通过 CSV 使用 Powershell 分配 NTFS 权限

tag-icon tag-icon active-directory windows-server-2012-r2 powershell ntfs
通过 CSV 使用 Powershell 分配 NTFS 权限

我有一个如下的 CSV 文件

文件夹名称---------- 安全组

文件夹1---------- SG_Folder1-访问

文件夹2---------- SG_Folder2-访问

我需要分配如下权限,

因此安全组“ SG_Folder1-Access ”将对“文件夹 1”具有修改访问权限

安全组“ SG_Folder2-Access ”将对“文件夹 2”具有修改访问权限

我有 500 个文件夹和它们自己的安全组,需要创建一个 power shell 脚本来分配权限。

任何帮助将非常感激。

谢谢

答案1

您可以尝试以下脚本:

$acl = Get-Acl "\\$servername\folderpath"

$rule = New-Object System.Security.AccessControl.FileSystemAccessRule("domain\user or usergroup","Modify", "ContainerInherit, ObjectInherit", "None", "Allow")
$acl.AddAccessRule($rule)

$rule = New-Object System.Security.AccessControl.FileSystemAccessRule("Users","Modify", "ContainerInherit, ObjectInherit", "None", "Allow")
$acl.AddAccessRule($rule)

Set-Acl "\\$servername\folderpath" $acl

以下是可提供帮助的信息链接。 http://tomandersonpro.net/ntfs-permissions-with-powershell/

https://blogs.technet.microsoft.com/josebda/2010/11/12/how-to-handle-ntfs-folder-permissions-security-descriptors-and-acls-in-powershell/

答案2

$CSV= Get-Content $CSVFileName
foreach ($line in $CSV) {
    $folder= $line.split(";")[0]
    $group= $line.split(";")[1]

    $acl= Get-Acl $folder
    $ar = New-Object system.security.accesscontrol.filesystemaccessrule($group,"Modify","Allow")
    $acl.SetAccessRule($ar)

    $Set-Acl $folder $acl
}

我还没有测试过,但这是一个基本想法。请尝试自己改进它。

也可以点击以下链接: 设置Acl 获取 Acl 微软技术网

答案3

我编写了一个支持方法,可以帮助您轻松实现这一目标。

function Remove-Permission($StartingDir, $UserOrGroup = "", $All = $false) {
    $acl = get-acl -Path $StartingDir
    if ($UserOrGroup -ne "") {
        foreach ($access in $acl.Access) {
            if ($access.IdentityReference.Value -eq $UserOrGroup) {
                $acl.RemoveAccessRule($access) | Out-Null
            }
        }
    } 
    if ($All -eq $true) {
        foreach ($access in $acl.Access) {
            $acl.RemoveAccessRule($access) | Out-Null
        }

    }
    Set-Acl -Path $folder.FullName -AclObject $acl
}
function Set-Inheritance($StartingDir, $DisableInheritance = $false, $KeepInheritedAcl = $false) {
    $acl = get-acl -Path $StartingDir
    $acl.SetAccessRuleProtection($DisableInheritance, $KeepInheritedAcl)
    $acl | Set-Acl -Path $StartingDir
}
function Set-Permission($StartingDir, $UserOrGroup = "", $InheritedFolderPermissions = "ContainerInherit, ObjectInherit", $AccessControlType = "Allow", $PropagationFlags = "None", $AclRightsToAssign) {
    ### The possible values for Rights are:
    # ListDirectory, ReadData, WriteData, CreateFiles, CreateDirectories, AppendData, Synchronize, FullControl
    # ReadExtendedAttributes, WriteExtendedAttributes, Traverse, ExecuteFile, DeleteSubdirectoriesAndFiles, ReadAttributes 
    # WriteAttributes, Write, Delete, ReadPermissions, Read, ReadAndExecute, Modify, ChangePermissions, TakeOwnership

    ### Principal expected
    # domain\username 

    ### Inherited folder permissions:
    # Object inherit    - This folder and files. (no inheritance to subfolders)
    # Container inherit - This folder and subfolders.
    # Inherit only      - The ACE does not apply to the current file/directory

    #define a new access rule.
    $acl = Get-Acl -Path $StartingDir
    $perm = $UserOrGroup, $AclRightsToAssign, $InheritedFolderPermissions, $PropagationFlags, $AccessControlType
    $rule = New-Object -TypeName System.Security.AccessControl.FileSystemAccessRule -ArgumentList $perm
    $acl.SetAccessRule($rule)
    set-acl -Path $StartingDir $acl
}

现在,如果您要使用它...只需循环遍历 csv 条目并将其提供给函数。

完整故事可在我的网站上找到:https://evotec.xyz/manage-ntfs-permissions-powershell/

相关内容