我需要创建一个脚本,它将对许多文件夹应用权限,根据文件夹名称具有不同的权限。有一个根文件夹共享,其中有一个代表每个客户端的文件夹。每个客户文件夹内都有一个部门文件夹。我需要通过安全组限制对每个部门文件夹的访问,以便只有属于该部门的人才能访问它们。
它看起来如下:
ROOT FOLDER SHARE
|
|-----CLIENT1 (everyone has access)
|.......|------DEPARTMENT1 (only members of department1 have access)
|.......|------DEPARTMENT2 (only members of department2 have access)
|.......|------DEPARTMENT3 (only members of department3 have access)
|
|-----CLIENT2 (everyone has access)
|.......|------DEPARTMENT1 (only members of department1 have access)
|.......|------DEPARTMENT2 (only members of department2 have access)
|.......|------DEPARTMENT3 (only members of department3 have access)
|
|-----CLIENT3 (everyone has access)
........|------DEPARTMENT1 (only members of department1 have access)
........|------DEPARTMENT2 (only members of department2 have access)
........|------DEPARTMENT3 (only members of department3 have access)
我不完全确定如何正确解决这个问题。有人可以帮我指出正确的方向吗?这是在运行具有活动目录设置的 Windows Server 2008 R2 的服务器上。
我目前拥有的看起来像这样(看起来很有效):
$Path = Read-Host "What is the starting path?"
$DirectoryName = Read-Host "What is the name of the directory?"
$SecurityGroup = Read-Host "What is the name of the security group that will be given permissions on these directories?"
$ListOfDirectories = Get-ChildItem $Path -Recurse | Where-Object { $_.PSIsContainer } | Where-Object { $_.name -eq $DirectoryName } | foreach-object -process { $_.FullName }
foreach ($directory in $ListOfDirectories) {
icacls.exe $directory /grant ""$SecurityGroup":M" /t
}