以下脚本需要很长时间才能申请文件夹权限。
$path = 'C:inetpubTestbuildfolder'
$acl = Get-Acl -Path $path
$acl.SetAccessRuleProtection($true,$False)
$acl | Set-Acl -Path $path
$acl = Get-Acl -Path $path
$object = New-Object System.Security.Principal.Ntaccount("BUILTINAdministrators")
$acl.SetOwner($object)
$acl | Set-Acl -Path $path
$acl = Get-Acl -Path $path
$permission = 'BUILTINAdministrators', 'FullControl', 'ContainerInherit, ObjectInherit', 'None', 'Allow'
$rule = New-Object -TypeName System.Security.AccessControl.FileSystemAccessRule -ArgumentList $permission
$acl.SetAccessRule($rule)
$acl | Set-Acl -Path $path
$acl = Get-Acl -Path $path
$permission = 'BUILTINIIS_IUSRS', 'FullControl', 'ContainerInherit, ObjectInherit', 'None', 'Allow'
$rule = New-Object -TypeName System.Security.AccessControl.FileSystemAccessRule -ArgumentList $permission
$acl.SetAccessRule($rule)
$acl | Set-Acl -Path $path
由于继承和传播,在包含大量子文件夹和/或项目的文件夹上设置权限需要时间。
但是,您可以通过删除第 13 行和第 14 行并将第 17 行更改为$acl.AddAccessRule($rule)来加快速度。
这样,脚本就不必在所有基础文件夹和文件上设置两次新权限,而是一次性为两个组设置新权限。
# first step is to set the owner
$path = 'C:inetpubTestbuildfolder'
$acl = Get-Acl -Path $path
$acl.SetAccessRuleProtection($true,$False)
$acl | Set-Acl -Path $path
$acl = Get-Acl -Path $path
$object = New-Object System.Security.Principal.Ntaccount("BUILTINAdministrators")
$acl.SetOwner($object)
$acl | Set-Acl -Path $path
# next step is to set permissions for two groups
$acl = Get-Acl -Path $path
# first group
$permission = 'BUILTINAdministrators', 'FullControl', 'ContainerInherit, ObjectInherit', 'None', 'Allow'
$rule = New-Object -TypeName System.Security.AccessControl.FileSystemAccessRule -ArgumentList $permission
$acl.SetAccessRule($rule)
# second group
$permission = 'BUILTINIIS_IUSRS', 'FullControl', 'ContainerInherit, ObjectInherit', 'None', 'Allow'
$rule = New-Object -TypeName System.Security.AccessControl.FileSystemAccessRule -ArgumentList $permission
$acl.AddAccessRule($rule)
# set the permissions
$acl | Set-Acl -Path $path
希望有帮助