Powershell:无法设置模型文件夹的 acl 权限
Powershell: can't set-acl permissions of Model Folder
在 PowerShell 中
我已经创建了一个模型文件夹并且运行:
Get-ACL \server\folder | % {$_.Access}
这是我要模拟的权限的输出:
FileSystemRights : DeleteSubdirectoriesAndFiles, Modify, Synchronize
AccessControlType : Allow
IdentityReference : CONTOSO\bgates
IsInherited : False
InheritanceFlags : ContainerInherit, ObjectInherit
PropagationFlags : None
换句话说:我进入了 bgates 的高级安全设置并给他完全控制并且未选中 "Take Ownership"。
我正在尝试将 FileSystemRights 字段中的上述部分输入到我在网上找到的脚本中(对于我来说,我找不到 link),以便它可以创建一个文件夹相同的权限。
# this script checks to see if the folder has already been created
# if it hasn't it will create the folder then sets permissions on it
# then verifies if the folder has been created or not
# NEED TO CHANGE PATH ($Path = '\server\folder\folder') !!!
# NEED TO CHANGE USER PERMISSION ($permission = 'UserAliasGoesHere') !!!
# this is the path for the new folder
$Path = '\server\folder'
# test to see if folder already exists
if (Test-Path $Path) {
Write-Host -ForegroundColor Yellow "
-------------------------------------------------------
`n
The folder has previously been created. No action taken
`n
-------------------------------------------------------
"
}
else {
# create new folder
$null = New-Item -Path $Path -ItemType Directory
# get permissions
$acl = Get-Acl -Path $path
# add a new permission (FullControl, Modify, Read)
$permission = 'bobmarley', 'Allow', 'Deletesubdirectories', 'Modify', Synchronize'
$rule = New-Object -TypeName System.Security.AccessControl.FileSystemAccessRule -ArgumentList $permission
$acl.SetAccessRule($rule)
# set new permissions
$acl | Set-Acl -Path $path
# verify the folder has been created
if (Test-Path $Path) {
Write-Host -ForegroundColor Green "
----------------------------
`n
The folder has been created.
`n
----------------------------
"
}
else {
Write-Host -ForegroundColor Red "
--------------------------------
`n
The folder has not been created.
`n
--------------------------------
"
}
}
当然,这不幸地失败了,并显示以下错误消息:
新对象:无法将参数“1”转换为值:"Allow",对于 "FileSystemAccessRule" 类型 "System.Security.AccessControl.FileSystemRights":“无法将值 "Allow" 转换为类型"System.Security.AccessControl.FileSystemRights"。错误:“无法匹配
标识符名称 允许使用有效的枚举器名称。指定以下枚举器名称之一,然后重试:
ListDirectory、ReadData、WriteData、CreateFiles、CreateDirectories、AppendData、ReadExtendedAttributes、WriteExtendedAttributes、Traverse、ExecuteFile、DeleteSubdirectoriesAndFiles、ReadAttributes、WriteAttributes、写入、删除、ReadPermissions、读取、
ReadAndExecute、Modify、ChangePermissions、TakeOwnership、Synchronize、FullControl""
在 line:28 char:9
+ $rule = New-Object -TypeName System.Security.AccessControl.FileSystem ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (:) [新对象], MethodException
+ FullyQualifiedErrorId : ConstructorInvokedThrowException,Microsoft.PowerShell.Commands.NewObjectCommand
使用“1”个参数调用 "SetAccessRule" 异常:“值不能为空。
参数名称:规则”
在 line:29 char:1
+ $acl.SetAccessRule($规则)
+ ~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [], MethodInvocationException
+ FullyQualifiedErrorId:ArgumentNullException
我阅读了错误消息,当然我发现没有我的 get-acl 输出组合适用于此处。
现在,显然,我认为这里的问题是我不了解如何将我想要的权限添加到此脚本中。我的猜测是,也许这个脚本或 New-Object -TypeName 是不正确的,但我真的找不到“-ArgumentList”的文档,所以我知道如何插入权限。
如果有人能告诉我我在这里做错了什么,并告诉我配置我正在寻找的权限的适当方法,我将不胜感激。
无限感激,
Antifriese 先生
定义 "permission" 时使用的语法与文件系统访问规则对象的构造函数之一不匹配。这个MSDN site has what values you need to put in what order in the Constructor section. This TechNet Article has an example. The error message basically says, this didn't work because Allow isn't a FileSystemRights值。
以下是您的规则,参数的语法和顺序正确:
$permission = 'bobmarley', 'DeleteSubdirectoriesAndFiles, Modify, Synchronize', 'ContainerInherit, ObjectInherit', 'None', "Allow"
在 PowerShell 中
我已经创建了一个模型文件夹并且运行:
Get-ACL \server\folder | % {$_.Access}
这是我要模拟的权限的输出:
FileSystemRights : DeleteSubdirectoriesAndFiles, Modify, Synchronize
AccessControlType : Allow
IdentityReference : CONTOSO\bgates
IsInherited : False
InheritanceFlags : ContainerInherit, ObjectInherit
PropagationFlags : None
换句话说:我进入了 bgates 的高级安全设置并给他完全控制并且未选中 "Take Ownership"。
我正在尝试将 FileSystemRights 字段中的上述部分输入到我在网上找到的脚本中(对于我来说,我找不到 link),以便它可以创建一个文件夹相同的权限。
