Takeown 您没有权限读取目录的内容

Question 1

谷歌发现这个博客对我来说，这似乎表明您需要为该/D [Y|N]问题添加默认答案（）：

“您没有权限获得所有权，您想要吗？”

/D           prompt          Suppresses the confirmation prompt that is
                             displayed when the current user does not have 
                             the "List Folder" permission on a specified 
                             directory, and instead uses the specified 
                             default value.
                             Valid values for the /d option are as follows:
                                   Y: Take ownership of the directory.
                                   N: Skip the directory.
Note that you must use this option in conjunction with the /r option.

最大的警告是使用takeown /R /D Y ... 将剥夺现有的权限，这可能不是您想要或需要的......

作者的解决方案是在takeown没有/R选项的情况下运行，并编写一个循环脚本，以分别更改每个目录和任何子目录的所有权。

Answer

谷歌发现这个博客对我来说，这似乎表明您需要为该/D [Y|N]问题添加默认答案（）：

“您没有权限获得所有权，您想要吗？”

/D           prompt          Suppresses the confirmation prompt that is
                             displayed when the current user does not have 
                             the "List Folder" permission on a specified 
                             directory, and instead uses the specified 
                             default value.
                             Valid values for the /d option are as follows:
                                   Y: Take ownership of the directory.
                                   N: Skip the directory.
Note that you must use this option in conjunction with the /r option.

最大的警告是使用takeown /R /D Y ... 将剥夺现有的权限，这可能不是您想要或需要的......

作者的解决方案是在takeown没有/R选项的情况下运行，并编写一个循环脚本，以分别更改每个目录和任何子目录的所有权。

Question 2

要递归地取得目录的所有权，许多人建议使用选项 /r /D y 运行 takeown（正如接受的答案一样）。但是，如果运行此命令的管理员在任何子文件夹中都没有列出/读取权限，takeown 将删除所有现有权限！

以下脚本没有这个缺点。此脚本的唯一副作用是，在 MyAdmin 没有列表权限的文件夹中，MyAdmin 和 SYSTEM 将获得对文件夹及其所含文件的完全控制权。该脚本基于博客文章的旧版本现在缺少代码，我进行了一些改进。

用法：

以用户 MyDomain\MyAdmin 的身份从提升的 powershell 运行，它将递归地将所有权授予 SYSTEM 和 MyDomain\MyAdmin。

递归接管“c:\somfolder”“MyDomain\MyAdmin”“c:\logfile.txt”

剧本：

function Test-AllSubFolders{
    # Recursively visit all subfolders of $Folder
    # and if you get Access Denied error on any of them
    # call Take-OwnershipOfOneFolder on it
    param(
        [String]$Folder,
        [String]$MyDomain,
        [String]$MyAdmin
    )
    $error.Clear()
    $ErrorArray = @()
    (Get-ChildItem $Folder -Directory -Recurse -ErrorAction SilentlyContinue | Select FullName) > $null
    if ($error) {
        $ErrorArray = $error + $ErrorArray # '+$ErrorArray' seems silly but not sure
        foreach ($err in $ErrorArray) {
            if ($err.FullyQualifiedErrorId -eq "DirUnauthorizedAccessError,Microsoft.PowerShell.Commands.GetChildItemCommand") {
                $FailedFolder = $err.TargetObject
                echo "Access Error on '$FailedFolder', attempting to fix" 
                Take-OwnershipOfOneFolder  $FailedFolder $MyDomain $MyAdmin
                if ($FailedFolder -ne $Folder) {
                    Test-AllSubFolders       $FailedFolder $MyDomain $MyAdmin
                } else {
                    echo "FAILED for $FailedFolder"
                }
}}}}

function Take-OwnershipOfOneFolder {
    # Take ownership of $Folder (takeown.exe /A /F) and also
    # give Full Control with "ContainerInherit,ObjectInherit" to 
    # $MyDomain\$MyAdmin and SYSTEM which result in also giving 
    # full control to files/folders under $Folder
    # IT DOES NOT RECURSE TO SUB-SUBFOLDERS OF $Folder
    param(
        [String]$Folder,
        [String]$MyDomain,
        [String]$MyAdmin
    )
    echo "    Calling: takeown.exe /A /F $Folder"
    $out = (takeown.exe /A /F $Folder)
    if ($out -notlike 'SUCCESS*') {
        echo "    FAILED takeown for '$Folder' (output of takeown follows)"
        echo $out
        return
    }

    echo "    Reading ACLs"
    $CurrentACL = Get-Acl $Folder
    
    echo "    Adding ACL: FullControll to NT Authority\SYSTEM"
    $SystemACLPermission = "NT AUTHORITY\SYSTEM","FullControl","ContainerInherit,ObjectInherit","None","Allow"
    $SystemAccessRule = new-object System.Security.AccessControl.FileSystemAccessRule $SystemACLPermission
    $CurrentACL.AddAccessRule($SystemAccessRule)
    
    echo "    Adding ACL: FullControll to $MyDomain\$MyAdmin for $Folder"
    $AdminACLPermission = "$MyDomain\$MyAdmin","FullControl","ContainerInherit,ObjectInherit","None","Allow"
    $SystemAccessRule = new-object System.Security.AccessControl.FileSystemAccessRule $AdminACLPermission
    $CurrentACL.AddAccessRule($SystemAccessRule)
    
    echo "    Setting ACL"
    Set-Acl -Path $Folder -AclObject $CurrentACL
}

function Take-OwnershipRecursively() {
    # Run this from an elevated powershell as user $MyDomain\$MyAdmin and it will
    # give ownership of $Folder and all its subfolders recursively to SYSTEM and 
    # $MyDomain\$MyAdmin and it will also give Full Control to $MyDomain\$MyAdmin
    # SYSTEM on any folders where it gets Access Denied and their files and subfolders
    # (It gives "FullControl","ContainerInherit,ObjectInherit")
   param(
        [String]$Folder,
        [String]$MyDomain,
        [String]$MyAdmin,
        [String]$LogFile
    )
    Start-Transcript $LogFile
    Take-OwnershipOfOneFolder $Folder $MyDomain $MyAdmin
    Test-AllSubFolders $Folder $MyDomain $MyAdmin
    Stop-Transcript
}

