1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
| #网上找的现成的高级方法来enable继承关系
function Set-NTFSInheritance {
<#
.SYNOPSIS
Enable or Disable the NTFS permissions inheritance.
.DESCRIPTION
Enable or Disable the NTFS permissions inheritance on files and/or folders.
.EXAMPLE
$Folders = Get-Childitem -Path 'e:\homedirs' | Where-Object {$_.Attributes -eq 'Directory'}
$Folders | foreach {
$_ | Set-NTFSInheritance -Enable
}
.NOTES
Author : Jeff Wouters
Date : 8th of May 2014
#>
[cmdletbinding(defaultparametersetname='Enable')]
param (
[parameter(mandatory=$true,position=0,valuefrompipeline=$true,parametersetname='Enable')]
[parameter(mandatory=$true,position=0,valuefrompipeline=$true,parametersetname='Disable')]
$Path,
[parameter(mandatory=$false,parametersetname='Enable')][switch]$Enable,
[parameter(mandatory=$false,parametersetname='Disable')][switch]$Disable
)
begin {
} process {
$ACL = get-acl $_.FullName
switch ($PSCmdlet.ParameterSetName) {
'Enable' {
$ACL.SetAccessRuleProtection($false,$false)
}
'Disable' {
$ACL.SetAccessRuleProtection($true,$true)
}
}
try {
$ACL | Set-Acl -Passthru
} catch {
$_.Exception
}
} end {
}
}
#自己调用一下上面的方法,基本上就是三步走,第一个夺取所有权;第二打开继承关系;第三在最上面设置权限
function ChangePermission {
[cmdletbinding(defaultparametersetname='Enable')]
param (
[Parameter(Mandatory=$true)]
[string]
$path,
[Parameter(Mandatory=$true)]
[string]
$group
)
#Step 1: take over ownership
takeown.exe /f $path /r /d Y
#Step 2: enable inheritance for all subfolders
$Folders = Get-Childitem -Path $path -Recurse
$Folders | foreach {
$_ | Set-NTFSInheritance -Enable
}
#Step3: setup NTFS Modify permission from the parent folder
$perm2=':(OI)(CI)(M)'
write-host $path -ForegroundColor Cyan
icacls $path /grant "$($group)$perm2"
}
#最后调用函数即可
$parent="\\syd02\Creative TRACK\CLIENT FOLDERS\WESTPAC"
Get-ChildItem $parent | foreach {
$_.fullname
ChangePermission -path $_.FullName -group "Sydney Track Creative"
}
|