#本腳本會對一個路徑及其下的目錄和文件添加一樣的權限 $path="D:\file_T" #本地的用戶或組直接寫入組:users 用戶:administor 域賬號:damin\user 組或用戶只能寫一個,如果是很過用戶那就把它們建個組授權 $user="users" #添加的權限可多項,見下圖 $right="ReadAndExecute","Write" #獲取路徑的現有權限配置 $acl = Get-Acl $path # 添加規則: $person = [System.Security.Principal.NTAccount]$user $access = [System.Security.AccessControl.FileSystemRights]$right #子目錄和文件都繼承 $inheritance = [System.Security.AccessControl.InheritanceFlags] "ObjectInherit,ContainerInherit" $propagation = [System.Security.AccessControl.PropagationFlags]"None" $type = [System.Security.AccessControl.AccessControlType]"Allow" $rule = New-Object System.Security.AccessControl.FileSystemAccessRule( $person,$access,$inheritance,$propagation,$type) $acl.AddAccessRule($rule) # 保存權限更新: Set-Acl $path $acl
如果下級文件夾禁止繼承父輩權限,上面的腳本不會報錯提示,但實際上沒有繼承,所以可以先執行下面的腳本開啟繼承父輩權限,然后再執行上面的腳本。
foreach($_ in (Get-ChildItem "D:\ss" -recurse)){ $inheritance = Get-Acl -path $_.fullname $inheritance.SetAccessRuleProtection($False,$True) set-acl -path $_.fullname -aclobject $inheritance }
ListDirectory
ReadData
WriteData
CreateFiles
CreateDirectories
AppendData
ReadExtendedAttributes
WriteExtendedAttributes
Traverse
ExecuteFile
DeleteSubdirectoriesAndFiles
ReadAttributes
WriteAttributes
Write
Delete
ReadPermissions
Read
ReadAndExecute
Modify
ChangePermissions
TakeOwnership
Synchronize
FullControl