当我取得目录所有权时出现此错误,有什么原因吗?
如果我通过 GUI 中的权限,它可以正常工作,但如果我尝试从命令行执行此操作,我会收到一个错误,提示我没有权限读取它:
takeown /s someserver /f "r:\redirected\flast\My Documents\Music\" /u domain\user /R
您没有权限读取目录“\someserver\r$\redirected\flast\My Documents\My Music”的内容。
答案1
谷歌发现这个博客对我来说,这似乎表明您需要为该/D [Y|N]
问题添加默认答案():
“您没有权限获得所有权,您想要吗?”
/D prompt Suppresses the confirmation prompt that is
displayed when the current user does not have
the "List Folder" permission on a specified
directory, and instead uses the specified
default value.
Valid values for the /d option are as follows:
Y: Take ownership of the directory.
N: Skip the directory.
Note that you must use this option in conjunction with the /r option.
最大的警告是使用takeown /R /D Y ...
将剥夺现有的权限,这可能不是您想要或需要的......
作者的解决方案是在takeown
没有/R
选项的情况下运行,并编写一个循环脚本,以分别更改每个目录和任何子目录的所有权。
答案2
要递归地取得目录的所有权,许多人建议使用选项 /r /D y 运行 takeown(正如接受的答案一样)。但是,如果运行此命令的管理员在任何子文件夹中都没有列出/读取权限,takeown 将删除所有现有权限!
以下脚本没有这个缺点。此脚本的唯一副作用是,在 MyAdmin 没有列表权限的文件夹中,MyAdmin 和 SYSTEM 将获得对文件夹及其所含文件的完全控制权。该脚本基于博客文章的旧版本现在缺少代码,我进行了一些改进。
用法:
以用户 MyDomain\MyAdmin 的身份从提升的 powershell 运行,它将递归地将所有权授予 SYSTEM 和 MyDomain\MyAdmin。
递归接管“c:\somfolder”“MyDomain\MyAdmin”“c:\logfile.txt”
剧本:
function Test-AllSubFolders{
# Recursively visit all subfolders of $Folder
# and if you get Access Denied error on any of them
# call Take-OwnershipOfOneFolder on it
param(
[String]$Folder,
[String]$MyDomain,
[String]$MyAdmin
)
$error.Clear()
$ErrorArray = @()
(Get-ChildItem $Folder -Directory -Recurse -ErrorAction SilentlyContinue | Select FullName) > $null
if ($error) {
$ErrorArray = $error + $ErrorArray # '+$ErrorArray' seems silly but not sure
foreach ($err in $ErrorArray) {
if ($err.FullyQualifiedErrorId -eq "DirUnauthorizedAccessError,Microsoft.PowerShell.Commands.GetChildItemCommand") {
$FailedFolder = $err.TargetObject
echo "Access Error on '$FailedFolder', attempting to fix"
Take-OwnershipOfOneFolder $FailedFolder $MyDomain $MyAdmin
if ($FailedFolder -ne $Folder) {
Test-AllSubFolders $FailedFolder $MyDomain $MyAdmin
} else {
echo "FAILED for $FailedFolder"
}
}}}}
function Take-OwnershipOfOneFolder {
# Take ownership of $Folder (takeown.exe /A /F) and also
# give Full Control with "ContainerInherit,ObjectInherit" to
# $MyDomain\$MyAdmin and SYSTEM which result in also giving
# full control to files/folders under $Folder
# IT DOES NOT RECURSE TO SUB-SUBFOLDERS OF $Folder
param(
[String]$Folder,
[String]$MyDomain,
[String]$MyAdmin
)
echo " Calling: takeown.exe /A /F $Folder"
$out = (takeown.exe /A /F $Folder)
if ($out -notlike 'SUCCESS*') {
echo " FAILED takeown for '$Folder' (output of takeown follows)"
echo $out
return
}
echo " Reading ACLs"
$CurrentACL = Get-Acl $Folder
echo " Adding ACL: FullControll to NT Authority\SYSTEM"
$SystemACLPermission = "NT AUTHORITY\SYSTEM","FullControl","ContainerInherit,ObjectInherit","None","Allow"
$SystemAccessRule = new-object System.Security.AccessControl.FileSystemAccessRule $SystemACLPermission
$CurrentACL.AddAccessRule($SystemAccessRule)
echo " Adding ACL: FullControll to $MyDomain\$MyAdmin for $Folder"
$AdminACLPermission = "$MyDomain\$MyAdmin","FullControl","ContainerInherit,ObjectInherit","None","Allow"
$SystemAccessRule = new-object System.Security.AccessControl.FileSystemAccessRule $AdminACLPermission
$CurrentACL.AddAccessRule($SystemAccessRule)
echo " Setting ACL"
Set-Acl -Path $Folder -AclObject $CurrentACL
}
function Take-OwnershipRecursively() {
# Run this from an elevated powershell as user $MyDomain\$MyAdmin and it will
# give ownership of $Folder and all its subfolders recursively to SYSTEM and
# $MyDomain\$MyAdmin and it will also give Full Control to $MyDomain\$MyAdmin
# SYSTEM on any folders where it gets Access Denied and their files and subfolders
# (It gives "FullControl","ContainerInherit,ObjectInherit")
param(
[String]$Folder,
[String]$MyDomain,
[String]$MyAdmin,
[String]$LogFile
)
Start-Transcript $LogFile
Take-OwnershipOfOneFolder $Folder $MyDomain $MyAdmin
Test-AllSubFolders $Folder $MyDomain $MyAdmin
Stop-Transcript
}