通过powershell获得文件夹权限

时间:2013-02-22 09:03:20

标签: active-directory powershell-v2.0 file-permissions user-permissions

我试图在AD中为新创建的用户设置一些权限。 创建文件夹后,我尝试设置各种权限:

$Rights = [System.Security.AccessControl.FileSystemRights]::FullControl
$Inherit = @([System.Security.AccessControl.InheritanceFlags]::ContainerInherit,[System.Security.AccessControl.InheritanceFlags]::ObjectInherit)
$Propagation = [System.Security.AccessControl.PropagationFlags]::None
$Access =[System.Security.AccessControl.AccessControlType]::Allow
$ACL = New-Object System.Security.Principal.NTAccount "localdomain\$userprincipalname"
$objACE = New-Object System.Security.AccessControl.FileSystemAccessRule($ACL, $Rights, $Inherit, $Propagation, $Access)                     
$ACL = Get-Acl -Path $userDir
$ACL.AddAccessRule($objACE) 
Set-ACL -Path $userDir -AclObject $ACL

我得到的错误与我传递给AddAccessRule

的参数有关 
Exception calling "AddAccessRule" with "1" argument(s): "Some or all identity references could not be translated."
+ CategoryInfo          : NotSpecified: (:) [], MethodInvocationException
+ FullyQualifiedErrorId : DotNetMethodException

但我在这里看不到任何错误,所以我真的很感激另一双眼睛。

1 个答案:

答案 0 :(得分:2)

好的,所以我的解决方案有效,据我所知,是设置文件夹权限的方法。

$Rights = [System.Security.AccessControl.FileSystemRights]::FullControl
$Inherit = @([System.Security.AccessControl.InheritanceFlags]::ContainerInherit,[System.Security.AccessControl.InheritanceFlags]::ObjectInherit)
$Propagation = [System.Security.AccessControl.PropagationFlags]::None
$Access =[System.Security.AccessControl.AccessControlType]::Allow
$ACL = New-Object System.Security.Principal.NTAccount "localdomain\$userprincipalname"
$objACE = New-Object System.Security.AccessControl.FileSystemAccessRule($ACL, $Rights,$Inherit, $Propagation, $Access)                     
$ACL = Get-Acl -Path $userDir
$ACL.AddAccessRule($objACE) 
Set-ACL -Path $userDir -AclObject $ACL
相关问题
最新问题