背景介绍:
蛋疼客户Windows 2008 R2移除IUSR_LCHAS028针对文件夹和文件的写权限。如下:
1
| File "C:INETPUBWWWROOTESPjs iny_mcepluginssearchreplacelangs". User IUSR_LCHAS028 has wrong permissions: Full access. Must have no Write access.
|
一共好几千条的记录。。。
可以通过使用图形界面的权限管理来完成,但teamlead非要使用命令和脚本来实现(显得高大上?)
Boss发话了,只能开搞了...........
去Google上搜了下,有相关资料。。。使用命令icacls来实现。
=======================我是分割线===========================
写了个批处理脚本,如下:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
| ::#+-------------------------------------------------------------------+
::#| = : = : = : = : = : = : = : = : = : = : = : = : = : = : = : = : = |
::#|{>/-------------------------------------------------------------<}|
::#|: | Author: Anson Liu
::#| :| Email: liuzsz@cn.ibm.com/Anson.liu@live.com
::#| :| Date: 4:00:00 PM 1/15/2015
::#| :|
::#| :|
::#|: | Purpose:
::#| :| Backup, Remove, Restore the permission for folder and file.
::#|: |
::#|: |
::#| :| /^(o.o)^ Version: 1
::#|{>-------------------------------------------------------------/<}|
::#| = : = : = : = : = : = : = : = : = : = : = : = : = : = : = : = : = |
::#+-------------------------------------------------------------------+
cls
@ECHO OFF
CLS
color 0a
::set variable for path
set PATH=C:win ::change to the target path according your environment
set BACK_PERMISSION=c: ::change to the location for backup permission
GOTO MENU
:MENU
ECHO.
ECHO. =-=-=-=-=Manage the permission for folder and file=-=-=-=-=
ECHO.
ECHO. 1 Backup the permission
ECHO.
ECHO. 2 Remove the permission
ECHO.
ECHO. 3 Restore the permission
ECHO.
ECHO. 4 Exit
ECHO.
ECHO.
ECHO.
echo. Choose the number:
set /p ID=
if "%id%"=="1" goto cmd1
if "%id%"=="2" goto cmd2
if "%id%"=="3" goto cmd3
IF "%id%"=="4" exit
PAUSE
:cmd1
echo Backup the permission
c:windowssystem32icacls.exe %PATH%* /save %bACK_PERMISSION%win_backuppemission.txt /T
goto MENU
:cmd2
echo Remove the permission
c:windowssystem32icacls.exe %PATH% /remove chris /T
GOTO MENU
:cmd3
echo Restore the permission
c:windowssystem32icacls.exe %PATH% /restore %bACK_PERMISSION%win_backuppemission.txt
GOTO MENU
|
注意
::set variable
set PATH=C:win 设置为需要移除的文件夹
set BACK_PERMISSION=c: 这个为权限备份位置
c:windowssystem32icacls.exe %PATH%* /save %bACK_PERMISSION%win_backuppemission.txt /T
这条命令备份win文件夹及下面子文件夹和文件的权限。
c:windowssystem32icacls.exe %PATH% /remove chris /T
此条命令是移除Chris针对win文件夹,子文件夹及文件的所有权限。
c:windowssystem32icacls.exe %PATH% /restore %bACK_PERMISSION%win_backuppemission.txt
还原用户Chris对win文件夹,子文件夹及文件的权限。
======================other knowledge=======================
Using iCACLS - To edit a file you must already have the "Change" ACL (or be the file's owner)
- To use the iCACLS command to change the permissions of a file requires "FULL Control" (or be the file's owner)
- File "Ownership" will always override all ACL's - you always have Full Control over files that you create.
Inherited folder permissions are displayed as: OI - Object inherit - This folder and files. (no inheritance to subfolders) CI - Container inherit - This folder and subfolders. IO - Inherit only - The ACE does not apply to the current file/directoryThese can also be combined as folllows: (OI)(CI) This folder, subfolders, and files. (OI)(CI)(IO) Subfolders and files only. (CI)(IO) Subfolders only. (OI) (IO) Files only.So BUILTINAdministrators:(OI)(CI)F means that both files and Subdirectories will inherit 'F' (Fullcontrol)
similarly (CI)R means Directories will inherit 'R' (Read folders only = List permission) When cacls is applied to the current folder only there is no inheritance and so no output.
| 
QQ群⑧:
窥视卡
雷达卡
发表于 2015-1-16 08:54:45
提升卡
置顶卡
沉默卡
喧嚣卡
变色卡
千斤顶
显身卡