POwershell 更改文件权限
今天需要给某个网络共享的大文件重新配置一个权限。这个文件夹下面有很多乱七八糟的小文件,很多创建人甚至已经离开公司了。如果一个个地目录手动修改所有者权限,再打开继承关系,这样比较麻烦,这个时候自然是用脚本比较方便了。
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
|
#网上找的现成的高级方法来enable继承关系
function
Set-NTFSInheritance
{
<#
.SYNOPSIS
Enable or Disable the NTFS permissions inheritance.
.DESCRIPTION
Enable or Disable the NTFS permissions inheritance on files and/or folders.
.EXAMPLE
$Folders = Get-Childitem -Path 'e:\homedirs' | Where-Object {$_.Attributes -eq 'Directory'}
$Folders | foreach {
$_ | Set-NTFSInheritance -Enable
}
.NOTES
Author : Jeff Wouters
Date : 8th of May 2014
#>
[
cmdletbinding
(defaultparametersetname=
'Enable'
)]
param
(
[
parameter
(
mandatory
=
$true
,
position
=0,
valuefrompipeline
=
$true
,
parametersetname
=
'Enable'
)]
[
parameter
(
mandatory
=
$true
,
position
=0,
valuefrompipeline
=
$true
,
parametersetname
=
'Disable'
)]
$Path
,
[
parameter
(
mandatory
=
$false
,
parametersetname
=
'Enable'
)]
[switch]
$Enable
,
[
parameter
(
mandatory
=
$false
,
parametersetname
=
'Disable'
)]
[switch]
$Disable
)
begin
{
}
process
{
$ACL
=
get-acl
$_
.FullName
switch
(
$PSCmdlet
.
ParameterSetName
) {
'Enable'
{
$ACL
.SetAccessRuleProtection(
$false
,
$false
)
}
'Disable'
{
$ACL
.SetAccessRuleProtection(
$true
,
$true
)
}
}
try {
$ACL
|
Set-Acl
-Passthru
} catch {
$_
.Exception
}
}
end
{
}
}
#自己调用一下上面的方法,基本上就是三步走,第一个夺取所有权;第二打开继承关系;第三在最上面设置权限
function
ChangePermission {
[
cmdletbinding
(defaultparametersetname=
'Enable'
)]
param
(
[
Parameter
(
Mandatory
=
$true
)]
[string]
$path
,
[
Parameter
(
Mandatory
=
$true
)]
[string]
$group
)
#Step 1: take over ownership
takeown.exe /f
$path
/r /d Y
#Step 2: enable inheritance for all subfolders
$Folders
=
Get-Childitem
-Path
$path
-Recurse
$Folders
|
foreach
{
$_
|
Set-NTFSInheritance
-Enable
}
#Step3: setup NTFS Modify permission from the parent folder
$perm2
=
':(OI)(CI)(M)'
write-host
$path
-ForegroundColor Cyan
icacls
$path
/grant
"$($group)$perm2"
}
#最后调用函数即可
$parent
=
"\\syd02\Creative TRACK\CLIENT FOLDERS\WESTPAC"
Get-ChildItem
$parent
|
foreach
{
$_
.fullname
ChangePermission -path
$_
.FullName -group
"Sydney Track Creative"
}
|
本文转自 beanxyz 51CTO博客,原文链接:http://blog.51cto.com/beanxyz/1901607,如需转载请自行联系原作者