powershell 删除特定用户对文件夹的所有权限

Question

我需要一个脚本或简单的 powershell 代码来删除特定用户对文件夹的所有权限，方法是将这些删除继承到所有子文件夹和文件 - 递归......提前谢谢！

Answer 1

 $acl=get-acl c:\temp
 $accessrule = New-Object system.security.AccessControl.FileSystemAccessRule("domain\user","Read",,,"Allow")
 $acl.RemoveAccessRuleAll($accessrule)
 Set-Acl -Path "c:\temp" -AclObject $acl

this should wipe all security rules for user in c:\\temp recursively

Answer 2

i think the simpler way to do this is to copy acl from a file or folder that have the correct permissions and apply it to the folder where you want specific access. example:

$acl= get-acl /path/to/file_with_correct acl 
$files = get-childItem c:\temp\*.* -recurce | set-acl -aclobject $acl -whatif

remove the -whatif parameter to effectively modify acl

Or follow this technet article and use a code like :

$Right = [System.Security.AccessControl.FileSystemRights]::Read
$InheritanceFlag = [System.Security.AccessControl.InheritanceFlags]::None 
$PropagationFlag = [System.Security.AccessControl.PropagationFlags]::InheritOnly  
$objType = [System.Security.AccessControl.AccessControlType]::Allow 

$objUser = New-Object System.Security.Principal.NTAccount("domain\bob") 
$objACE = New-Object System.Security.AccessControl.FileSystemAccessRule `
    ($objUser, $Right, $InheritanceFlag, $PropagationFlag, $objType) 
$objACL = Get-ACL "d:\test" 
$objACL.RemoveAccessRuleAll($objACE) 
Set-ACL "d:\test" -AclObject $objACL