使用set-acl和powershell设置继承和传播标志

jucafojl 于 2023-02-04 发布在 Shell

关注(0)|答案(5)|浏览(158)

我试图模仿右键单击文件夹、在文件夹上设置“修改”以及将权限应用于特定文件夹、子文件夹和文件的操作。
我主要是使用Powershell，但是继承只被设置为“子文件夹和文件”，而不是整个“这个文件夹，子文件夹和文件”。
是否有一些未列出的System.Security.AccessControl.PropagationFlags标志可以正确地设置它？
这是我目前的工作。

$Folders = Get-childItem c:\TEMP\
$InheritanceFlag = [System.Security.AccessControl.InheritanceFlags]::ContainerInherit -bor [System.Security.AccessControl.InheritanceFlags]::ObjectInherit
$PropagationFlag = [System.Security.AccessControl.PropagationFlags]::InheritOnly
$objType = [System.Security.AccessControl.AccessControlType]::Allow 

foreach ($TempFolder in $Folders)
{
echo "Loop Iteration"
$Folder = $TempFolder.FullName

$acl = Get-Acl $Folder
$permission = "domain\user","Modify", $InheritanceFlag, $PropagationFlag, $objType
$accessRule = New-Object System.Security.AccessControl.FileSystemAccessRule $permission

$acl.SetAccessRule($accessRule)
Set-Acl $Folder $acl
}

powershell

来源：https://stackoverflow.com/questions/3282656/setting-inheritance-and-propagation-flags-with-set-acl-and-powershell

5条答案

按热度按时间

zpqajqem1#

下面的表格有助于查找不同权限组合所需的标志。

╔═════════════╦═════════════╦═══════════════════════════════╦════════════════════════╦══════════════════╦═══════════════════════╦═════════════╦═════════════╗
    ║             ║ folder only ║ folder, sub-folders and files ║ folder and sub-folders ║ folder and files ║ sub-folders and files ║ sub-folders ║    files    ║
    ╠═════════════╬═════════════╬═══════════════════════════════╬════════════════════════╬══════════════════╬═══════════════════════╬═════════════╬═════════════╣
    ║ Propagation ║ none        ║ none                          ║ none                   ║ none             ║ InheritOnly           ║ InheritOnly ║ InheritOnly ║
    ║ Inheritance ║ none        ║ Container|Object              ║ Container              ║ Object           ║ Container|Object      ║ Container   ║ Object      ║
    ╚═════════════╩═════════════╩═══════════════════════════════╩════════════════════════╩══════════════════╩═══════════════════════╩═════════════╩═════════════╝

所以，as David said，你会想要

InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit
PropagationFlags.None

赞(0）回复(0）举报 2023-02-04

vqlkdk9b2#

我想您可以在this page上找到答案。
此文件夹、子文件夹和文件：

InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit 
PropagationFlags.None

赞(0）回复(0）举报 2023-02-04

ttcibm8c3#

下面是一些简洁的Powershell代码，用于通过修改文件夹的现有ACL（访问控制列表）来向文件夹应用新权限。

# Get the ACL for an existing folder
$existingAcl = Get-Acl -Path 'C:\DemoFolder'

# Set the permissions that you want to apply to the folder
$permissions = $env:username, 'Read,Modify', 'ContainerInherit,ObjectInherit', 'None', 'Allow'

# Create a new FileSystemAccessRule object
$rule = New-Object -TypeName System.Security.AccessControl.FileSystemAccessRule -ArgumentList $permissions

# Modify the existing ACL to include the new rule
$existingAcl.SetAccessRule($rule)

# Apply the modified access rule to the folder
$existingAcl | Set-Acl -Path 'C:\DemoFolder'

$permissions变量列表中的每个值都与FileSystemAccessRule类的this constructor参数有关。
由this page提供。

赞(0）回复(0）举报 2023-02-04

mo49yndu4#

不要因为你在PowerShell中就忘记了好的老朋友。有时他们可以提供最简单的解决方案，例如：

icacls.exe $folder /grant 'domain\user:(OI)(CI)(M)'

赞(0）回复(0）举报 2023-02-04

x6yk4ghg5#

下面的the MSDN page描述了这些标志以及它们的各种组合的结果。

Flag combinations => Propagation results
=========================================
No Flags => Target folder.
ObjectInherit => Target folder, child object (file), grandchild object (file).
ObjectInherit and NoPropagateInherit => Target folder, child object (file).
ObjectInherit and InheritOnly => Child object (file), grandchild object (file).
ObjectInherit, InheritOnly, and NoPropagateInherit => Child object (file).
ContainerInherit => Target folder, child folder, grandchild folder.
ContainerInherit, and NoPropagateInherit => Target folder, child folder.
ContainerInherit, and InheritOnly => Child folder, grandchild folder.
ContainerInherit, InheritOnly, and NoPropagateInherit => Child folder.
ContainerInherit, and ObjectInherit => Target folder, child folder, child object (file), grandchild folder, grandchild object (file).
ContainerInherit, ObjectInherit, and NoPropagateInherit => Target folder, child folder, child object (file).
ContainerInherit, ObjectInherit, and InheritOnly => Child folder, child object (file), grandchild folder, grandchild object (file).
ContainerInherit, ObjectInherit, NoPropagateInherit, InheritOnly => Child folder, child object (file).

要让它递归地将权限应用到目录以及所有子目录和文件，您需要使用以下标志：

InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit 
PropagationFlags.None

因此，您需要对示例进行的特定代码更改是：

$PropagationFlag = [System.Security.AccessControl.PropagationFlags]::None

赞(0）回复(0）举报 2023-02-04

我来回答

使用set-acl和powershell设置继承和传播标志

5条答案

相关问题

热门标签

最新问答