Permissions

通過 CSV 使用 Powershell 為文件夾分配組權限

  • August 4, 2020

我們正在研究一個新的許可概念。我們根據部門創建了不同的安全組。

例如:

Finance_List, Finance_Read, Finance_ReadWrite
Controlling_List, Controlling_Read, Controlling_ReadWrite
Planning_List, Planning_Read, Planning_ReadWrite

現在我正在尋找一個腳本來自動化在特定文件夾上設置 GroupPermissions 的過程。

範例:

Folder Finance

禁用繼承,然後設置新權限並將其替換為所有文件和子文件夾: Group Finance_List(列出文件夾)、Group Finance_Read(讀取)、Group Finance_ReadWrite(修改)

CSV 範例(文件夾路徑和每個文件夾的 3 個 GroupPermissions):

\\cifs\Finance;Finance_List;Finance_Read;Finance_ReadWrite

我有 300 個安全組和 100 個文件夾。

任何幫助將非常感激。

謝謝你!

以下內容應該可以滿足您的需求(確保 CSV 中的組與 AD 中的組名稱匹配,否則將無法正常工作):

$Folders = Import-Csv "C:\Scripts\Folders.csv" -Delimiter ";" -Header "Path","List","Read","ReadWrite"

ForEach ($F in $Folders) {
   $ACL = Get-Acl $F.Path

   # Set the first parameter to $true to disable inheritance
   # Set the second parameter to $false if you don't want to retain a copy the permissions to this folder.
   # Set the second parameter to $true if you want to retain a copy of the inherited permissions.
   $ACL.SetAccessRuleProtection($true, $true)

   # 'ReadData' grants List Folder / Read Data
   $List = New-object System.Security.AccessControl.FileSystemAccessRule($F.List,"ReadData","Allow")
   $ACL.SetAccessRule($List)

   # 'ReadAndExecute' grants Traverse Folder / Execute File
   # 'Read' only grants List Folder / Read Data
   $Read = New-object System.Security.AccessControl.FileSystemAccessRule($F.List,"ReadAndExecute","Allow")
   $ACL.SetAccessRule($Read)

   $ReadWrite = New-object System.Security.AccessControl.FileSystemAccessRule($F.ReadWrite,"Modify","Allow")
   $ACL.SetAccessRule($ReadWrite)

   $ACL | Set-Acl $F.Path
}

這個網站有很好的例子來說明如何在需要時修改它,以及各種訪問權限及其 Powershell 等效項的列表。 如何使用 PowerShell 腳本管理文件系統 ACL

引用自:https://serverfault.com/questions/960394