当前位置: 文江博客话题详情

使用 powershell 删除文件夹上的所有 ACL

发布于 2024-11-18 15:49:09 字数 219 浏览 3 评论 0原文

我对 powershell 脚本编写还很陌生(自从我开始学习 powershell 以来已经近 1 个月了)。

我目前正在使用 powershell 2.0 编写一个脚本来清理文件夹 NTFS ACL。我想删除除管理员 ACL 之外的所有 ACL。

我的问题是,我无法找到一种方法来删除每个非管理员的 acl,而不需要知道它们。

所以我来这里寻找powershell pro。

原文

I'm pretty new to powershell scripting (nearly 1 month since I started learning powershell.)

I'm currently working on a script with powershell 2.0 to clean folder NTFS ACL. I want to delete every acl except the administrator one.

My problem is that I can't find a way to delete every acl that are not administrator, without knowing them.

So I came here to sought for powershell pro.

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(4

臻嫒无言 2024-11-25 15:49:09

此代码删除 acl:

$acl = Get-Acl \\remote_server\share_folder\HAL.9000
$acl.Access | %{$acl.RemoveAccessRule($_)}

此代码添加管理员 acl:

#BUILTIN administrator

$acl = Get-Acl \\remote_server\share_folder\HAL.9000
$permission  = "BUILTIN\Administrators","FullControl", "ContainerInherit,ObjectInherit","None","Allow"
$accessRule = New-Object System.Security.AccessControl.FileSystemAccessRule $permission
$acl.SetAccessRule($accessRule)
Set-Acl \\remote_server\share_folder\HAL.9000 $acl

#Domain controller administrator

$acl = Get-Acl \\remote_server\share_folder\HAL.9000
$permission  = "DOMAINCONTROLLER\Administrators","FullControl", "ContainerInherit,ObjectInherit","None","Allow"
$accessRule = New-Object System.Security.AccessControl.FileSystemAccessRule $permission
$acl.SetAccessRule($accessRule)
Set-Acl \\remote_server\share_folder\HAL.9000 $acl

希望这会对某人有所帮助:)

This code remove acl :

$acl = Get-Acl \\remote_server\share_folder\HAL.9000
$acl.Access | %{$acl.RemoveAccessRule($_)}

This code add administrator acl :

#BUILTIN administrator

$acl = Get-Acl \\remote_server\share_folder\HAL.9000
$permission  = "BUILTIN\Administrators","FullControl", "ContainerInherit,ObjectInherit","None","Allow"
$accessRule = New-Object System.Security.AccessControl.FileSystemAccessRule $permission
$acl.SetAccessRule($accessRule)
Set-Acl \\remote_server\share_folder\HAL.9000 $acl

#Domain controller administrator

$acl = Get-Acl \\remote_server\share_folder\HAL.9000
$permission  = "DOMAINCONTROLLER\Administrators","FullControl", "ContainerInherit,ObjectInherit","None","Allow"
$accessRule = New-Object System.Security.AccessControl.FileSystemAccessRule $permission
$acl.SetAccessRule($accessRule)
Set-Acl \\remote_server\share_folder\HAL.9000 $acl

Hope this will help someone :)

回复 原文
夏九 2024-11-25 15:49:09

为了方便起见,我将所有这些内容复制/粘贴到一个函数中。如果它对任何人都有用,这里是:

Function Remove-ACL {    
    [CmdletBinding(SupportsShouldProcess=$True)]
    Param(
        [parameter(Mandatory=$true,ValueFromPipeline=$true,Position=0)]
        [ValidateNotNullOrEmpty()]
        [ValidateScript({Test-Path $_ -PathType Container})]
        [String[]]$Folder,
        [Switch]$Recurse
    )

    Process {

        foreach ($f in $Folder) {

            if ($Recurse) {$Folders = $(Get-ChildItem $f -Recurse -Directory).FullName} else {$Folders = $f}

            if ($Folders -ne $null) {

                $Folders | ForEach-Object {

                    # Remove inheritance
                    $acl = Get-Acl $_
                    $acl.SetAccessRuleProtection($true,$true)
                    Set-Acl $_ $acl

                    # Remove ACL
                    $acl = Get-Acl $_
                    $acl.Access | %{$acl.RemoveAccessRule($_)} | Out-Null

                    # Add local admin
                    $permission  = "BUILTIN\Administrators","FullControl", "ContainerInherit,ObjectInherit","None","Allow"
                    $rule = New-Object System.Security.AccessControl.FileSystemAccessRule $permission
                    $acl.SetAccessRule($rule)

                    Set-Acl $_ $acl

                    Write-Verbose "Remove-HCacl: Inheritance disabled and permissions removed from $_"
                }
            }
            else {
                Write-Verbose "Remove-HCacl: No subfolders found for $f"
            }
        }
    }
}

用法:

# For only one folder:
Remove-ACL 'C:\Folder' -Verbose

# For all subfolders:
Remove-ACL 'C:\Folder' -Recurse -Verbose

# Pipe stuff
'C:\Folder 1', 'C:\Folder 2' | Remove-ACL -Verbose

For convenience I've copy/pasted all this stuff together in a function. If it can be of use to anyone, here it is:

