PowerShell Set-Acl New-Object：無法找到「FileSystemAccessRule」的重載和參數計數：「4」

我計算出我的腳本中創建目錄名的所有部分，根據預定義的目錄創建目錄結構，根據附加到硬編碼名稱的項目編號創建AD組，然後將該組添加到特定目錄，並設置該組的ACL。PowerShell Set-Acl New-Object：無法找到「FileSystemAccessRule」的重載和參數計數：「4」

我似乎無法繞過錯誤：

New-Object : Cannot find an overload for "FileSystemAccessRule" and the argument count: "4".

下面是腳本：

$domain="DOMAIN" 
    $tldn="net" 

    [email protected]() 
    $pathArr+=$path1=Read-Host -Prompt "Enter first path" 
    $pathArr+=$path2=Read-Host -Prompt "Enter second path" 
    [int]$projectNumber=try { Read-Host -Prompt "Enter project number" } catch { Write-Host "Not a numeric value. Please try again."; exit } 
    [string]$mainFolder=[string]${projectNumber}+"_"+(Read-Host -Prompt "Please give the main folder name") 
    $projectNumberString=[string]$projectNumber 
    $projectName=Read-Host -Prompt "Please give the project name" 
    $fullProjectName="${projectNumberString}_${projectName}" 
    $pathArr+=$path3="$path1\$mainFolder" 
    $pathArr+=$path4="$path2\$mainFolder" 
    $pathArr+=$path5="$path3\$fullProjectName" 
    $pathArr+=$path6="$path4\$fullProjectName" 

    # Region: Create organizational units in Active Directory 
    # Names 
    $ouN1="XYZOU" 
    $ouN2="ABCOU" 

    # Paths 
    $ouP0="DC=$domain,DC=$tldn" 
    $ouP1="OU=$ouN1,$ouP0" 
    $ouP2="OU=$ouN2,$ouP1" 

    Write-Host "Checking for required origanization units..." 
    try 
    { 
     New-ADOrganizationalUnit -Name $ouN1 -Path $ouP1 
     New-ADOrganizationalUnit -Name $ouN2 -Path $ouP2 

    } 
    catch 
    { 
     Out-Null 
    } 

    Write-Host "Creating AD Group..." 
    [string]$group="BEST_${projectNumberString}" 
    $groupdomain="$domain\$group" 

    $ADGroupParams= @{ 
     'Name' = "$group" 
     'SamAccountName' = "$group" 
     'GroupCategory' = "Security" 
     'GroupScope' = "Global" 
     'DisplayName' = "$group" 
     'Path' = "OU=MyBusinessOU,DC=$domain,DC=$tldn" 
     'Description' = "Test share" 
    } 
    $secgroup=New-ADGroup @ADGroupParams 

    # Region: Set permissions 
    Write-Host "Setting permissions..." 

    # get permissions 
    $acl = Get-Acl -Path $path6 

    # add a new permission 
    $InheritanceFlags=[System.Security.AccessControl.InheritanceFlags]」ContainerInherit, ObjectInherit」 
    $FileSystemAccessRights=[System.Security.AccessControl.FileSystemRights]"Traverse","Executefile","ListDirectory","ReadData", "ReadAttributes", "ReadExtendedAttributes","CreateFiles","WriteData", 'ContainerInherit, ObjectInherit', "CreateDirectories","AppendData", "WriteAttributes", "WriteExtendedAttributes", "DeleteSubdirectoriesAndFiles", "ReadPermissions" 
    $InheritanceFlags=[System.Security.AccessControl.InheritanceFlags]」ContainerInherit, ObjectInherit」 
    $PropagationFlags=[System.Security.AccessControl.PropagationFlags]」None」 
    $AccessControl=[System.Security.AccessControl.AccessControlType]」Allow」 
    $permission = "$groupdomain", "$InheritanceFlags", "$PropagationFlags", "$AccessControl" 
    $rule = New-Object -TypeName System.Security.AccessControl.FileSystemAccessRule -ArgumentList $permission 
    $acl.SetAccessRule($rule) 

    # set new permissions 
    $acl | Set-Acl -Path $path6

同樣，我試圖在做什麼，我通常會做手工在Active Directory Windows環境

創建AD組
組添加到共享
設置權限的組
這個腳本不會將用戶添加到組

最後一個，也是最後一步是設置權限;不幸的是，當我運行該腳本時，更改語法或方法（以下是幾篇在線文章的示例），並花費了數小時的時間，但我只是沒有取得進展。唯一的進步是它不能超載的數字從18減少到4.

