授予所有者对个人资料共享的完全访问权限
Give owner full access to there profile share
此脚本获取文件夹的名称并使其成为文件夹的所有者。但它不给所有者完全访问权限。
$folder = "\profileshare\profiles\"
$users = (Get-Childitem $folder)
foreach ($user in $users) {
$acl = Get-Acl $folder$user
$current_owner = $acl.owner.split("\")
if ($user.Name.tolower() -ne ([string]$current_owner[1]).tolower()) {
Write-Host $user " folder needs owner changed, set to "$user " from " $acl.owner
$acl.SetOwner([System.Security.Principal.NTAccount]"$user")
Set-Acl $folder$user $acl
} else {
Write-Host "Folder for $user set correctly"
}
}
有人可以帮我授予所有者完全访问权限吗?
要让所有者自动获得完全访问权限,您需要在父文件夹 (\profileshare\profiles) 上设置 ACE,授予 CREATOR OWNER 对子文件夹和文件的完全控制权。
$folder = '\profileshare\profiles'
$acl = Get-Acl -Path $folder
$ace = New-Object Security.AccessControl.FileSystemAccessRule(
'CREATOR OWNER',
'FullControl',
'ObjectInherit,ContainerInherit',
'InheritOnly',
'Allow'
)
$acl.AddAccessRule($ace)
Set-Acl -Path $folder -AclObject $acl
如果父文件夹没有此设置,您需要手动撤销前所有者的权限并授予新所有者访问权限。
您是否搜索过答案?就在上周五,我为某个人发布了同样的代码,我很确定它会完成你正在寻找的东西。这将为给定用户构建一个 ACL 以授予他们 FullControl,并使子文件和文件夹也继承访问权限。
你只需要设置用户对象,ACE,并在循环内将ACE添加到ACL中,其他一切都可以在循环之前定义一次。
$Rights = [System.Security.AccessControl.FileSystemRights]"FullControl"
$InheritanceFlag = [System.Security.AccessControl.InheritanceFlags]"ObjectInherit,ContainerInherit"
$PropagationFlag = [System.Security.AccessControl.PropagationFlags]::None
$objType =[System.Security.AccessControl.AccessControlType]::Allow
$folder = "\profileshare\profiles\"
$users = (get-childitem $folder)
Foreach ($user in $users)
{
$acl = Get-Acl $folder$user
$current_owner = $acl.owner.split("\")
if($user.Name.tolower() -ne ([string]$current_owner[1]).tolower())
{
write-host $user " folder needs owner changed, set to "$user " from " $acl.owner
$objUser = New-Object System.Security.Principal.NTAccount("IIS_IUSRS")
$objACE = New-Object System.Security.AccessControl.FileSystemAccessRule($objUser, $Rights, $InheritanceFlag, $PropagationFlag, $objType)
$ACL.AddAccessRule($objACE)
$acl.SetOwner($objUser)
set-acl $folder$user $acl
}
else
{
write-host "Folder for $user set correctly"
}
}
此脚本获取文件夹的名称并使其成为文件夹的所有者。但它不给所有者完全访问权限。
$folder = "\profileshare\profiles\"
$users = (Get-Childitem $folder)
foreach ($user in $users) {
$acl = Get-Acl $folder$user
$current_owner = $acl.owner.split("\")
if ($user.Name.tolower() -ne ([string]$current_owner[1]).tolower()) {
Write-Host $user " folder needs owner changed, set to "$user " from " $acl.owner
$acl.SetOwner([System.Security.Principal.NTAccount]"$user")
Set-Acl $folder$user $acl
} else {
Write-Host "Folder for $user set correctly"
}
}
有人可以帮我授予所有者完全访问权限吗?
要让所有者自动获得完全访问权限,您需要在父文件夹 (\profileshare\profiles) 上设置 ACE,授予 CREATOR OWNER 对子文件夹和文件的完全控制权。
$folder = '\profileshare\profiles'
$acl = Get-Acl -Path $folder
$ace = New-Object Security.AccessControl.FileSystemAccessRule(
'CREATOR OWNER',
'FullControl',
'ObjectInherit,ContainerInherit',
'InheritOnly',
'Allow'
)
$acl.AddAccessRule($ace)
Set-Acl -Path $folder -AclObject $acl
如果父文件夹没有此设置,您需要手动撤销前所有者的权限并授予新所有者访问权限。
您是否搜索过答案?就在上周五,我为某个人发布了同样的代码,我很确定它会完成你正在寻找的东西。这将为给定用户构建一个 ACL 以授予他们 FullControl,并使子文件和文件夹也继承访问权限。
你只需要设置用户对象,ACE,并在循环内将ACE添加到ACL中,其他一切都可以在循环之前定义一次。
$Rights = [System.Security.AccessControl.FileSystemRights]"FullControl"
$InheritanceFlag = [System.Security.AccessControl.InheritanceFlags]"ObjectInherit,ContainerInherit"
$PropagationFlag = [System.Security.AccessControl.PropagationFlags]::None
$objType =[System.Security.AccessControl.AccessControlType]::Allow
$folder = "\profileshare\profiles\"
$users = (get-childitem $folder)
Foreach ($user in $users)
{
$acl = Get-Acl $folder$user
$current_owner = $acl.owner.split("\")
if($user.Name.tolower() -ne ([string]$current_owner[1]).tolower())
{
write-host $user " folder needs owner changed, set to "$user " from " $acl.owner
$objUser = New-Object System.Security.Principal.NTAccount("IIS_IUSRS")
$objACE = New-Object System.Security.AccessControl.FileSystemAccessRule($objUser, $Rights, $InheritanceFlag, $PropagationFlag, $objType)
$ACL.AddAccessRule($objACE)
$acl.SetOwner($objUser)
set-acl $folder$user $acl
}
else
{
write-host "Folder for $user set correctly"
}
}