Security.AccessControl.FileSystemAccessRule("domain\user or usergroup","Modify", "ContainerInherit, ObjectInherit", "None", "Allow")
$acl.AddAccessRule($rule)
$rule = New-Object System.Security.AccessControl.FileSystemAccessRule("Users","Modify", "ContainerInherit, ObjectInherit", "None", "Allow")
$acl.AddAccessRule($rule)
Set-Acl "\\$servername\folderpath" $acl
# Configures the folders to have necessary permissions
# Set the folder path
$Server = Enter your server name here (ex: \\test)
$Share = Enter the path to the folder here (ex: C:\Test)
# Assign the Share Permissions
# User Name/Group to give permissions to
$trustee = ([wmiclass]'Win32_trustee').psbase.CreateInstance()
$trustee.Domain = "Corp"
$trustee.Name = "$gname"
$trustee2 = ([wmiclass]'Win32_trustee').psbase.CreateInstance()
$trustee2.Domain = "Domain"
$trustee2.Name = "Domain Admins"
# Access mask values
$fullcontrol = 2032127
$change = 1245631
$read = 1179785
# Create access-list
$ace = ([wmiclass]'Win32_ACE').psbase.CreateInstance()
$ace.AccessMask = $fullcontrol
$ace.AceFlags = 3
$ace.AceType = 0
$ace.Trustee = $trustee
$ace2 = ([wmiclass]'Win32_ACE').psbase.CreateInstance()
$ace2.AccessMask = $fullcontrol
$ace2.AceFlags = 3
$ace2.AceType = 0
$ace2.Trustee = $trustee2
# Security descriptor containing access
$sd = ([wmiclass]'Win32_SecurityDescriptor').psbase.CreateInstance()
$sd.ControlFlags = 4
$sd.DACL = $ace, $ace2
$sd.group = $trustee
$sd.owner = $trustee
$newShare = Get-WmiObject Win32_Share -List -ComputerName "$Server"
$newShare.create("$Share", "Name of the share", 0, 100, "", "", $sd)
为了处理共享权限,我做了以下操作:
# Setting NTFS directory permissions
$acl = Get-Acl "\\$servername\folderpath"
$rule = New-Object System.Security.AccessControl.FileSystemAccessRule("domain\user or usergroup","Modify", "ContainerInherit, ObjectInherit", "None", "Allow")
$acl.AddAccessRule($rule)
$rule = New-Object System.Security.AccessControl.FileSystemAccessRule("Users","Modify", "ContainerInherit, ObjectInherit", "None", "Allow")
$acl.AddAccessRule($rule)
Set-Acl "\\$servername\folderpath" $acl
# Configures the folders to have necessary permissions
# Set the folder path
$Server = Enter your server name here (ex: \\test)
$Share = Enter the path to the folder here (ex: C:\Test)
# Assign the Share Permissions
# User Name/Group to give permissions to
$trustee = ([wmiclass]'Win32_trustee').psbase.CreateInstance()
$trustee.Domain = "Corp"
$trustee.Name = "$gname"
$trustee2 = ([wmiclass]'Win32_trustee').psbase.CreateInstance()
$trustee2.Domain = "Domain"
$trustee2.Name = "Domain Admins"
# Access mask values
$fullcontrol = 2032127
$change = 1245631
$read = 1179785
# Create access-list
$ace = ([wmiclass]'Win32_ACE').psbase.CreateInstance()
$ace.AccessMask = $fullcontrol
$ace.AceFlags = 3
$ace.AceType = 0
$ace.Trustee = $trustee
$ace2 = ([wmiclass]'Win32_ACE').psbase.CreateInstance()
$ace2.AccessMask = $fullcontrol
$ace2.AceFlags = 3
$ace2.AceType = 0
$ace2.Trustee = $trustee2
# Security descriptor containing access
$sd = ([wmiclass]'Win32_SecurityDescriptor').psbase.CreateInstance()
$sd.ControlFlags = 4
$sd.DACL = $ace, $ace2
$sd.group = $trustee
$sd.owner = $trustee
$newShare = Get-WmiObject Win32_Share -List -ComputerName "$Server"
$newShare.create("$Share", "Name of the share", 0, 100, "", "", $sd)
可能是Hi@SoheilHashemi的复制品,虽然类似,但讨论中的链接不再有效。此外,该链接中列出的代码不适用于我(见上文),因为我(猜测)使用变量($gname=$FullSharePath),而不是映射驱动器或其他什么。这就是为什么我贴了…谢谢!谢谢你,Rich Chiavaroli。链接“一种方法”下的信息对共享非常有用。现在我只需要弄清楚如何编辑文件夹的NTFS权限。