我目前正在尝试使用PowerShell设置权限。
这是我的代码:
$Rights = [System.Security.AccessControl.FileSystemRights] "DeleteSubdirectoriesAndFiles, Write, ReadAndExecute, Synchronize"
$Access=[System.Security.AccessControl.AccessControlType]::Allow
$Inherit=[System.Security.AccessControl.InheritanceFlags]::ContainerInherit -bor [System.Security.AccessControl.InheritanceFlags]::ObjectInherit
$Prop=[System.Security.AccessControl.PropagationFlags]::None
$DirPath = "\CENSOREDDIR" + $ComboBox1.SelectedItem + "" + $TextBox1.Text
Write-Host $DirPath
New-Item $DirPath -ItemType Directory
$GroupPath = $GruppenHT[$ComboBox1.SelectedItem]
$GroupPathFull = "RES-" + $GroupPath + "-L-C"
Write-Host "Group:"$GroupPathFull
$AccessRule = new-object System.Security.AccessControl.FileSystemAccessRule $GroupPathFull,$Rights,$Inherit,$Prop,$Access
Write-Host "AccessRule:"$AccessRule
$ACL = Get-ACL $DirPath
Write-Host "DIR:"$DirPath
$ACL.AddAccessRule($AccessRule)
Write-Host "Permissions:"$ACL.Access
调试的输出如下所示:
Group: RES-CENSOREDGROUP-L-C <-- CORRECT
AccessRule: System.Security.AccessControl.FileSystemAccessRule
DIR: \CENSOREDDIRtest <-- CORRECT
Permissions: System.Security.AccessControl.FileSystemAccessRule System.Security.AccessControl.FileSystemAccessRule System.Security.AccessControl.FileSystemAccessRule S
ystem.Security.AccessControl.FileSystemAccessRule System.Security.AccessControl.FileSystemAccessRule System.Security.AccessControl.FileSystemAccessRule System.Security
.AccessControl.FileSystemAccessRule System.Security.AccessControl.FileSystemAccessRule
但什么也没发生。不显示任何错误,但权限不在目录上。
我还发现脚本执行后变量不再可用有点奇怪。在PowerShell ISE中,这种情况实际上总是如此?
是因为整个事情都在"Button_Click"事件中吗?
也许有人知道该怎么做。
您只是在更改对象$ACL。您必须将其应用于$DirPathSet-Acl:
Set-Acl $DirPath $ACL
#Blob 软删除 启用分层命名空间时尚不支持 #Blob 软删除 #Enable-AzStorageDeleteRetentionPolicy -RetentionDays $RetentionDaysForBlobs -Context $ctx
#>
<#>
#double 加密 #https://learn.microsoft.com/en-us/azure/storage/common/infrastructure-encryption-enable?tabs=powershell
#creating 可以使用客户管理的密钥进行加密的存储帐户,符合以下几点 #1.只能在现有存储帐户上启用 #2.客户管理的密钥依赖于 MI,因此会自动创建 MI 到具有密钥保管库 URI 上的获取、包装密钥、解包密钥等权限的存储帐户。 #3.将存储帐户移动到不同的 AD 目录,托管标识不会移动,并导致无法访问密钥保管库 URI #https://learn.microsoft.com/en-us/azure/storage/common/customer-managed-keys-overview#enable-customer-managed-keys-for-a-storage-account
#Encrytpion Blob 存储的范围 #https://learn.microsoft.com/en-us/azure/storage/blobs/encryption-scope-overview
创建 Blob 或容器时 #specify 加密范围 #https://learn.microsoft.com/en-us/azure/storage/blobs/encryption-scope-manage?tabs=portal#create-an-encryption-scope
使用存储在 Azure 密钥保管库中的客户管理的密钥进行 #Configure 加密 #https://learn.microsoft.com/en-us/azure/storage/common/customer-managed-keys-configure-key-vault?tabs=powershell
#Configuring 加密以自动更新密钥版本 #https://learn.microsoft.com/en-us/azure/storage/common/customer-managed-keys-configure-key-vault?tabs=powershell#configure-encryption-for-automatic-updating-of-key-versions
#>
#Creating 存储帐户的托管标识 #To 启用此功能,则需要在存储帐户上添加托管标识的权限