下面的代码很好地设置了域管理员组。但是,我还需要在我的文件夹上设置本地管理员 [COMPUTER-NAME\Administrators] 组。
function Set-DirACLs
{
# Gets the names of the directories in the directory and adds them to an array.
$dircount = Get-ChildItem $UV | foreach-object -process { $_.FullName }
$cname = $env:computername
$localadmin = "$cname\" + "Administrators"
$userlist = @("MYDOMAIN\Domain Admins", $localadmin)
#Loops through the directories and sets the ACL on each.
foreach($folder in $dircount)
{
#Print some info to the console so we don't mistake the script being stuck.
Write-Host "Editing ACL for $folder "
Write-Host "Standby "
Write-Host $localadmin
$InheritanceFlag = [System.Security.AccessControl.InheritanceFlags]::ContainerInherit -bor [System.Security.AccessControl.InheritanceFlags]::ObjectInherit
$PropagationFlag = [System.Security.AccessControl.PropagationFlags]::none
$colRights = [System.Security.AccessControl.FileSystemRights]"FullControl"
$objType =[System.Security.AccessControl.AccessControlType]::Allow
$ACL = Get-Acl $folder
$folder = (convert-path $ACL.pspath)
$acl.SetAccessRuleProtection($True, $False)
#Now we have to iterate over the users in userlist for each directory.
foreach($user in $userlist)
{
$objUser = New-Object System.Security.Principal.NTAccount($user)
$rule = New-Object System.Security.AccessControl.FileSystemAccessRule($objUser, $colRights, $InheritanceFlag,$PropagationFlag, $objType)
$ACL.AddAccessRule($rule)
Set-Acl $folder $ACL
}
}
}
但是我不断收到此错误,无论我如何更改 $localadmin 变量以连接计算机名 + \Administrators 我都会收到此错误
Exception calling "AddAccessRule" with "1" argument(s): "Some or all identity references could not be translated."
这让我发疯了!!