Answer

要递归地取得目录的所有权，许多人建议使用选项 /r /D y 运行 takeown（正如接受的答案一样）。但是，如果运行此命令的管理员在任何子文件夹中都没有列出/读取权限，takeown 将删除所有现有权限！

以下脚本没有这个缺点。此脚本的唯一副作用是，在 MyAdmin 没有列表权限的文件夹中，MyAdmin 和 SYSTEM 将获得对文件夹及其所含文件的完全控制权。该脚本基于博客文章的旧版本现在缺少代码，我进行了一些改进。

用法：

以用户 MyDomain\MyAdmin 的身份从提升的 powershell 运行，它将递归地将所有权授予 SYSTEM 和 MyDomain\MyAdmin。

递归接管“c:\somfolder”“MyDomain\MyAdmin”“c:\logfile.txt”

剧本：

function Test-AllSubFolders{
    # Recursively visit all subfolders of $Folder
    # and if you get Access Denied error on any of them
    # call Take-OwnershipOfOneFolder on it
    param(
        [String]$Folder,
        [String]$MyDomain,
        [String]$MyAdmin
    )
    $error.Clear()
    $ErrorArray = @()
    (Get-ChildItem $Folder -Directory -Recurse -ErrorAction SilentlyContinue | Select FullName) > $null
    if ($error) {
        $ErrorArray = $error + $ErrorArray # '+$ErrorArray' seems silly but not sure
        foreach ($err in $ErrorArray) {
            if ($err.FullyQualifiedErrorId -eq "DirUnauthorizedAccessError,Microsoft.PowerShell.Commands.GetChildItemCommand") {
                $FailedFolder = $err.TargetObject
                echo "Access Error on '$FailedFolder', attempting to fix" 
                Take-OwnershipOfOneFolder  $FailedFolder $MyDomain $MyAdmin
                if ($FailedFolder -ne $Folder) {
                    Test-AllSubFolders       $FailedFolder $MyDomain $MyAdmin
                } else {
                    echo "FAILED for $FailedFolder"
                }
}}}}

function Take-OwnershipOfOneFolder {
    # Take ownership of $Folder (takeown.exe /A /F) and also
    # give Full Control with "ContainerInherit,ObjectInherit" to 
    # $MyDomain\$MyAdmin and SYSTEM which result in also giving 
    # full control to files/folders under $Folder
    # IT DOES NOT RECURSE TO SUB-SUBFOLDERS OF $Folder
    param(
        [String]$Folder,
        [String]$MyDomain,
        [String]$MyAdmin
    )
    echo "    Calling: takeown.exe /A /F $Folder"
    $out = (takeown.exe /A /F $Folder)
    if ($out -notlike 'SUCCESS*') {
        echo "    FAILED takeown for '$Folder' (output of takeown follows)"
        echo $out
        return
    }

    echo "    Reading ACLs"
    $CurrentACL = Get-Acl $Folder
    
    echo "    Adding ACL: FullControll to NT Authority\SYSTEM"
    $SystemACLPermission = "NT AUTHORITY\SYSTEM","FullControl","ContainerInherit,ObjectInherit","None","Allow"
    $SystemAccessRule = new-object System.Security.AccessControl.FileSystemAccessRule $SystemACLPermission
    $CurrentACL.AddAccessRule($SystemAccessRule)
    
    echo "    Adding ACL: FullControll to $MyDomain\$MyAdmin for $Folder"
    $AdminACLPermission = "$MyDomain\$MyAdmin","FullControl","ContainerInherit,ObjectInherit","None","Allow"
    $SystemAccessRule = new-object System.Security.AccessControl.FileSystemAccessRule $AdminACLPermission
    $CurrentACL.AddAccessRule($SystemAccessRule)
    
    echo "    Setting ACL"
    Set-Acl -Path $Folder -AclObject $CurrentACL
}

function Take-OwnershipRecursively() {
    # Run this from an elevated powershell as user $MyDomain\$MyAdmin and it will
    # give ownership of $Folder and all its subfolders recursively to SYSTEM and 
    # $MyDomain\$MyAdmin and it will also give Full Control to $MyDomain\$MyAdmin
    # SYSTEM on any folders where it gets Access Denied and their files and subfolders
    # (It gives "FullControl","ContainerInherit,ObjectInherit")
   param(
        [String]$Folder,
        [String]$MyDomain,
        [String]$MyAdmin,
        [String]$LogFile
    )
    Start-Transcript $LogFile
    Take-OwnershipOfOneFolder $Folder $MyDomain $MyAdmin
    Test-AllSubFolders $Folder $MyDomain $MyAdmin
    Stop-Transcript
}

Takeown 您没有权限读取目录的内容

答案1

答案2

相关内容