我试图模仿右键单击文件夹、在文件夹上设置“修改”并将权限应用于特定文件夹、子文件夹和文件的操作。
我主要使用 Powershell,但是继承仅设置为“子文件夹和文件”,而不是整个“此文件夹、子文件夹和文件”。
System.Security.AccessControl.PropagationFlags 是否有一些未列出的标志可以正确设置?
这是我迄今为止正在处理的内容。
$Folders = Get-childItem c:\TEMP\
$InheritanceFlag = [System.Security.AccessControl.InheritanceFlags]::ContainerInherit -bor [System.Security.AccessControl.InheritanceFlags]::ObjectInherit
$PropagationFlag = [System.Security.AccessControl.PropagationFlags]::InheritOnly
$objType = [System.Security.AccessControl.AccessControlType]::Allow
foreach ($TempFolder in $Folders)
{
echo "Loop Iteration"
$Folder = $TempFolder.FullName
$acl = Get-Acl $Folder
$permission = "domain\user","Modify", $InheritanceFlag, $PropagationFlag, $objType
$accessRule = New-Object System.Security.AccessControl.FileSystemAccessRule $permission
$acl.SetAccessRule($accessRule)
Set-Acl $Folder $acl
}
最佳答案
下表可帮助查找不同权限组合所需的标志。
╔═════════════╦═════════════╦═══════════════════════════════╦════════════════════════╦══════════════════╦═══════════════════════╦═════════════╦═════════════╗
║ ║ folder only ║ folder, sub-folders and files ║ folder and sub-folders ║ folder and files ║ sub-folders and files ║ sub-folders ║ files ║
╠═════════════╬═════════════╬═══════════════════════════════╬════════════════════════╬══════════════════╬═══════════════════════╬═════════════╬═════════════╣
║ Propagation ║ none ║ none ║ none ║ none ║ InheritOnly ║ InheritOnly ║ InheritOnly ║
║ Inheritance ║ none ║ Container|Object ║ Container ║ Object ║ Container|Object ║ Container ║ Object ║
╚═════════════╩═════════════╩═══════════════════════════════╩════════════════════════╩══════════════════╩═══════════════════════╩═════════════╩═════════════╝
所以,as David said ,你会想要
InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit PropagationFlags.None
关于powershell - 使用 set-acl 和 powershell 设置继承和传播标志,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/3282656/