Powershell File Permission operations

Source: Internet
Author: User

Get access permissions for files or folders:

Get-Acl -Path <File or Folder Path> | Format-List

 

Modify File Access Permissions:

The set-ACL command is required to modify the file access permission. The-path parameter is used to specify the file path to be modified, and the-aclobject parameter is used to specify an object, which is equivalent to an ACL template, this ACL template specifies the user's permission to access resources. To set this object, you must call the "system. Security. accesscontrol. filesystemaccessrule" class.

1 $account = "test01win2k8r2\test"2    $FileSystemRights = "FullControl"3 4    $objType = [System.Security.AccessControl.AccessControlType]::Allow5    $accessRule = New-Object System.Security.AccessControl.FileSystemAccessRule ($account,$FileSystemRights,$objType)6    $Folder = "W:\Test\test.txt"7    $acl = Get-Acl $Folder8    $acl.SetAccessRule($accessRule)9    Set-Acl -Path $Folder -AclObject $acl

 

You can also use get-ACL to obtain the access permission of a file, and then modify another file to grant the same access permission:

Get-Acl "W:\Test\test01.txt" | Set-Acl -Path "W:\Test\test02.txt"

 

Modify folder Access Permissions:

Similar to modifying file access permissions, the set-ACL command is also used. When calling filesystemaccessrule, you can specify the parameters inheritanceflags and propagationflags to specify whether the access permission settings are inherited from the quilt file or subfolders:

Http://msdn.microsoft.com/en-us/library/system.security.accesscontrol.inheritanceflags.aspx

Http://msdn.microsoft.com/en-us/library/system.security.accesscontrol.propagationflags.aspx

 

 1  $account = "test01win2k8r2\test" 2    $FileSystemRights = "FullControl" 3    $InheritanceFlag = [System.Security.AccessControl.InheritanceFlags]::ObjectInherit 4    $PropagationFlag = [System.Security.AccessControl.PropagationFlags]::None 5    $objType = [System.Security.AccessControl.AccessControlType]::Allow 6    $accessRule = New-Object System.Security.AccessControl.FileSystemAccessRule ($account,$FileSystemRights,$InheritanceFlag,$PropagationFlag,$objType) 7    $Folder = "W:\Test\" 8    $acl = Get-Acl $Folder 9    $acl.SetAccessRule($accessRule)10    Set-Acl -Path $Folder -AclObject $acl

 


The above content can be used for reference from the Internet. Recently, a problem occurs because the user permissions granted to the website directory will be lost after a period of time, therefore, you can write a powershell script in the header to determine whether the folder user permission exists or not, so you can read the powershell documents and complete the learning notes of this series, complete the script to determine whether the folder permission does not exist. The complete script code is as follows:
1 echo "old rights" # display original folder permissions 2 $ Path = "E: \ test \ "# folder Path 3 $ rights =" builtin \ guests "# target user 4 (get-ACL-path $ PATH ). access | select-object-property identityreference # Show the permissions of the original folder 5 echo "" 6 echo "******************** * ******* "7 Echo" "8 Echo" "9 echo" result: "10 echo" "11 $ AA = (get-ACL-path $ PATH ). access | where-object-filterscript {$ _. identityreference-EQ $ Rights} # determine whether the permission is 12 if ($ AA-EQ $ null) {13 $ account = $ rights14 $ filesystemrights = "fullcontrol" 15 $ inheritanceflag = [system. security. accesscontrol. inheritanceflags]: objectinherit16 $ propagationflag = [system. security. accesscontrol. propagationflags]: none17 $ objtype = [system. security. accesscontrol. accesscontroltype]: allow18 19 $ accessrule = new-Object System. security. accesscontrol. filesystemaccessrule ($ account, $ filesystemrights, $ inheritanceflag, $ propagationflag, $ objtype) 20 $ folder = $ path21 $ ACL = Get-ACL $ folder22 $ ACL. setaccessrule ($ accessrule) 23 24 set-ACL-path $ folder-aclobject $ acl25 echo "success" 26} else {27 echo "existing Permissions" 28} 29 echo "" 30 echo "" 31 echo" * ************************* "32 33 echo" new rights "# output a new folder permission 34 echo "" 35 (get-ACL-path $ PATH ). access | select-object-property identityreference36 37

 

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.