我有一个如下的 CSV 文件
文件夹名称---------- 安全组
文件夹1---------- SG_Folder1-访问
文件夹2---------- SG_Folder2-访问
我需要分配如下权限,
因此安全组“ SG_Folder1-Access ”将对“文件夹 1”具有修改访问权限
安全组“ SG_Folder2-Access ”将对“文件夹 2”具有修改访问权限
我有 500 个文件夹和它们自己的安全组,需要创建一个 power shell 脚本来分配权限。
任何帮助将非常感激。
谢谢
答案1
您可以尝试以下脚本:
$acl = Get-Acl "\\$servername\folderpath"
$rule = New-Object System.Security.AccessControl.FileSystemAccessRule("domain\user or usergroup","Modify", "ContainerInherit, ObjectInherit", "None", "Allow")
$acl.AddAccessRule($rule)
$rule = New-Object System.Security.AccessControl.FileSystemAccessRule("Users","Modify", "ContainerInherit, ObjectInherit", "None", "Allow")
$acl.AddAccessRule($rule)
Set-Acl "\\$servername\folderpath" $acl
以下是可提供帮助的信息链接。 http://tomandersonpro.net/ntfs-permissions-with-powershell/
答案2
$CSV= Get-Content $CSVFileName
foreach ($line in $CSV) {
$folder= $line.split(";")[0]
$group= $line.split(";")[1]
$acl= Get-Acl $folder
$ar = New-Object system.security.accesscontrol.filesystemaccessrule($group,"Modify","Allow")
$acl.SetAccessRule($ar)
$Set-Acl $folder $acl
}
我还没有测试过,但这是一个基本想法。请尝试自己改进它。
答案3
我编写了一个支持方法,可以帮助您轻松实现这一目标。
function Remove-Permission($StartingDir, $UserOrGroup = "", $All = $false) {
$acl = get-acl -Path $StartingDir
if ($UserOrGroup -ne "") {
foreach ($access in $acl.Access) {
if ($access.IdentityReference.Value -eq $UserOrGroup) {
$acl.RemoveAccessRule($access) | Out-Null
}
}
}
if ($All -eq $true) {
foreach ($access in $acl.Access) {
$acl.RemoveAccessRule($access) | Out-Null
}
}
Set-Acl -Path $folder.FullName -AclObject $acl
}
function Set-Inheritance($StartingDir, $DisableInheritance = $false, $KeepInheritedAcl = $false) {
$acl = get-acl -Path $StartingDir
$acl.SetAccessRuleProtection($DisableInheritance, $KeepInheritedAcl)
$acl | Set-Acl -Path $StartingDir
}
function Set-Permission($StartingDir, $UserOrGroup = "", $InheritedFolderPermissions = "ContainerInherit, ObjectInherit", $AccessControlType = "Allow", $PropagationFlags = "None", $AclRightsToAssign) {
### The possible values for Rights are:
# ListDirectory, ReadData, WriteData, CreateFiles, CreateDirectories, AppendData, Synchronize, FullControl
# ReadExtendedAttributes, WriteExtendedAttributes, Traverse, ExecuteFile, DeleteSubdirectoriesAndFiles, ReadAttributes
# WriteAttributes, Write, Delete, ReadPermissions, Read, ReadAndExecute, Modify, ChangePermissions, TakeOwnership
### Principal expected
# domain\username
### Inherited folder permissions:
# Object inherit - This folder and files. (no inheritance to subfolders)
# Container inherit - This folder and subfolders.
# Inherit only - The ACE does not apply to the current file/directory
#define a new access rule.
$acl = Get-Acl -Path $StartingDir
$perm = $UserOrGroup, $AclRightsToAssign, $InheritedFolderPermissions, $PropagationFlags, $AccessControlType
$rule = New-Object -TypeName System.Security.AccessControl.FileSystemAccessRule -ArgumentList $perm
$acl.SetAccessRule($rule)
set-acl -Path $StartingDir $acl
}
现在,如果您要使用它...只需循环遍历 csv 条目并将其提供给函数。
完整故事可在我的网站上找到:https://evotec.xyz/manage-ntfs-permissions-powershell/