[英]Exception calling "SetAccessRule" with "1" argument(s) ::: Powershell Error
I get an error with my Powershell script where I am trying to give a folder "Total Control".我的 Powershell 脚本出现错误,我试图在其中提供一个文件夹“Total Control”。 I can give Total Control to a Domain/Users account, but I can't seem to get it to work for a ComputerName\Users account.
我可以将完全控制权授予域/用户帐户,但我似乎无法让它为 ComputerName\Users 帐户工作。 This is important to allow other software being installed to work on various computers in our organization (they all have a ComputerName\Users account in the Security tab).
这对于允许正在安装的其他软件在我们组织中的各种计算机上运行非常重要(它们在“安全”选项卡中都有一个 ComputerName\Users 帐户)。 I want to give Total Control to [ComputerName\Users] account.
我想将总控制权授予 [ComputerName\Users] 帐户。
Screenprint below shows DomainUsers/Account my script could create, and below it the ComputerName\Account I can't reference in any way to give Total Control -- In this example, "Users(OHAIBMG00B7KP\Users)", triggers an error.下面的屏幕图显示了我的脚本可以创建的 DomainUsers/Account,在它下面的 ComputerName\Account 我无法以任何方式引用来给予完全控制——在本例中,“Users(OHAIBMG00B7KP\Users)”会触发错误。
This script works to create Account and Total Control permissions for a folder此脚本用于为文件夹创建帐户和总控制权限
$directory = "C:\Program Files (x86)\CAREWare"
$domainName = "DHS"
$group = 'Domain Users'
$inherit = [system.security.accesscontrol.InheritanceFlags]"ContainerInherit, ObjectInherit"
$propagation = [system.security.accesscontrol.PropagationFlags]"None"
$acl = (Get-Item $directory).GetAccessControl("Access")
$user = "{0}\{1}" -f "$domainName", $group
$user.trim()
$access = "FullControl"
$accessType = "Allow"
$accessRule = New-Object System.Security.AccessControl.FileSystemAccessRule -ArgumentList @("$user","$access", "$inherit", "$propagation", "$accessType")
$acl.SetAccessRule($accessRule)
set-acl $directory $acl
This is the error when I try to change the three lines below to reference ComputerName\Users.这是当我尝试将下面的三行更改为引用 ComputerName\Users 时出现的错误。
$directory = "C:\Program Files (x86)\CAREWare"
$domainName = $env:computername
$group = 'Users'
Exception calling "SetAccessRule" with "1" argument(s): "Some or all identity references could not be translated."
At line:1 char:1
+ $acl.SetAccessRule($accessRule)
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [], MethodInvocationException
+ FullyQualifiedErrorId : IdentityNotMappedException
I can't seem to get PowerShell to find and return anything about the ComputerName\Users group, but it is there in the Security Tab of the Folder Properties.我似乎无法让 PowerShell 找到并返回有关 ComputerName\Users 组的任何信息,但它位于文件夹属性的安全选项卡中。
Whe searching for the error message Some or all identity references could not be translated
similar questions have been asked here , here and here where the answers were that you have to use the SID instead of COMPUTER\\Users
when creating the FileSystemAccessRule
. 在搜索错误消息时, 在 此处 , 此处和此处已经提出了
Some or all identity references could not be translated
类似问题,这些问题的答案是在创建FileSystemAccessRule
时必须使用SID而不是COMPUTER\\Users
。 The SID can be retrieved via GetPrinicpalBySamAccountName
. 可以通过
GetPrinicpalBySamAccountName
检索SID。
Per my tests, you must use "BUILTIN\\Users"<\/code> instead of
"computerName\\Users"<\/code> .
根据我的测试,您必须使用
"BUILTIN\\Users"<\/code>而不是
"computerName\\Users"<\/code> 。
Example below works for me:下面的例子对我有用:
$nvsFolder = "C:\ProgramData\folder"
$Acl = Get-Acl $nvsFolder
$Ar = New-Object System.Security.AccessControl.FileSystemAccessRule("BUILTIN\Users", "FullControl", "ContainerInherit,ObjectInherit", "None", "Allow")
$Acl.SetAccessRule($Ar)
Set-Acl $nvsFolder $Acl
I know this is a really old thread but the solutions is removing the inheritance and propagation from your access rule for files.我知道这是一个非常古老的线程,但解决方案是删除 inheritance 并从您的文件访问规则中传播。
For Folders:对于文件夹:
$AccessRule = New-Object System.Security.AccessControl.FileSystemAccessRule($Identity, $rights, $inheritance, $propagation, $accessControl) $AccessRule = 新对象 System.Security.AccessControl.FileSystemAccessRule($Identity, $rights, $inheritance, $propagation, $accessControl)
For Files:对于文件:
$AccessRule = New-Object System.Security.AccessControl.FileSystemAccessRule($Identity, $rights, $accessControl) $AccessRule = 新对象 System.Security.AccessControl.FileSystemAccessRule($Identity, $rights, $accessControl)
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.