我正在转换我的代码以供使用icacls并正在遵循本教程:https://ss64.com/nt/icacls.html。
在这一部分,
授予用户 jdoe 在文件夹 C:\demo\example\ 中创建、编辑和删除文件的权限,但阻止删除文件夹本身:
:: 首先删除继承并授予管理员对顶级文件夹 icacls "C:\demo\example" 的完全控制权 /inheritance:r /grant:r Administrators:(OI)(CI)(F)
:: 仅向子文件夹和文件授予修改 + 删除子项的权限 icacls "C:\demo\example" /grant:r ss64Dom\jdoe:(OI)(CI)(IO)(M,DC) /T
:: 授予对顶级文件夹 icacls "C:\demo\example" 的读取/执行、写入和附加权限 /grant:r ss64Dom\jdoe:(RX,WD,AD)
:: 如果任何预先存在的子文件夹授予管理员完全控制 icacls "C:\demo\example" /grant:r 管理员:(OI)(CI)(F) /T
,我能够获得第一条指令的正确结果,但第二条指令对我来说不起作用。我尝试用 更改部分,M,DC但F效果不佳。
这是我的代码。
Option Explicit
On Error Resume Next
Dim objShell,objFSO, ProgramFiles, X, Y, intRunError, strFolders,strFiles, strNTGroup
Dim strFolder, strFile, strUserName, strEveryone, strDomain
Set objFSO = CreateObject("Scripting.FileSystemObject")
Set objShell = CreateObject("Wscript.Shell")
strFolders = Array(_
"C:\Users\User\Documents\test_folder3",_
"C:\Users\User\Documents\test_folder2",_
"C:\Users\User\Documents\test_folder")
strFiles = Array(_
"C:\Users\User\Documents\test_file.txt",_
"C:\Users\User\Documents\test_file2.txt")
'User's User Name
strDomain = "Domain"
strUserName = strDomain & "\User"
strEveryone = "Everyone"
WScript.Echo "Set permissions for", strUserName, vbCRLF
'Assign User Permissions to Folders.
For X = 0 to Ubound(strFolders)
strFolder = strFolders(X)
If objFSO.FolderExists(strFolder) Then
WScript.Echo "Folder: " & strFolder
'intRunError = objShell.Run("%COMSPEC% /c Echo Y| cacls " & strFolder & " /E /C /G " & strUserName & ":F", 2, True)
objShell.Run "icacls " & strFolder & " /inheritance:r /grant:r administrators:(OI)(CI)(F)", 2, True
intRunError = objShell.Run("icacls " & strFolder & " /grant:r " & strUserName & ":(OI)(CI)(IO)(M,DC) /T", 2, True)
If intRunError <> 0 Then
Wscript.Echo "Folder ErrCode: " & intRunError
Wscript.Echo "Error assigning permissions for user " _
& strNTGroup & " to folder " & strFolder
End If
Else
WScript.Echo "Folder " & strFolder & " not found"
End If
Next
顺便说一下,我在本地的 Windows 7 PC 上运行它。
这就是我当前代码的样子。
Option Explicit
On Error Resume Next
Dim objShell,objFSO, ProgramFiles, X, Y, intRunError, strFolders,strFiles, strNTGroup
Dim strFolder, strFile, strUserName, strUName, strEveryone, strDomain, intRunError2, intRunError3
Set objFSO = CreateObject("Scripting.FileSystemObject")
Set objShell = CreateObject("Wscript.Shell")
strFolders = Array(_
"C:\Users\User\Documents\test_folder3",_
"C:\Users\User\Documents\test_folder2",_
"C:\Users\User\Documents\test_folder")
strFiles = Array(_
"C:\Users\User\Documents\test_file.txt",_
"C:\Users\User\Documents\test_file2.txt")
'User's User Name
strDomain = objShell.ExpandEnvironmentStrings( "%USERDOMAIN%" )
strUserName = objShell.ExpandEnvironmentStrings( "%USERNAME%" )
strUName = strDomain & "\User"
strEveryone = "Everyone"
WScript.Echo "Set permissions for", strUName, vbCRLF
'Assign User Permissions to Folders.
For X = 0 to Ubound(strFolders)
strFolder = strFolders(X)
If objFSO.FolderExists(strFolder) Then
WScript.Echo "Folder: " & strFolder
intRunError = objShell.Run("icacls " & strFolder & " /inheritance:r /grant:r administrators:(OI)(CI)(F)", 2, True)
If intRunError <> 0 Then 'If no error, proceed
Wscript.Echo "Folder Error1: ", intRunError
Wscript.Echo "Error assigning admin permissions for user " _
& strUName & " to folder " & strFolder
Else
Set intRunError2 = objShell.Exec("icacls " & strFolder & " /grant:r " & strUName & ":(OI)(CI)(NP)(IO)(M,DC) /T", 2, True)
Wscript.Echo "Exit code: " & intRunError2
Wscript.Echo "ErrMsg: " & intRunError2.StdErr.ReadAll
If intRunError3 <> 0 Then
Wscript.Echo "Folder Error3: " & intRunError2
Wscript.Echo "Error assigning permissions for user " _
& strUName & " to folder " & strFolder
Wscript.Echo "Exit code: " & intRunError2
Wscript.Echo "ErrMsg: " & intRunError2.StdErr.ReadAll
End If
End If
Else
WScript.Echo "Folder " & strFolder & " not found"
End If
WScript.Echo "-------------------"
Next
Wscript.Echo "Done setting folder permissions", vbCRLF
Set objFSO = Nothing
Set objShell = Nothing
WScript.Quit
第一个objShell.Run成功了。接下来objShell.Exec,没有出现错误,但它也没有执行任何操作。