# this script checks to see if the folder has already been created
# if it hasn't it will create the folder then sets permissions on it
# then verifies if the folder has been created or not
# NEED TO CHANGE PATH ($Path = '\server\folder\folder') !!!
# NEED TO CHANGE USER PERMISSION ($permission = 'UserAliasGoesHere') !!!
# this is the path for the new folder
$Path = '\server\folder'
# test to see if folder already exists
if (Test-Path $Path) {
Write-Host -ForegroundColor Yellow "
-------------------------------------------------------
`n
The folder has previously been created. No action taken
`n
-------------------------------------------------------
"
}
else {
# create new folder
$null = New-Item -Path $Path -ItemType Directory
# get permissions
$acl = Get-Acl -Path $path
# add a new permission (FullControl, Modify, Read)
$permission = 'bobmarley', 'Allow', 'Deletesubdirectories', 'Modify', Synchronize'
$rule = New-Object -TypeName System.Security.AccessControl.FileSystemAccessRule -ArgumentList $permission
$acl.SetAccessRule($rule)
# set new permissions
$acl | Set-Acl -Path $path
# verify the folder has been created
if (Test-Path $Path) {
Write-Host -ForegroundColor Green "
----------------------------
`n
The folder has been created.
`n
----------------------------
"
}
else {
Write-Host -ForegroundColor Red "
--------------------------------
`n
The folder has not been created.
`n
--------------------------------
"
}
}
当然,这不幸地失败了,并显示以下错误消息:
新对象:无法将参数“1”转换为值:"Allow",对于 "FileSystemAccessRule" 类型 "System.Security.AccessControl.FileSystemRights":“无法将值 "Allow" 转换为类型"System.Security.AccessControl.FileSystemRights"。错误:“无法匹配 标识符名称 允许使用有效的枚举器名称。指定以下枚举器名称之一,然后重试: ListDirectory、ReadData、WriteData、CreateFiles、CreateDirectories、AppendData、ReadExtendedAttributes、WriteExtendedAttributes、Traverse、ExecuteFile、DeleteSubdirectoriesAndFiles、ReadAttributes、WriteAttributes、写入、删除、ReadPermissions、读取、 ReadAndExecute、Modify、ChangePermissions、TakeOwnership、Synchronize、FullControl"" 在 line:28 char:9 + $rule = New-Object -TypeName System.Security.AccessControl.FileSystem ... + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~ + CategoryInfo : InvalidOperation: (:) [新对象], MethodException + FullyQualifiedErrorId : ConstructorInvokedThrowException,Microsoft.PowerShell.Commands.NewObjectCommand
使用“1”个参数调用 "SetAccessRule" 异常:“值不能为空。 参数名称:规则” 在 line:29 char:1 + $acl.SetAccessRule($规则) + ~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : NotSpecified: (:) [], MethodInvocationException + FullyQualifiedErrorId:ArgumentNullException
我阅读了错误消息,当然我发现没有我的 get-acl 输出组合适用于此处。
现在,显然,我认为这里的问题是我不了解如何将我想要的权限添加到此脚本中。我的猜测是,也许这个脚本或 New-Object -TypeName 是不正确的,但我真的找不到“-ArgumentList”的文档,所以我知道如何插入权限。
如果有人能告诉我我在这里做错了什么,并告诉我配置我正在寻找的权限的适当方法,我将不胜感激。
无限感激, Antifriese 先生
定义 "permission" 时使用的语法与文件系统访问规则对象的构造函数之一不匹配。这个MSDN site has what values you need to put in what order in the Constructor section. This TechNet Article has an example. The error message basically says, this didn't work because Allow isn't a FileSystemRights值。
以下是您的规则,参数的语法和顺序正确:
$permission = 'bobmarley', 'DeleteSubdirectoriesAndFiles, Modify, Synchronize', 'ContainerInherit, ObjectInherit', 'None', "Allow"