我注意到 icacls.exe 在两台装有 Windows 10 的机器上的行为有所不同:
Windows 10 版本 1809(操作系统内部版本 17763.678)
> echo "test" > file
> icacls.exe file
file NT AUTHORITY\SYSTEM:(F)
BUILTIN\Administrators:(F)
W10A\dev:(F)
Successfully processed 1 files; Failed processing 0 files
> Get-Acl file | Format-List
Path : Microsoft.PowerShell.Core\FileSystem::C:\Users\dev\file
Owner : W10A\dev
Group : W10A\None
Access : NT AUTHORITY\SYSTEM Allow FullControl
BUILTIN\Administrators Allow FullControl
W10A\dev Allow FullControl
Audit :
Sddl : O:S-1-5-21-3626095386-1962481266-1351198716-1003G:S-1-5-21-3626095386-1962481266-1351198716-513D:(A;ID;FA;;;SY)(A;ID;FA;;;BA)(A;ID;FA;;;S-1-5-21-3626095386-1962481266-1351198716-1003)
Windows 10 版本 1803(操作系统内部版本 17134.950)
> echo "test" > file
> icacls.exe file
file NT AUTHORITY\SYSTEM:(I)(F)
BUILTIN\Administrators:(I)(F)
W10B\dev:(I)(F)
Successfully processed 1 files; Failed processing 0 files
> Get-Acl file | Format-List
Path : Microsoft.PowerShell.Core\FileSystem::C:\Users\dev\file
Owner : W10B\dev
Group : W10B\None
Access : NT AUTHORITY\SYSTEM Allow FullControl
BUILTIN\Administrators Allow FullControl
W10B\dev Allow FullControl
Audit :
Sddl : O:S-1-5-21-1873008998-2522687245-1987858218-1006G:S-1-5-21-1873008998-2522687245-1987858218-513D:AI(A;ID;FA;;;
SY)(A;ID;FA;;;BA)(A;ID;FA;;;S-1-5-21-1873008998-2522687245-1987858218-1006)
在两种情况下,文件都是本地的。Get-Acl显示条目ID按预期继承()。为什么icacls隐藏前一台机器上的信息?有趣的是,在前一种情况下,如果我向 ACL 添加任何条目(例如拒绝用户 X 访问),则对 icacls.exe 的下一次调用将显示(I)标志。