0

我需要创建一个脚本,它将对许多文件夹应用权限,根据文件夹名称具有不同的权限。有一个根文件夹共享,其中有一个代表每个客户端的文件夹。每个客户文件夹内都有一个部门文件夹。我需要通过安全组限制对每个部门文件夹的访问,以便只有属于该部门的人才能访问它们。

它看起来如下:

ROOT FOLDER SHARE  
|  
|-----CLIENT1 (everyone has access)  
|.......|------DEPARTMENT1 (only members of department1 have access)  
|.......|------DEPARTMENT2 (only members of department2 have access)  
|.......|------DEPARTMENT3 (only members of department3 have access)  
|  
|-----CLIENT2 (everyone has access)  
|.......|------DEPARTMENT1 (only members of department1 have access)  
|.......|------DEPARTMENT2 (only members of department2 have access)  
|.......|------DEPARTMENT3 (only members of department3 have access)  
|  
|-----CLIENT3 (everyone has access)  
........|------DEPARTMENT1 (only members of department1 have access)  
........|------DEPARTMENT2 (only members of department2 have access)  
........|------DEPARTMENT3 (only members of department3 have access)  

我不完全确定如何正确解决这个问题。有人可以帮我指出正确的方向吗?这是在运行具有活动目录设置的 Windows Server 2008 R2 的服务器上。

我目前拥有的看起来像这样(看起来很有效):

$Path = Read-Host "What is the starting path?"
$DirectoryName = Read-Host "What is the name of the directory?"
$SecurityGroup = Read-Host "What is the name of the security group that will be given permissions on these directories?"
$ListOfDirectories = Get-ChildItem $Path -Recurse | Where-Object { $_.PSIsContainer } | Where-Object { $_.name -eq $DirectoryName } | foreach-object -process { $_.FullName }

foreach ($directory in $ListOfDirectories) {
    icacls.exe $directory /grant ""$SecurityGroup":M" /t
}
4

1 回答 1

2

您可以使用 Set-ACL 命令通过 PowerShell 自动设置权限。

这里有一篇很好的文章可以帮助你完成这项任务......

http://technet.microsoft.com/en-us/magazine/2008.02.powershell.aspx

于 2013-11-14T10:06:20.400 回答