问题
I have an issue with setting an ACL to a folder using PowerShell. It seems I was able to get through my code without any errors, but the folder still does not appear in the Security properties of the folder. The other articles I looked at seemed to have answers, but then comments, if any, that it didn't work, and after trying what the answers suggested, it did not result in the group appearing in the System properties of the folder.
My script so far is as follows:
$domain="DOMAIN" $tldn="net"
$pathArr=@()
$pathArr+=$path1=Read-Host -Prompt "Enter first path"
$pathArr+=$path2=Read-Host -Prompt "Enter second path"
[int]$projectNumber=try { Read-Host -Prompt "Enter project number" } catch { Write-Host "Not a numeric value. Please try again."; exit }
[string]$mainFolder=[string]${projectNumber}+"_"+(Read-Host -Prompt "Please give the main folder name")
$projectNumberString=[string]$projectNumber
$projectName=Read-Host -Prompt "Please give the project name"
$fullProjectName="${projectNumberString}_${projectName}"
$pathArr+=$path3="$path1\$mainFolder"
$pathArr+=$path4="$path2\$mainFolder"
$pathArr+=$path5="$path3\$fullProjectName"
$pathArr+=$path6="$path4\$fullProjectName"
# Region: Create organizational units in Active Directory
# Names
$ouN1="XYZOU"
$ouN2="ABCOU"
# Paths
$ouP0="DC=$domain,DC=$tldn"
$ouP1="OU=$ouN1,$ouP0"
$ouP2="OU=$ouN2,$ouP1"
Write-Host "Checking for required origanization units..."
try
{
New-ADOrganizationalUnit -Name $ouN1 -Path $ouP1
New-ADOrganizationalUnit -Name $ouN2 -Path $ouP2
}
catch
{
Out-Null
}
EDIT
As per Mickey's comment, I added this code to test the path of $path6'
if ( Test-Path -Path "$path6" )
{
Write-Host "$path6"
Write-Host "Path exists."
}
else
{
Write-Host "Path does not exist."
}
The result was that the path wrote to the host and said Path exists..
Write-Host "Creating AD Group..."
[string]$group="BEST_${projectNumberString}"
$groupdomain="$domain\$group"
$ADGroupParams= @{
'Name' = "$group"
'SamAccountName' = "$group"
'GroupCategory' = "Security"
'GroupScope' = "Global"
'DisplayName' = "$group"
'Path' = "OU=MyBusinessOU,DC=$domain,DC=$tldn"
'Description' = "Test share"
}
$secgroup=New-ADGroup @ADGroupParams
# Region: Set permissions
Write-Host "Setting permissions..."
# get permissions
$acl = Get-Acl -Path $path6
# add a new permission
$InheritanceFlags=[System.Security.AccessControl.InheritanceFlags]”ContainerInherit, ObjectInherit”
$FileSystemAccessRights=[System.Security.AccessControl.FileSystemRights]"Traverse","Executefile","ListDirectory","ReadData", "ReadAttributes", "ReadExtendedAttributes","CreateFiles","WriteData", 'ContainerInherit, ObjectInherit', "CreateDirectories","AppendData", "WriteAttributes", "WriteExtendedAttributes", "DeleteSubdirectoriesAndFiles", "ReadPermissions"
$InheritanceFlags=[System.Security.AccessControl.InheritanceFlags]”ContainerInherit, ObjectInherit”
$PropagationFlags=[System.Security.AccessControl.PropagationFlags]”None”
$AccessControl=[System.Security.AccessControl.AccessControlType]”Allow”
$permission = "$groupdomain", "$InheritanceFlags", "$PropagationFlags", "$AccessControl"
$rule = New-Object -TypeName System.Security.AccessControl.FileSystemAccessRule -ArgumentList $permission
$acl.SetAccessRule($rule)
# set new permissions
$acl | Set-Acl -Path $path6
I tried Set-Acl -ACLObject:$acl -Path:$path6 and that didn't work either.
Again, I am not getting any errors at all.
I am running PowerShell 4.0 in PowerShell ISE on Windows Server 2012 R2. I am logged in as Administrator.
If you have any ideas, I am open to them. To be clear, my goal is to add the $groupdomain to a folder called path6, and have the ACLs outlined here applied to that group.
Thank you for your help in advance.
来源:https://stackoverflow.com/questions/44236752/powershell-acl-not-applying