我想将具有完全控制权限的新组添加到文件夹的 ACL 并保留继承的权限。当我使用 Set-Acl 或 icacls 时,继承的权限被删除。
答案1
您可以包含现有的权限,它们将保留以下IsInherited属性:
# Example for adding a user to a file's permissions
$user = 'user1'
$file = 'c:\temp\test.txt'
# Get the existing permissions
$acl = get-item $file | get-acl
# ADD new rules to the existing ones
$rule = [security.accesscontrol.FileSystemAccessRule]::new($user,"Read","Allow")
$acl.AddAccessRule($rule)
$rule = [security.accesscontrol.FileSystemAccessRule]::new($user,"write","Allow")
$acl.AddAccessRule($rule)
Set-Acl $file $acl
您可以使用以下方式检查Get-Acl:
Get-Acl 'C:\temp\test.txt' | Select -ExpandProperty Access
FileSystemRights : Write, Read, Synchronize
AccessControlType : Allow
IdentityReference : DOMAIN\user1
IsInherited : False
InheritanceFlags : None
PropagationFlags : None
FileSystemRights : FullControl
AccessControlType : Allow
IdentityReference : BUILTIN\Administrators
IsInherited : True ## Still inherited!
InheritanceFlags : None
PropagationFlags : None