嗨,我正在跨服务器执行一些自动文件夹权限,并且我在远程计算机上创建了一个同名的组,我正在尝试授予组访问文件夹的权限,但 icacls 似乎不喜欢本地组,它可以'不要将它们添加到文件夹中...
例如它添加域\用户、域\组、内置\管理员很好
但是当我尝试 localmachine\localgroup 时会窒息......有什么想法吗?
我正在通过 powershell 执行此操作,但我认为这不应该是一个问题。我会得到 SID,但我猜这很棘手,因为我正在通过调用命令在远程机器上执行
有任何想法吗?
谢谢!
Try omitting the localmachine\ from localmachine\localgroup. You shouldn't need to specify the local computer name, when you're deploying the icacls command through PowerShell Remoting (specifically Invoke-Command). You might notice in the icacls help that it does not require the computer name as a prefix.
Examples:
icacls c:\windows\* /save AclFile /T
- Will save the ACLs for all files under c:\windows
and its subdirectories to AclFile.
icacls c:\windows\ /restore AclFile
- Will restore the Acls for every file within
AclFile that exists in c:\windows and its subdirectories.
icacls file /grant Administrator:(D,WDAC)
- Will grant the user Administrator Delete and Write DAC
permissions to file.
icacls file /grant *S-1-1-0:(D,WDAC)
- Will grant the user defined by sid S-1-1-0 Delete and
Write DAC permissions to file.