当前位置: 文江博客话题详情

如何通过源自用户的个人目录的PowerShell重置文件权限?

发布于 2025-02-09 15:37:55 字数 657 浏览 1 评论 0原文

我遇到了一个问题,用户通过复制机扫描PDFS在文件服务器上的个人用户文件夹中。 (复印机具有一个域用户帐户,该帐户在每个用户的个人文件夹中拥有一个子文件夹(d:\ fileshare \ users \ johnsmith \ scans),它将PDF置于。)PDFS获得了该文件夹的许可。 (只有用户,扫描仪和管理员才能访问)扫描仪保留PDF的所有权。用户将PDF移动到服务器上的另一个位置,除了原始用户外,没有人可以看到文件存在,因为他们没有许可。

我们有一个新文件的解决方法。用户可以将文件复制/粘贴或首先移动到他们的本地计算机之前,而不是将文件移至服务器中,而不是移动或剪切/粘贴文件。这有效地创建了一个新文件,该文件从其创建的文件夹中继承了权限。不幸的是,这对已经移动的文件无济于事。

硬模式: 我正在寻找一种通过服务器目录(d:\ fileshare)迭代的方法,并且每个文件仍然由扫描仪拥有但不在用户目录中(d:\ fileShare \ users \ johnsmith)它取代了父母目录的权限。

psudo代码: 对于每个文件 如果所有者==扫描仪,请用父目录替换当前权限 下一个

简单模式: 遍历所有文件夹,并将所有文件的权限设置为其父文件夹的权限。没有对文件夹自己进行更改。

psudo代码: 对于每个文件,请用父目录替换权限。

我不是一个Powershell家伙,所以语法让我有些恐惧。

原文

I've run into an issue where users scan PDFs via the copy machine into their personal user folder on a file server. (The copier has a domain user account that owns a subfolder within each users' personal folder (D:\FileShare\Users\JohnSmith\Scans) that it drops the PDFs into.) The PDFs gain the permissions of that folder. (Only the user, scanner and admins have access) The scanner retains ownership of the PDF. The user moves that PDF to another location on the server and no one but the original user can see the file exists because they don't have permission.

We have a workaround for new files. Rather than move or cut/paste a file within the server, the user can copy/paste it or move it first to their local computer before putting it back on the server. This effectively creates a new file that inherits permissions from the folder it's created in. Unfortunately, this doesn't help for those files that were already moved.

Hard mode:
I'm looking for a way to iterate through the server's directories (D:\FileShare) and have each file that is still owned by the scanner but isn't in a user directory (D:\FileShare\Users\JohnSmith) to have it's permissions replaced by those of the parent directory.

Psudo-code:
For each file
If owner == Scanners, replace current permissions with that of parent directory
next

Easy mode:
Iterate through all folders and set all files' permissions to that of their parent folder. Make no changes to folders themselves.

Psudo-code:
For each file, replace permissions with that of parent directory.

I'm not a powershell guy so the syntax scares me a bit.

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(1

巴黎盛开的樱花 2025-02-16 15:37:55

如果我正确解释,则以下代码应起作用。
从本质上讲:
创建一系列PDF Filepaths,其中PDF的所有者为$ scannerowner
循环通过每个PDF FilePath,如果它在用户目录中,则无需将ACL从父文件夹应用于文件。

$ScannerOwner = "DOMAIN\UserA"
$ScanDir = "D:\Fileshare"
$userDir = "$ScanDir\Users"

#Get all PDF files in $scanDir that have the owner set to $scannerOwner
$Files = GCI $ScanDir -Filter *.pdf -Recurse | where-object {(get-acl $_.fullname).owner -eq $ScannerOwner}

foreach($file in $files){
    
    if($file.FullName -like "$userDir*"){
        ##File exists in a user directory, nothing to do here
    } else {
        #File doesn't exist in user directory, need to apply parent directories permissions to the file
        $parentDir = split-path -parent $file.FullName
        $ParentDirSDDL = (get-acl $parentDir).sddl
        $newPerms = get-acl -path $file.FullName 
        $newPerms.SetSecurityDescriptorSddlForm($parentDirSDDL)
        set-acl -path $file.Fullname -AclObject $newPerms
    }
}

If i'm interpreting correctly the below code should work.
This essentially:
Creates an array of PDF filepaths where the owner of the PDF is $scannerOwner
Loops through each PDF filepath, if it is in a user directory do nothing else apply the ACL from the parent folder to the file.

$ScannerOwner = "DOMAIN\UserA"
$ScanDir = "D:\Fileshare"
$userDir = "$ScanDir\Users"

#Get all PDF files in $scanDir that have the owner set to $scannerOwner
$Files = GCI $ScanDir -Filter *.pdf -Recurse | where-object {(get-acl $_.fullname).owner -eq $ScannerOwner}

foreach($file in $files){
    
    if($file.FullName -like "$userDir*"){
        ##File exists in a user directory, nothing to do here
    } else {
        #File doesn't exist in user directory, need to apply parent directories permissions to the file
        $parentDir = split-path -parent $file.FullName
        $ParentDirSDDL = (get-acl $parentDir).sddl
        $newPerms = get-acl -path $file.FullName 
        $newPerms.SetSecurityDescriptorSddlForm($parentDirSDDL)
        set-acl -path $file.Fullname -AclObject $newPerms
    }
}
回复 原文
~没有更多了~

关于作者

蓦然回首

暂无简介

文章
评论
26 人气
发私信

相关话题

更多

热门标签

操作系统 程序设计 IT运维 Linux系统管理 JavaScript 服务器应用 solaris C/C++ PHP Shell BSD Vue.js aix Oracle Python HTML 系统管理 HTML5 CSS 前端
更多

推荐作者

alipaysp_snBf0MSZIv

文章 0 评论 0

梦断已成空

文章 0 评论 0

瞎闹

文章 0 评论 0

凯凯我们等你回来

文章 0 评论 0

寄意

文章 0 评论 0

似梦非梦

文章 0 评论 0

更多

友情链接

文江博客
    我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
    原文