icacls D:\test\gg* /grant[:r] Users:F /t #覆盖子目录所有文件完全控制
上面命令,仅能对文件夹中的文件起作用,文件夹本身不起作用,请问有什么语法,支持直接操作文件夹权限的吗
答案是有的,即:
#文件夹权限覆盖更新允许Users可读写修改
$acl = Get-Acl 下级文件夹名称
# 添加第一个规则:
$person = [System.Security.Principal.NTAccount]"Administrator"
$access = [System.Security.AccessControl.FileSystemRights]"FullControl"
$inheritance = [System.Security.AccessControl.InheritanceFlags] "ObjectInherit,ContainerInherit"
$propagation = [System.Security.AccessControl.PropagationFlags]"None"
$type = [System.Security.AccessControl.AccessControlType]"Allow"
$rule = New-Object System.Security.AccessControl.FileSystemAccessRule( $person,$access,$inheritance,$propagation,$type)
$acl.AddAccessRule($rule)
# 添加第二个规则:
$person = [System.Security.Principal.NTAccount]"Users"
$access = [System.Security.AccessControl.FileSystemRights]"Modify"
$inheritance = [System.Security.AccessControl.InheritanceFlags] "ObjectInherit,ContainerInherit"
$propagation = [System.Security.AccessControl.PropagationFlags]"None"
$type = [System.Security.AccessControl.AccessControlType]"Allow"
$rule = New-Object System.Security.AccessControl.FileSystemAccessRule( $person,$access,$inheritance,$propagation,$type)
$acl.AddAccessRule($rule)
# 保存权限更新:
Set-Acl 下级文件夹名称 $acl
权限字典:
[System.Enum]::GetNames([System.Security.AccessControl.FileSystemRights])
ListDirectory
ReadData
WriteData
CreateFiles
CreateDirectories
AppendData
ReadExtendedAttributes
WriteExtendedAttributes
Traverse
ExecuteFile
DeleteSubdirectoriesAndFiles
ReadAttributes
WriteAttributes
Write
Delete
ReadPermissions
Read
ReadAndExecute
Modify
ChangePermissions
TakeOwnership
Synchronize
FullControl