默认目录的权限是继承父目录的,你当然可以关闭它的继承和分配指定的权限。
下面例子创建了“PermissionNoInheritance”的文件夹,允许当前用户读取,同时管理员组获得其所有管理权限,并关闭它的继承。
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
|
# create folder
$Path = 'c:\PermissionNoInheritance'
$null = New-Item -Path $Path -ItemType Directory -ErrorAction SilentlyContinue
# get current permissions
$acl = Get-Acl -Path $path
# add a new permission for current user
$permission = $env:username, 'Read,Modify', 'ContainerInherit, ObjectInherit', 'None', 'Allow'
$rule = New-Object -TypeName System.Security.AccessControl.FileSystemAccessRule -ArgumentList $permission
$acl.SetAccessRule($rule)
# add a new permission for Administrators
$permission = 'Administrators', 'FullControl', 'ContainerInherit, ObjectInherit', 'None', 'Allow'
$rule = New-Object -TypeName System.Security.AccessControl.FileSystemAccessRule -ArgumentList $permission
$acl.SetAccessRule($rule)
# disable inheritance
$acl.SetAccessRuleProtection($true, $false)
# set new permissions
$acl | Set-Acl -Path $path
|