Powershell-修改文件夹权限

#本脚本会对一个路径及其下的目录和文件添加一样的权限
$path="D:\file_T"
#本地的用户或组直接写入组:users 用户:administor  域账号:damin\user  组或用户只能写一个,如果是很过用户那就把它们建个组授权
$user="users"
#添加的权限可多项,见下图
$right="ReadAndExecute","Write"


#获取路径的现有权限配置
$acl = Get-Acl $path

# 添加规则: 
$person = [System.Security.Principal.NTAccount]$user
$access = [System.Security.AccessControl.FileSystemRights]$right
#子目录和文件都继承
$inheritance = [System.Security.AccessControl.InheritanceFlags] "ObjectInherit,ContainerInherit"
$propagation = [System.Security.AccessControl.PropagationFlags]"None"
$type = [System.Security.AccessControl.AccessControlType]"Allow"
$rule = New-Object System.Security.AccessControl.FileSystemAccessRule( $person,$access,$inheritance,$propagation,$type)
$acl.AddAccessRule($rule)
 
# 保存权限更新:
Set-Acl $path $acl

 

如果下级文件夹禁止继承父辈权限,上面的脚本不会报错提示,但实际上没有继承,所以可以先执行下面的脚本开启继承父辈权限,然后再执行上面的脚本。

 

 

foreach($_ in (Get-ChildItem "D:\ss" -recurse)){

$inheritance = Get-Acl -path $_.fullname
$inheritance.SetAccessRuleProtection($False,$True)
set-acl -path $_.fullname -aclobject $inheritance
}

 

 

ListDirectory
ReadData
WriteData
CreateFiles
CreateDirectories
AppendData
ReadExtendedAttributes
WriteExtendedAttributes
Traverse
ExecuteFile
DeleteSubdirectoriesAndFiles
ReadAttributes
WriteAttributes
Write
Delete
ReadPermissions
Read
ReadAndExecute
Modify
ChangePermissions
TakeOwnership
Synchronize
FullControl
posted @ 2020-01-09 11:33  JinweiChang  阅读(2653)  评论(0编辑  收藏  举报