PowerShell:删除所有用户对目录的所有权限
[英]PowerShell: Remove all permissions on a directory for all users
问题描述
I have to remove all permissions on a directory (and its subdirectories and files) for all ordinary users (ie non-administrators). 
我必须删除所有普通用户(即非管理员)对目录(及其子目录和文件)的所有权限。
I have tried to the following in PowerShell, but nothing happened: 我已经尝试在PowerShell中进行以下操作,但没有任何反应:
New-Item "C:\Test" -type Directory
$acl=get-acl "C:\Test"
$inherit=[system.security.accesscontrol.InheritanceFlags]"ContainerInherit,ObjectInherit"
$propagation=[system.security.accesscontrol.Propagation]"None"
$ar=New-Object system.security.accesscontrol.FileSystemAccessRule("Users","FullControl",$inherit,$propagation,"Allow")
$acl.RemoveAccessRuleAll($ar)
Set-Acl "C:\Test" $acl
If I try with $env:computername\\Users (instead of just Users ) I get the following error: Exception calling "RemoveAccessRuleAll" with "1" argument(s): "Some or all identity references could not be translated. " 如果我尝试使用$env:computername\\Users (而不是Users ), Exception calling "RemoveAccessRuleAll" with "1" argument(s): "Some or all identity references could not be translated.出现以下错误: Exception calling "RemoveAccessRuleAll" with "1" argument(s): "Some or all identity references could not be translated. ”
What identity do I have to pass in order to identify all users? 为了识别所有用户,我必须传递什么身份?
2 个解决方案
解决方案1
3 2012-07-14 01:17:18
This will do it: 这样做:
function AddNTFSPermissions($path, $object, $permission) {
$FileSystemRights = [System.Security.AccessControl.FileSystemRights]$permission
$InheritanceFlag = [System.Security.AccessControl.InheritanceFlags]"ContainerInherit, ObjectInherit"
$PropagationFlag = [System.Security.AccessControl.PropagationFlags]"None"
$AccessControlType =[System.Security.AccessControl.AccessControlType]::Allow
$Account = New-Object System.Security.Principal.NTAccount($object)
$FileSystemAccessRule = New-Object System.Security.AccessControl.FileSystemAccessRule($Account, $FileSystemRights, $InheritanceFlag, $PropagationFlag, $AccessControlType)
$DirectorySecurity = Get-ACL $path
$DirectorySecurity.AddAccessRule($FileSystemAccessRule)
Set-ACL $path -AclObject $DirectorySecurity
}
function RemoveNTFSPermissions($path, $object, $permission) {
$FileSystemRights = [System.Security.AccessControl.FileSystemRights]$permission
$InheritanceFlag = [System.Security.AccessControl.InheritanceFlags]"ContainerInherit, ObjectInherit"
$PropagationFlag = [System.Security.AccessControl.PropagationFlags]"None"
$AccessControlType =[System.Security.AccessControl.AccessControlType]::Allow
$Account = New-Object System.Security.Principal.NTAccount($object)
$FileSystemAccessRule = New-Object System.Security.AccessControl.FileSystemAccessRule($Account, $FileSystemRights, $InheritanceFlag, $PropagationFlag, $AccessControlType)
$DirectorySecurity = Get-ACL $path
$DirectorySecurity.RemoveAccessRuleAll($FileSystemAccessRule)
Set-ACL $path -AclObject $DirectorySecurity
}
function RemoveInheritance($path) {
$isProtected = $true
$preserveInheritance = $true
$DirectorySecurity = Get-ACL $path
$DirectorySecurity.SetAccessRuleProtection($isProtected, $preserveInheritance)
Set-ACL $path -AclObject $DirectorySecurity
}
# Create folder
$Path = "C:\Test"
New-Item $Path -Type Directory
# Remove permissions
RemoveInheritance $Path
RemoveNTFSPermissions $Path "Authenticated Users" "Modify, ChangePermissions"
RemoveNTFSPermissions $Path "Users" "Modify, ChangePermissions"
解决方案2
0 2012-07-13 06:37:21
First do you really try with : 首先,您是否真的尝试:
$($env:computername\Users)
Can you try : 你能试一下吗 :
$(WinNT://WORKGROUP/$env:computername/Utilisateurs)
Have a look to : 看看:
$obj = [ADSI]"WinNT://$env:COMPUTERNAME"
$obj.children | where {$_.name -eq "users"} | fl *
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.