默认目录的权限是继承父目录的,你当然可以关闭它的继承和分配指定的权限。
下面例子创建了“PermissionNoInheritance”的文件夹,允许当前用户读取,同时管理员组获得其所有管理权限,并关闭它的继承。
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
|
# create folder
$Path = 'c:\PermissionNoInheritance'
$null = New-Item -Path $Path -ItemType Directory -ErrorAction SilentlyContinue
# get current permissions
$acl = Get-Acl -Path $path
# add a new permission for current user
$permission = $ env :username, 'Read,Modify' , 'ContainerInherit, ObjectInherit' , 'None' , 'Allow'
$rule = New-Object -TypeName System.Security.AccessControl.FileSystemAccessRule -ArgumentList $permission
$acl.SetAccessRule($rule)
# add a new permission for Administrators
$permission = 'Administrators' , 'FullControl' , 'ContainerInherit, ObjectInherit' , 'None' , 'Allow'
$rule = New-Object -TypeName System.Security.AccessControl.FileSystemAccessRule -ArgumentList $permission
$acl.SetAccessRule($rule)
# disable inheritance
$acl.SetAccessRuleProtection($ true , $ false )
# set new permissions
$acl | Set-Acl -Path $path
|