#本脚本会对一个路径及其下的目录和文件添加一样的权限 $path="D:file_T" #本地的用户或组直接写入组:users 用户:administor 域账号:daminuser 组或用户只能写一个,如果是很过用户那就把它们建个组授权 $user="users" #添加的权限可多项,见下图 $right="ReadAndExecute","Write" #获取路径的现有权限配置 $acl = Get-Acl $path # 添加规则: $person = [System.Security.Principal.NTAccount]$user $access = [System.Security.AccessControl.FileSystemRights]$right #子目录和文件都继承 $inheritance = [System.Security.AccessControl.InheritanceFlags] "ObjectInherit,ContainerInherit" $propagation = [System.Security.AccessControl.PropagationFlags]"None" $type = [System.Security.AccessControl.AccessControlType]"Allow" $rule = New-Object System.Security.AccessControl.FileSystemAccessRule( $person,$access,$inheritance,$propagation,$type) $acl.AddAccessRule($rule) # 保存权限更新: Set-Acl $path $acl
如果下级文件夹禁止继承父辈权限,上面的脚本不会报错提示,但实际上没有继承,所以可以先执行下面的脚本开启继承父辈权限,然后再执行上面的脚本。
foreach($_ in (Get-ChildItem "D:ss" -recurse)){ $inheritance = Get-Acl -path $_.fullname $inheritance.SetAccessRuleProtection($False,$True) set-acl -path $_.fullname -aclobject $inheritance }
ListDirectory
ReadData
WriteData
CreateFiles
CreateDirectories
AppendData
ReadExtendedAttributes
WriteExtendedAttributes
Traverse
ExecuteFile
DeleteSubdirectoriesAndFiles
ReadAttributes
WriteAttributes
Write
Delete
ReadPermissions
Read
ReadAndExecute
Modify
ChangePermissions
TakeOwnership
Synchronize
FullControl