FileSystemRights 未部署
FileSystemRights don't get deployed
我正在编写一个函数,将路径 A 的 ACL 等同于路径 B(路径 A 也可以是服务器 A 和服务器 B 上的路径 B)。几乎一切都按预期工作,用户被部署到目标路径,但 FileSystemRights 没有被部署,即使我在函数中硬编码 "FullControl"。
我以前从未在 PowerShell 中使用过 ACL,我的大部分代码都是从这里复制的:https://technet.microsoft.com/en-us/library/ff730951.aspx?f=255&MSPPError=-2147217396
为什么我的 FileSystemRights 没有部署?
Process {
# get ACL from source path
$gacl = get-acl $SourcePath | select -ExpandProperty Access | % {
$ErrorActionPreference = "SilentlyContinue"
[string]$user = ($_.IdentityReference).Value.split('\')[1]
[string]$AccessType = $_.AccessControlType
$FSRights = $_.FileSystemRights
if (!$user) { Write-Warning "User not found. Skipping ACL settings for this user. Username: $(($_.IdentityReference).Value)`n"}
else{
# Create ACL Object
$colRights = [System.Security.AccessControl.FileSystemRights]"FullControl"
$InheritanceFlag = [System.Security.AccessControl.InheritanceFlags]::None
$PropagationFlag = [System.Security.AccessControl.PropagationFlags]::None
$objType =[System.Security.AccessControl.AccessControlType]$AccessType
$objUser = New-Object System.Security.Principal.NTAccount($user)
$objACE = New-Object System.Security.AccessControl.FileSystemAccessRule($objUser, $colRights, $InheritanceFlag, $PropagationFlag, $objType)
# Set the ACL
Write-Host "Setting ACL for User: $User on $DestinationPath" -ForegroundColor Green
$objACL = get-acl $DestinationPath
$ErrorActionPreference = "Stop"
Try {
$objACL.AddAccessRule($objACE)
$sacl = set-acl $DestinationPath $objACL
Write-Host "Success!`n" -ForegroundColor Green
} Catch {
Write-Host "Failed! ErrorMessage:" -ForegroundColor Red
$_.Exception.Message
}}
}}
我放弃了,决定只使用一个对我有用的模块。我使用了以下模块:https://gallery.technet.microsoft.com/scriptcenter/1abd77a5-9c0b-4a2b-acef-90dbb2b84e85
这就是结束函数。很简单:
function Equate-ACL {
param(
[Parameter(Mandatory=$true,Position=0)]
[string]$SourcePath,
[Parameter(Mandatory=$true,Position=1)]
[string]$DestinationPath
)
if(!(get-module NTFSSecurity)) { import-module NTFSSecurity }
$ErrorActionPreference = "Stop"
Try {
$SourcePath | Get-NTFSAccess | Add-NTFSAccess $DestinationPath
} Catch {
Write-Warning "Konnte ACL von $Sourcepath nicht auf $Destinationpath setzen."
}
}
我正在编写一个函数,将路径 A 的 ACL 等同于路径 B(路径 A 也可以是服务器 A 和服务器 B 上的路径 B)。几乎一切都按预期工作,用户被部署到目标路径,但 FileSystemRights 没有被部署,即使我在函数中硬编码 "FullControl"。
我以前从未在 PowerShell 中使用过 ACL,我的大部分代码都是从这里复制的:https://technet.microsoft.com/en-us/library/ff730951.aspx?f=255&MSPPError=-2147217396
为什么我的 FileSystemRights 没有部署?
Process {
# get ACL from source path
$gacl = get-acl $SourcePath | select -ExpandProperty Access | % {
$ErrorActionPreference = "SilentlyContinue"
[string]$user = ($_.IdentityReference).Value.split('\')[1]
[string]$AccessType = $_.AccessControlType
$FSRights = $_.FileSystemRights
if (!$user) { Write-Warning "User not found. Skipping ACL settings for this user. Username: $(($_.IdentityReference).Value)`n"}
else{
# Create ACL Object
$colRights = [System.Security.AccessControl.FileSystemRights]"FullControl"
$InheritanceFlag = [System.Security.AccessControl.InheritanceFlags]::None
$PropagationFlag = [System.Security.AccessControl.PropagationFlags]::None
$objType =[System.Security.AccessControl.AccessControlType]$AccessType
$objUser = New-Object System.Security.Principal.NTAccount($user)
$objACE = New-Object System.Security.AccessControl.FileSystemAccessRule($objUser, $colRights, $InheritanceFlag, $PropagationFlag, $objType)
# Set the ACL
Write-Host "Setting ACL for User: $User on $DestinationPath" -ForegroundColor Green
$objACL = get-acl $DestinationPath
$ErrorActionPreference = "Stop"
Try {
$objACL.AddAccessRule($objACE)
$sacl = set-acl $DestinationPath $objACL
Write-Host "Success!`n" -ForegroundColor Green
} Catch {
Write-Host "Failed! ErrorMessage:" -ForegroundColor Red
$_.Exception.Message
}}
}}
我放弃了,决定只使用一个对我有用的模块。我使用了以下模块:https://gallery.technet.microsoft.com/scriptcenter/1abd77a5-9c0b-4a2b-acef-90dbb2b84e85
这就是结束函数。很简单:
function Equate-ACL {
param(
[Parameter(Mandatory=$true,Position=0)]
[string]$SourcePath,
[Parameter(Mandatory=$true,Position=1)]
[string]$DestinationPath
)
if(!(get-module NTFSSecurity)) { import-module NTFSSecurity }
$ErrorActionPreference = "Stop"
Try {
$SourcePath | Get-NTFSAccess | Add-NTFSAccess $DestinationPath
} Catch {
Write-Warning "Konnte ACL von $Sourcepath nicht auf $Destinationpath setzen."
}
}