Substitute icacls.exe with powershell

内置的帮助文件为您提供了这方面的指导。

Set Acl更改指定项的安全描述符，例如作为文件或注册表项。

# Get specifics for a module, cmdlet, or function
(Get-Command -Name Get-Acl).Parameters
(Get-Command -Name Get-Acl).Parameters.Keys
<#
# Results
Path
InputObject
LiteralPath
Audit
AllCentralAccessPolicies
Filter
Include
Exclude
...
#>
Get-help -Name Get-Acl -Examples
<#
# Results
Get-Acl C:Windows
Get-Acl -Path "C:Windowsk*.log" | 
Format-List -Property PSPath, Sddl
Get-Acl -Path "C:/Windows/k*.log" -Audit | 
ForEach-Object { $_.Audit.Count }
Get-Acl -Path "HKLM:SystemCurrentControlSetControl" |
Format-List
Get-Acl -InputObject (Get-StorageSubsystem -Name S087)
#>
Get-help -Name Get-Acl -Full
Get-help -Name Get-Acl -Online

(Get-Command -Name Set-Acl).Parameters
(Get-Command -Name Set-Acl).Parameters.Keys
<#
# Results
Path
InputObject
LiteralPath
AclObject
CentralAccessPolicy
ClearCentralAccessPolicy
Passthru
Filter
Include
Exclude
...
#>
Get-help -Name Set-Acl -Examples
<#
# Results
$DogACL = Get-Acl -Path "C:Dog.txt"
Set-Acl -Path "C:Cat.txt" -AclObject $DogACL
Get-Acl -Path "C:Dog.txt" | 
Set-Acl -Path "C:Cat.txt"
$NewAcl = Get-Acl File0.txt
Get-ChildItem -Path "C:temp" -Recurse -Include "*.txt" -Force | 
Set-Acl -AclObject $NewAcl
#>
Get-help -Name Set-Acl -Full
Get-help -Name Set-Acl -Online

您还可以通过Microsoft PowerShellGallery.com使用其他模块。

Find-Module -Name '*acl*', '*ntfs*' | 
Format-Table -AutoSize
<#
# Results
Version     Name                    Repository Description                                                                                                                                 
-------     ----                    ---------- -----------                                                                                                                                 
1.0.1       ACL-Permissions         PSGallery  A couple of ACL utilities, for repairing c...
1.30.1.28   ACLReportTools          PSGallery  Provides Cmdlets for reporting on Share ACLs.                                                                                               
1.7         ACLHelpers              PSGallery  Modules to help work with ACLs (Access Control Rights)                                                                                      
1.0.1.0     ACLCleanup              PSGallery  A set of tools to help you clean your files...
0.1.2       ACLTools                PSGallery  Module for managing NTFS Acls on files and folders                                                                                          
...
0.4         FileAclTools            PSGallery  Tools for quickly fixing file system ACLs                                                                                                   
...                                                                                                  
4.2.6       NTFSSecurity            PSGallery  Windows PowerShell Module for managing file ...
1.4.1       cNtfsAccessControl      PSGallery  The cNtfsAccessControl module contains DSC re...
1.0         NTFSPermissionMigration PSGallery  This module is used as a wrapper to the popular ...
#>

所以，对于你展示的

# Review current settings
Get-Acl -Path $env:SystemDrive | 
Format-List -Force
<#
# Results
Path   : Microsoft.PowerShell.CoreFileSystem::C:Windowssystem32
Owner  : NT SERVICETrustedInstaller
Group  : NT SERVICETrustedInstaller
Access : CREATOR OWNER Allow  268435456
NT AUTHORITYSYSTEM Allow  268435456
NT AUTHORITYSYSTEM Allow  Modify, Synchronize
BUILTINAdministrators Allow  268435456
BUILTINAdministrators Allow  Modify, Synchronize
BUILTINUsers Allow  -1610612736
BUILTINUsers Allow  ReadAndExecute, Synchronize
NT SERVICETrustedInstaller Allow  268435456
NT SERVICETrustedInstaller Allow  FullControl
APPLICATION PACKAGE AUTHORITYALL APPLICATION PACKAGES Allow  ReadAndExecute, Synchronize
APPLICATION PACKAGE AUTHORITYALL APPLICATION PACKAGES Allow  -1610612736
APPLICATION PACKAGE AUTHORITYALL RESTRICTED APPLICATION PACKAGES Allow  ReadAndExecute, Synchronize
APPLICATION PACKAGE AUTHORITYALL RESTRICTED APPLICATION PACKAGES Allow  -1610612736
Audit  : 
Sddl   : O:S-1-5-80-956008885-34...
#>

描述

Set-Acl cmdlet更改指定的项，如文件或注册表项，以匹配您提供的安全描述符。

要使用Set Acl，请使用Path或InputObject参数来标识要更改其安全描述符的项。然后，使用提供安全性的AclObject或SecurityDescriptor参数具有要应用的值的描述符。Set Acl应用提供的安全描述符。它使用AclObject参数作为模型，并更改项的安全描述符，以匹配AclObject参数中的值。

参数-AclObject指定具有所需属性值的ACL。Set Acl更改Path或InputObject参数指定的项的Acl以匹配指定安全对象中的值。

您可以将Get-Acl命令的输出保存在变量中，然后使用AclObject参数传递变量，或键入Get-Acl命令

表1类型：对象位置：1默认值：无接受管道输入：True(ByValue(接受通配符：False

所以，你只需要做这样的事情。。。按照上面的例子

$AclSettings = 'WhatEverSettingsYouWant'
Set-Acl -Path $env:SystemDrive -AclObject $AclSettings

StackOverflow上有一个类似的问题：

使用set acl和Powershell

然后是这个指南：

这是MSDN页面，描述了标志以及它们的各种组合。https://msdn.microsoft.com/en-us/library/ms229747(v=vs.100(.aspx

InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit 
PropagationFlags.None

以下是一些简洁的PowerShell代码，用于将新权限应用于文件夹的现有ACL(访问控制列表(。

# Get the ACL for an existing folder
$existingAcl = Get-Acl -Path 'C:DemoFolder'
# Set the permissions that you want to apply to the folder
$permissions = $env:username, 'Read,Modify', 'ContainerInherit,ObjectInherit', 'None', 'Allow'
# Create a new FileSystemAccessRule object
$rule = New-Object -TypeName System.Security.AccessControl.FileSystemAccessRule -ArgumentList $permissions
# Modify the existing ACL to include the new rule
$existingAcl.SetAccessRule($rule)
# Apply the modified access rule to the folder
$existingAcl | Set-Acl -Path 'C:DemoFolder'
<#
Each of the values in the $permissions variable list pertain to the parameters of this constructor for the FileSystemAccessRule class.
#>