拒绝访问文件夹和文件

Question

您仅将 ACL 更改应用于您用指定的文件夹$path，要将 ACL 应用于文件夹中的所有内容，您需要递归列出每个项目：

$path = "C:\Windows\Installer"
$items = Get-ChildItem -Recurse $path

# Enables inheritance on all items in folder
foreach ($item in $items)
{
  $acl = Get-acl $item.FullName
  $acl.SetAccessRuleProtection($false,$true)
  Set-Acl -AclObject -Path $item.FullName
}

# Sets file / folder permission to desired state
$AccessRule = New-Object System.Security.AccessControl.FileSystemAccessRule("YourUsers","FullControl", "ContainerInherit,ObjectInherit", "None", "Deny")
foreach ($item in $items)
{
  $acl = Get-acl $item.FullName
  # Compare item's folder permission against root folder, if different apply ACL
  if ((Compare-Object -ReferenceObject (Get-ACL $path) -DifferentObject (Get-ACL $item) -Property access) -ne $null)
  {
    $acl.AddAccessRule($AccessRule)
    Set-Acl -AclObject $item.FullName
  }
}

Answer 1

您仅将 ACL 更改应用于您用指定的文件夹$path，要将 ACL 应用于文件夹中的所有内容，您需要递归列出每个项目：

$path = "C:\Windows\Installer"
$items = Get-ChildItem -Recurse $path

# Enables inheritance on all items in folder
foreach ($item in $items)
{
  $acl = Get-acl $item.FullName
  $acl.SetAccessRuleProtection($false,$true)
  Set-Acl -AclObject -Path $item.FullName
}

# Sets file / folder permission to desired state
$AccessRule = New-Object System.Security.AccessControl.FileSystemAccessRule("YourUsers","FullControl", "ContainerInherit,ObjectInherit", "None", "Deny")
foreach ($item in $items)
{
  $acl = Get-acl $item.FullName
  # Compare item's folder permission against root folder, if different apply ACL
  if ((Compare-Object -ReferenceObject (Get-ACL $path) -DifferentObject (Get-ACL $item) -Property access) -ne $null)
  {
    $acl.AddAccessRule($AccessRule)
    Set-Acl -AclObject $item.FullName
  }
}

拒绝访问文件夹和文件

答案1

相关内容