- 取得 Windows 文件夹及其内容的所有权
- 做出改变
- 归还所有权给原
- 了解流程
- 在 Windows 10 环境中使用 Icacls 和删除
Before using takeown and icacls commands because of the sensitive nature of windows folders, I would like to know and understand what changes to permissions will take place, so that they can be reset to their original position. As one article I read said “Be careful, taking the ownership of system folders you may break your operating systems.” Though I don’t think I will in this case, as I plan to use this on more than one computer, it would be good to know what is going on, so that the correct commands are used.
这是我当前的潜在脚本:
takeown /f C:\Windows\Web
takeown /f C:\Windows\Web\*.* /R
…changes to default image cache here…
icacls C:\Windows\Web\*.* /reset /T /C
icacls c:\Windows\Web\*.* /setowner " Web NT SERVICE\TrustedInstaller" /T /C"
icacls c:\Windows\Web /setowner " Web NT SERVICE\TrustedInstaller" /T /C"
目前的理解:
A) takeown /f C:\Windows\Web (Take ownership of directory)
A) takeown /f C:\Windows\Web\*.* /R
(Take ownership of all files and subdirectories)
[[B is an alternative for A]]
B) takeown /f C:\Windows\Web /R /d Y
(?? recursively take ownership of all files and folders)
C) icacls C:\Windows\Web\*.* /T /C /reset
(?? this resets security permissions to default for all the folders,
files and subfolders)
D) icacls c:\Windows\Web\*.* /setowner " Web NT SERVICE\TrustedInstaller" /T /C"
(This resets the owner of the folder contents see last script box)
E) icacls c:\Windows\Web /setowner " Web NT SERVICE\TrustedInstaller" /T /C"
Set owner of folder back to original
当前文件夹权限为:
COMMAND PROMPT - ADMINISTRATOR
C:\Windows>icacls "C:\Windows\Web"
C:\Windows\Web NT SERVICE\TrustedInstaller:(F)
NT SERVICE\TrustedInstaller:(CI)(IO)(F)
NT AUTHORITY\SYSTEM:(M)
NT AUTHORITY\SYSTEM:(OI)(CI)(IO)(F)
BUILTIN\Administrators:(M)
BUILTIN\Administrators:(OI)(CI)(IO)(F)
BUILTIN\Users:(RX)
BUILTIN\Users:(OI)(CI)(IO)(GR,GE)
CREATOR OWNER:(OI)(CI)(IO)(F)
APPLICATION PACKAGE AUTHORITY\ALL APPLICATION PACKAGES:(RX)
APPLICATION PACKAGE AUTHORITY\ALL APPLICATION PACKAGES:(OI)(CI)(IO)(GR,GE)
APPLICATION PACKAGE AUTHORITY\ALL RESTRICTED APP PACKAGES:(RX)
APPLICATION PACKAGE AUTHORITY\ALL RESTRICTED APP PACKAGES:(OI)(CI)(IO)(GR,GE)
阅读:
答案1
您不需要分别处理目录和内容。也不需要重置权限。
简单方法
从管理员命令提示符:
- 掌握目录和内容。您可以根据目录和内容的数量,将范围缩小到您想要更改的特定项目。
takeown /f C:\Windows\Web /r
- 授予您自己完全控制权。注意
%USERDOMAIN%\%USERNAME%会自动替换为您的用户 - 您无需在此处替换任何内容。
icacls C:\Windows\Web /grant "%USERDOMAIN%\%USERNAME%":(F) /t
进行更改
改回所有权。
icacls c:\Windows\Web /setowner "NT SERVICE\TrustedInstaller" /t
- 删除授予的权限
icacls C:\Windows\Web /remove:g "%USERDOMAIN%\%USERNAME%":(F) /t
替代方法
另一种方法是保存并恢复 ACL,这将涵盖您的用户已经授予目录中某些对象权限(而您不想删除这些对象)的情况/remove:g。
- 将当前 ACL 保存到某文件中。
icacls C:\Windows\Web /save "C:\Web.acl" /t
- 取得所有权
takeown /f C:\Windows\Web /r
- 赋予自己完全的控制权。
icacls C:\Windows\Web /grant "%USERDOMAIN%\%USERNAME%":(F) /t
进行更改
改回所有权。
icacls c:\Windows\Web /setowner "NT SERVICE\TrustedInstaller" /t
- 从您在步骤 1 中创建的文件中恢复 ACL。请注意,这些是为父目录恢复的,因此在这种情况下
C:\Windows不是C:\Windows\Web。
icacls C:\Windows /restore "C:\Web.acl"