如何用此对象的“替换所有子对象权限”条目替换所有子对象许可条目。使用PowerShell访问ACL文件夹

发布于 2025-01-21 13:33:34 字数 794 浏览 0 评论 0原文

我正在尝试使用PowerShell启用“将所有子对象许可条目替换为来自此对象的可继承权限条目”，下面是我的脚本

$ProfileDir = 'C:\Users\'
$Profiles = Get-ChildItem $ProfileDir \ Select-Object -ExpandProperty Name

ForEach ($X in $Profiles) 
{
    $Profile = $ProfileDir + $X 
    Write-Host "Starting $Profile"

    $Acl = Get-Acl $Profile
    $Acl.SetAccessRuleProtection($false, $true)
    (Get-Item $Profile).SetAccessControl($Acl)

    $Permissions = (Get-Acl $Profile).Access | Where-Object 
    { 
        (-not $_.isInherited) -and $_.IdentityReference -like "domain\*"
    } 
    ForEach ($Y in $Permissions) 
    {
        $Acl.AddAccessRule($Y) 
    }
    
    (Get-Item $Profile).SetAccessRule($Acl)
    (Get-Acl $Profile).Access
}

原文

I am trying to enable "replace all child object permission entries with inheritable permission entries from this object" method using PowerShell, below is my Script

enter image description here

$ProfileDir = 'C:\Users\'
$Profiles = Get-ChildItem $ProfileDir \ Select-Object -ExpandProperty Name

ForEach ($X in $Profiles) 
{
    $Profile = $ProfileDir + $X 
    Write-Host "Starting $Profile"

    $Acl = Get-Acl $Profile
    $Acl.SetAccessRuleProtection($false, $true)
    (Get-Item $Profile).SetAccessControl($Acl)

    $Permissions = (Get-Acl $Profile).Access | Where-Object 
    { 
        (-not $_.isInherited) -and $_.IdentityReference -like "domain\*"
    } 
    ForEach ($Y in $Permissions) 
    {
        $Acl.AddAccessRule($Y) 
    }
    
    (Get-Item $Profile).SetAccessRule($Acl)
    (Get-Acl $Profile).Access
}

分享到QQ

分享到微博

如果你对这篇内容有疑问，欢迎到本站社区发帖提问参与讨论，获取更多帮助，或者扫码二维码加入 Web 技术交流群。

发布评论

需要登录才能够评论，你可以免费注册一个本站的账号。

吃兔兔 2025-01-28 13:33:34

Below is the script I have created and it worked as expected.

感谢您的建议和帮助。为了替换所有子对象，我已经用-Recurse使用了get -childitem，并且可以使用。

$objName = (Get-CimInstance -ClassName Win32_ComputerSystem).UserName.Split("\")[1]
$objDir = "C:\Users\$objName\"
$objUser = (Get-CimInstance -ClassName Win32_ComputerSystem).UserName
$objAccount = New-Object System.Security.Principal.NTAccount($objUser)
$objRule = $objUser,"FullControl","ContainerInherit,ObjectInherit","None","Allow"
$objFileSec = New-Object System.Security.AccessControl.FileSecurity
$objAccessRule = New-Object System.Security.AccessControl.FileSystemAccessRule($objRule)
$objFileSec.SetOwner($objAccount)
$objAclSec = Get-Acl $objDir
$objAclSec.SetAccessRuleProtection($true,$true)
$objAclSec.PurgeAccessRules($objAccount)
$objAclSec.SetAccessRule($objAccessRule)
Get-ChildItem -Path $objDir | Set-Acl -AclObject $objAclSec
$objAclSec.Access | Format-Table
Pause

Below is the script I have created and it worked as expected.

Thank you for your suggestions and help. To replace all child objects, I have used Get-ChildItem with -recurse and it worked.

$objName = (Get-CimInstance -ClassName Win32_ComputerSystem).UserName.Split("\")[1]
$objDir = "C:\Users\$objName\"
$objUser = (Get-CimInstance -ClassName Win32_ComputerSystem).UserName
$objAccount = New-Object System.Security.Principal.NTAccount($objUser)
$objRule = $objUser,"FullControl","ContainerInherit,ObjectInherit","None","Allow"
$objFileSec = New-Object System.Security.AccessControl.FileSecurity
$objAccessRule = New-Object System.Security.AccessControl.FileSystemAccessRule($objRule)
$objFileSec.SetOwner($objAccount)
$objAclSec = Get-Acl $objDir
$objAclSec.SetAccessRuleProtection($true,$true)
$objAclSec.PurgeAccessRules($objAccount)
$objAclSec.SetAccessRule($objAccessRule)
Get-ChildItem -Path $objDir | Set-Acl -AclObject $objAclSec
$objAclSec.Access | Format-Table
Pause

回复收藏 0 原文

~没有更多了~