Powershell ACL AddAccessRule
Powershell ACL AddAccessRule
我目前正在尝试使用 PowerShell 设置权限。
这是我的代码:
$Rights = [System.Security.AccessControl.FileSystemRights] "DeleteSubdirectoriesAndFiles, Write, ReadAndExecute, Synchronize"
$Access=[System.Security.AccessControl.AccessControlType]::Allow
$Inherit=[System.Security.AccessControl.InheritanceFlags]::ContainerInherit -bor [System.Security.AccessControl.InheritanceFlags]::ObjectInherit
$Prop=[System.Security.AccessControl.PropagationFlags]::None
$DirPath = "\CENSOREDDIR" + $ComboBox1.SelectedItem + "\" + $TextBox1.Text
Write-Host $DirPath
New-Item $DirPath -ItemType Directory
$GroupPath = $GruppenHT[$ComboBox1.SelectedItem]
$GroupPathFull = "RES-" + $GroupPath + "-L-C"
Write-Host "Group:"$GroupPathFull
$AccessRule = new-object System.Security.AccessControl.FileSystemAccessRule $GroupPathFull,$Rights,$Inherit,$Prop,$Access
Write-Host "AccessRule:"$AccessRule
$ACL = Get-ACL $DirPath
Write-Host "DIR:"$DirPath
$ACL.AddAccessRule($AccessRule)
Write-Host "Permissions:"$ACL.Access
这是调试输出的样子:
Group: RES-CENSOREDGROUP-L-C <-- CORRECT
AccessRule: System.Security.AccessControl.FileSystemAccessRule
DIR: \CENSOREDDIR\test <-- CORRECT
Permissions: System.Security.AccessControl.FileSystemAccessRule System.Security.AccessControl.FileSystemAccessRule System.Security.AccessControl.FileSystemAccessRule S
ystem.Security.AccessControl.FileSystemAccessRule System.Security.AccessControl.FileSystemAccessRule System.Security.AccessControl.FileSystemAccessRule System.Security
.AccessControl.FileSystemAccessRule System.Security.AccessControl.FileSystemAccessRule
但是什么也没有发生。没有报错,但是目录没有权限。
我也觉得有点奇怪,脚本执行后变量就没有了。这在 PowerShell ISE 中实际上总是如此?
是不是因为整个事情都在一个"Button_Click"事件中?
也许有人知道该怎么做。
您只是在更改对象 $ACL。您必须使用 Set-Acl:
将其应用于 $DirPath
Set-Acl $DirPath $ACL
#Blob软删除
#启用分层命名空间时尚不支持Blob软删除
#Enable-AzStorageDeleteRetentionPolicy -RetentionDays $RetentionDaysForBlobs -Context $ctx
#>
<#
#通过以下几点可以使用客户管理的密钥创建加密存储帐户
#1。只能在现有存储帐户上启用
#2。客户管理的密钥依赖于 MI,因此 MI 会自动创建到存储帐户,并在 keyvault URI 上具有 get、wrap key、unwrap key 等权限。
#3。将存储帐户移动到不同的 AD 目录,托管标识不会移动并导致无法访问密钥保管库 URI
#https://docs.microsoft.com/en-us/azure/storage/common/customer-managed-keys-overview#enable-customer-managed-keys-for-a-storage-account
#blob 存储的加密范围
#https://docs.microsoft.com/en-us/azure/storage/blobs/encryption-scope-overview
#创建 blob 或容器时指定加密范围
#https://docs.microsoft.com/en-us/azure/storage/blobs/encryption-scope-manage?tabs=portal#create-an-encryption-scope
#使用存储在 Azure Key Vault 中的客户管理密钥配置加密
#https://docs.microsoft.com/en-us/azure/storage/common/customer-managed-keys-configure-key-vault?tabs=powershell
#>
#为存储帐户创建托管标识
#To enable this feature the permissions for adding managed identity on storage account needed
我目前正在尝试使用 PowerShell 设置权限。
这是我的代码:
$Rights = [System.Security.AccessControl.FileSystemRights] "DeleteSubdirectoriesAndFiles, Write, ReadAndExecute, Synchronize"
$Access=[System.Security.AccessControl.AccessControlType]::Allow
$Inherit=[System.Security.AccessControl.InheritanceFlags]::ContainerInherit -bor [System.Security.AccessControl.InheritanceFlags]::ObjectInherit
$Prop=[System.Security.AccessControl.PropagationFlags]::None
$DirPath = "\CENSOREDDIR" + $ComboBox1.SelectedItem + "\" + $TextBox1.Text
Write-Host $DirPath
New-Item $DirPath -ItemType Directory
$GroupPath = $GruppenHT[$ComboBox1.SelectedItem]
$GroupPathFull = "RES-" + $GroupPath + "-L-C"
Write-Host "Group:"$GroupPathFull
$AccessRule = new-object System.Security.AccessControl.FileSystemAccessRule $GroupPathFull,$Rights,$Inherit,$Prop,$Access
Write-Host "AccessRule:"$AccessRule
$ACL = Get-ACL $DirPath
Write-Host "DIR:"$DirPath
$ACL.AddAccessRule($AccessRule)
Write-Host "Permissions:"$ACL.Access
这是调试输出的样子:
Group: RES-CENSOREDGROUP-L-C <-- CORRECT
AccessRule: System.Security.AccessControl.FileSystemAccessRule
DIR: \CENSOREDDIR\test <-- CORRECT
Permissions: System.Security.AccessControl.FileSystemAccessRule System.Security.AccessControl.FileSystemAccessRule System.Security.AccessControl.FileSystemAccessRule S
ystem.Security.AccessControl.FileSystemAccessRule System.Security.AccessControl.FileSystemAccessRule System.Security.AccessControl.FileSystemAccessRule System.Security
.AccessControl.FileSystemAccessRule System.Security.AccessControl.FileSystemAccessRule
但是什么也没有发生。没有报错,但是目录没有权限。
我也觉得有点奇怪,脚本执行后变量就没有了。这在 PowerShell ISE 中实际上总是如此?
是不是因为整个事情都在一个"Button_Click"事件中?
也许有人知道该怎么做。
您只是在更改对象 $ACL。您必须使用 Set-Acl:
$DirPath
Set-Acl $DirPath $ACL
#Blob软删除 #启用分层命名空间时尚不支持Blob软删除 #Enable-AzStorageDeleteRetentionPolicy -RetentionDays $RetentionDaysForBlobs -Context $ctx
#>
<#
#通过以下几点可以使用客户管理的密钥创建加密存储帐户 #1。只能在现有存储帐户上启用 #2。客户管理的密钥依赖于 MI,因此 MI 会自动创建到存储帐户,并在 keyvault URI 上具有 get、wrap key、unwrap key 等权限。 #3。将存储帐户移动到不同的 AD 目录,托管标识不会移动并导致无法访问密钥保管库 URI #https://docs.microsoft.com/en-us/azure/storage/common/customer-managed-keys-overview#enable-customer-managed-keys-for-a-storage-account
#blob 存储的加密范围 #https://docs.microsoft.com/en-us/azure/storage/blobs/encryption-scope-overview
#创建 blob 或容器时指定加密范围 #https://docs.microsoft.com/en-us/azure/storage/blobs/encryption-scope-manage?tabs=portal#create-an-encryption-scope
#使用存储在 Azure Key Vault 中的客户管理密钥配置加密 #https://docs.microsoft.com/en-us/azure/storage/common/customer-managed-keys-configure-key-vault?tabs=powershell
#>
#为存储帐户创建托管标识 #To enable this feature the permissions for adding managed identity on storage account needed