问题
I need a script or simple powershell code for removing all permissions to a folder for specific user, by inheriting these deletion to all the subfolders and files as well - recursively... Thank you in advance!
回答1:
$acl=get-acl c:\temp
$accessrule = New-Object system.security.AccessControl.FileSystemAccessRule("domain\user","Read",,,"Allow")
$acl.RemoveAccessRuleAll($accessrule)
Set-Acl -Path "c:\temp" -AclObject $acl
this should wipe all security rules for user in c:\temp recursively
回答2:
i think the simplier way to do this is to copy acl from a file or folder that have the correct permissions and apply it to the folder where you want specific access. example:
$acl= get-acl /path/to/file_with_correct acl
$files= get-childItem c:\temp\*.* -recurce |set-acl -aclobject $acl -whatif
remove the -whatif parameter to effectively modify acl
Or follow this technet article and use a code like :
$Right = [System.Security.AccessControl.FileSystemRights]"Read"
$InheritanceFlag = [System.Security.AccessControl.InheritanceFlags]::None
$PropagationFlag = [System.Security.AccessControl.PropagationFlags]::InheritOnly
$objType =[System.Security.AccessControl.AccessControlType]::Allow
$objUser = New-Object System.Security.Principal.NTAccount("domain\bob")
$objACE = New-Object System.Security.AccessControl.FileSystemAccessRule `
($objUser, $Right, $InheritanceFlag, $PropagationFlag, $objType)
$objACL = Get-ACL "d:\test"
$objACL.RemoveAccessRuleAll($objACE)
Set-ACL "d:\test" -aclobject $objACL
来源:https://stackoverflow.com/questions/13513863/powershell-remove-all-permissions-on-a-folder-for-a-specific-user