Function Remove-ACL {    
    [CmdletBinding(SupportsShouldProcess=$True)]
    Param(
        [parameter(Mandatory=$true,ValueFromPipeline=$true,Position=0)]
        [ValidateNotNullOrEmpty()]
        [ValidateScript({Test-Path $_ -PathType Container})]
        [String[]]$Folder,
        [Switch]$Recurse
    )

    Process {

        foreach ($f in $Folder) {

            if ($Recurse) {$Folders = $(Get-ChildItem $f -Recurse -Directory).FullName} else {$Folders = $f}

            if ($Folders -ne $null) {

                $Folders | ForEach-Object {

                    # Remove inheritance
                    $acl = Get-Acl $_
                    $acl.SetAccessRuleProtection($true,$true)
                    Set-Acl $_ $acl

                    # Remove ACL
                    $acl = Get-Acl $_
                    $acl.Access | %{$acl.RemoveAccessRule($_)} | Out-Null

                    # Add local admin
                    $permission  = "BUILTIN\Administrators","FullControl", "ContainerInherit,ObjectInherit","None","Allow"
                    $rule = New-Object System.Security.AccessControl.FileSystemAccessRule $permission
                    $acl.SetAccessRule($rule)

                    Set-Acl $_ $acl

                    Write-Verbose "Remove-HCacl: Inheritance disabled and permissions removed from $_"
                }
            }
            else {
                Write-Verbose "Remove-HCacl: No subfolders found for $f"
            }
        }
    }
}

Usage:

# For only one folder:
Remove-ACL 'C:\Folder' -Verbose

# For all subfolders:
Remove-ACL 'C:\Folder' -Recurse -Verbose

# Pipe stuff
'C:\Folder 1', 'C:\Folder 2' | Remove-ACL -Verbose
回复 原文
心不设防 2024-11-25 15:49:09

此代码删除 acl : $acl = Get-Acl
\remote_server\share_folder\HAL.9000 $acl.Access |
%{$acl.RemoveAccessRule($_)}

除非您这样做,否则它不会起作用

Set-Acl \\remote_server\share_folder\HAL.9000 $acl

This code remove acl : $acl = Get-Acl
\remote_server\share_folder\HAL.9000 $acl.Access |
%{$acl.RemoveAccessRule($_)}

it does not work until you do

Set-Acl \\remote_server\share_folder\HAL.9000 $acl
回复 原文
孤檠 2024-11-25 15:49:09

为什么不创建一个新列表。例如:

$identity = New-Object System.Security.Principal.NTAccount('NT AUTHORITY\SYSTEM')
$acl = New-Object System.Security.AccessControl.DirectorySecurity
$acl.SetOwner($identity)
$acl.SetGroup($identity)
$rule = New-Object System.Security.AccessControl.FileSystemAccessRule('NT AUTHORITY\SYSTEM', ’FullControl’, ’ContainerInherit, ObjectInherit’, ’None’,’Allow’)
$acl.AddAccessRule($rule)
$rule = New-Object System.Security.AccessControl.FileSystemAccessRule('BUILTIN\Administrators', ’FullControl’, ’ContainerInherit, ObjectInherit’, ’None’, ’Allow’)
$acl.AddAccessRule($rule)
Set-Acl -LiteralPath "C:\MyFolder" -AclObject $acl
Get-Acl -LiteralPath "C:\MyFolder" | Format-List

Why not create a new list. For example:

$identity = New-Object System.Security.Principal.NTAccount('NT AUTHORITY\SYSTEM')
$acl = New-Object System.Security.AccessControl.DirectorySecurity
$acl.SetOwner($identity)
$acl.SetGroup($identity)
$rule = New-Object System.Security.AccessControl.FileSystemAccessRule('NT AUTHORITY\SYSTEM', ’FullControl’, ’ContainerInherit, ObjectInherit’, ’None’,’Allow’)
$acl.AddAccessRule($rule)
$rule = New-Object System.Security.AccessControl.FileSystemAccessRule('BUILTIN\Administrators', ’FullControl’, ’ContainerInherit, ObjectInherit’, ’None’, ’Allow’)
$acl.AddAccessRule($rule)
Set-Acl -LiteralPath "C:\MyFolder" -AclObject $acl
Get-Acl -LiteralPath "C:\MyFolder" | Format-List
回复 原文
~没有更多了~

关于作者

夏花。依旧

暂无简介

0 文章
0 评论
25 人气
发私信

相关话题

更多

热门标签

操作系统 程序设计 IT运维 Linux系统管理 JavaScript 服务器应用 solaris C/C++ PHP Shell BSD Vue.js aix Oracle Python HTML 系统管理 HTML5 CSS 前端
更多

推荐作者

missyouangeled

文章 0 评论 0

三生一梦

文章 0 评论 0

压抑⊿情绪

文章 0 评论 0

天涯离梦残月幽梦

文章 0 评论 0

指尖微凉心微凉

文章 0 评论 0

☆獨立☆

文章 0 评论 0

更多

友情链接

文江博客
    我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
    原文