Powershell File Permission operations

Get access permissions for files or folders:

Get-Acl -Path <File or Folder Path> | Format-List

 

Modify File Access Permissions:

The set-ACL command is required to modify the file access permission. The-path parameter is used to specify the file path to be modified, and the-aclobject parameter is used to specify an object, which is equivalent to an ACL template, this ACL template specifies the user's permission to access resources. To set this object, you must call the "system. Security. accesscontrol. filesystemaccessrule" class.

1 $account = "test01win2k8r2\test"2    $FileSystemRights = "FullControl"3 4    $objType = [System.Security.AccessControl.AccessControlType]::Allow5    $accessRule = New-Object System.Security.AccessControl.FileSystemAccessRule ($account,$FileSystemRights,$objType)6    $Folder = "W:\Test\test.txt"7    $acl = Get-Acl $Folder8    $acl.SetAccessRule($accessRule)9    Set-Acl -Path $Folder -AclObject $acl

 

You can also use get-ACL to obtain the access permission of a file, and then modify another file to grant the same access permission:

Get-Acl "W:\Test\test01.txt" | Set-Acl -Path "W:\Test\test02.txt"

 

Modify folder Access Permissions:

Similar to modifying file access permissions, the set-ACL command is also used. When calling filesystemaccessrule, you can specify the parameters inheritanceflags and propagationflags to specify whether the access permission settings are inherited from the quilt file or subfolders:

Http://msdn.microsoft.com/en-us/library/system.security.accesscontrol.inheritanceflags.aspx

Http://msdn.microsoft.com/en-us/library/system.security.accesscontrol.propagationflags.aspx

 

 1  $account = "test01win2k8r2\test" 2    $FileSystemRights = "FullControl" 3    $InheritanceFlag = [System.Security.AccessControl.InheritanceFlags]::ObjectInherit 4    $PropagationFlag = [System.Security.AccessControl.PropagationFlags]::None 5    $objType = [System.Security.AccessControl.AccessControlType]::Allow 6    $accessRule = New-Object System.Security.AccessControl.FileSystemAccessRule ($account,$FileSystemRights,$InheritanceFlag,$PropagationFlag,$objType) 7    $Folder = "W:\Test\" 8    $acl = Get-Acl $Folder 9    $acl.SetAccessRule($accessRule)10    Set-Acl -Path $Folder -AclObject $acl

 

The above content can be used for reference from the Internet. Recently, a problem occurs because the user permissions granted to the website directory will be lost after a period of time, therefore, you can write a powershell script in the header to determine whether the folder user permission exists or not, so you can read the powershell documents and complete the learning notes of this series, complete the script to determine whether the folder permission does not exist. The complete script code is as follows:

1 echo "old rights" # display original folder permissions 2 $ Path = "E: \ test \ "# folder Path 3 $ rights =" builtin \ guests "# target user 4 (get-ACL-path $ PATH ). access | select-object-property identityreference # Show the permissions of the original folder 5 echo "" 6 echo "******************** * ******* "7 Echo" "8 Echo" "9 echo" result: "10 echo" "11 $ AA = (get-ACL-path $ PATH ). access | where-object-filterscript {$ _. identityreference-EQ $ Rights} # determine whether the permission is 12 if ($ AA-EQ $ null) {13 $ account = $ rights14 $ filesystemrights = "fullcontrol" 15 $ inheritanceflag = [system. security. accesscontrol. inheritanceflags]: objectinherit16 $ propagationflag = [system. security. accesscontrol. propagationflags]: none17 $ objtype = [system. security. accesscontrol. accesscontroltype]: allow18 19 $ accessrule = new-Object System. security. accesscontrol. filesystemaccessrule ($ account, $ filesystemrights, $ inheritanceflag, $ propagationflag, $ objtype) 20 $ folder = $ path21 $ ACL = Get-ACL $ folder22 $ ACL. setaccessrule ($ accessrule) 23 24 set-ACL-path $ folder-aclobject $ acl25 echo "success" 26} else {27 echo "existing Permissions" 28} 29 echo "" 30 echo "" 31 echo" * ************************* "32 33 echo" new rights "# output a new folder permission 34 echo "" 35 (get-ACL-path $ PATH ). access | select-object-property identityreference36 37