感謝您提前給予的幫助！

編輯

我修改每一個註釋腳本指出，我錯過了$FileSystemAccessRights說法。

的$permission變量改爲：

$permission = "$groupdomain", "$FileSystemAccessRights", "$InheritanceFlags", "$PropagationFlags", "$AccessControl"

我仍然得到這樣的輸出：

New-Object : Cannot convert argument "1", with value: "ExecuteFile Executefile ListDirectory ReadData ReadAttributes 
ReadExtendedAttributes CreateFiles WriteData ContainerInherit, ObjectInherit CreateDirectories AppendData WriteAttributes 
WriteExtendedAttributes DeleteSubdirectoriesAndFiles ReadPermissions", for "FileSystemAccessRule" to type 
"System.Security.AccessControl.FileSystemRights": "Cannot convert value "ExecuteFile Executefile ListDirectory ReadData 
ReadAttributes ReadExtendedAttributes CreateFiles WriteData ContainerInherit, ObjectInherit CreateDirectories AppendData 
WriteAttributes WriteExtendedAttributes DeleteSubdirectoriesAndFiles ReadPermissions" to type 
"System.Security.AccessControl.FileSystemRights". Error: "Unable to match the identifier name ExecuteFile Executefile ListDirectory 
ReadData ReadAttributes ReadExtendedAttributes CreateFiles WriteData ContainerInherit, ObjectInherit CreateDirectories AppendData 
WriteAttributes WriteExtendedAttributes DeleteSubdirectoriesAndFiles ReadPermissions to a valid enumerator name. Specify one of the 
following enumerator names and try again: ListDirectory, ReadData, WriteData, CreateFiles, CreateDirectories, AppendData, 
ReadExtendedAttributes, WriteExtendedAttributes, Traverse, ExecuteFile, DeleteSubdirectoriesAndFiles, ReadAttributes, 
WriteAttributes, Write, Delete, ReadPermissions, Read, ReadAndExecute, Modify, ChangePermissions, TakeOwnership, Synchronize, 
FullControl""

編輯

我試圖從變量去掉引號，因爲它似乎每個變量都已經引用除了$groupdomain，然後得到這個錯誤：

New-Object : Cannot convert argument "1", with value: "System.Object[]", for "FileSystemAccessRule" to type 
"System.Security.AccessControl.FileSystemRights": "Cannot convert value 
"ExecuteFile,Executefile,ListDirectory,ReadData,ReadAttributes,ReadExtendedAttributes,CreateFiles,WriteData,ContainerInherit, 
ObjectInherit,CreateDirectories,AppendData,WriteAttributes,WriteExtendedAttributes,DeleteSubdirectoriesAndFiles,ReadPermissions" to 
type "System.Security.AccessControl.FileSystemRights". Error: "Unable to match the identifier name 
ExecuteFile,Executefile,ListDirectory,ReadData,ReadAttributes,ReadExtendedAttributes,CreateFiles,WriteData,ContainerInherit, 
ObjectInherit,CreateDirectories,AppendData,WriteAttributes,WriteExtendedAttributes,DeleteSubdirectoriesAndFiles,ReadPermissions to a 
valid enumerator name. Specify one of the following enumerator names and try again: ListDirectory, ReadData, WriteData, 
CreateFiles, CreateDirectories, AppendData, ReadExtendedAttributes, WriteExtendedAttributes, Traverse, ExecuteFile, 
DeleteSubdirectoriesAndFiles, ReadAttributes, WriteAttributes, Write, Delete, ReadPermissions, Read, ReadAndExecute, Modify, 
ChangePermissions, TakeOwnership, Synchronize, FullControl""

編輯

試了一下斯蒂芬建議的周圍，他整個新物體加上引號，然後得到這個錯誤：

Cannot convert argument "rule", with value: "New-Object -TypeName System.Security.AccessControl.FileSystemAccessRule -ArgumentList 
WOLF\Elite_1035 Write, Read ContainerInherit, ObjectInherit None Allow", for "SetAccessRule" to type 
"System.Security.AccessControl.FileSystemAccessRule": "Cannot convert the "New-Object -TypeName 
System.Security.AccessControl.FileSystemAccessRule -ArgumentList WOLF\Elite_1035 Write, Read ContainerInherit, ObjectInherit None 
Allow" value of type "System.String" to type "System.Security.AccessControl.FileSystemAccessRule"."

編輯

錯誤消失了，但我還是不'請參閱添加到$path6的安全屬性的任何組。

我能夠也添加所有的權限，從理論上講，這樣做：

$FileSystemAccessRights=[System.Security.AccessControl.FileSystemRights]"Traverse,Executefile,ListDirectory,ReadData, ReadAttributes, ReadExtendedAttributes,CreateFiles,WriteData,CreateDirectories,AppendData,WriteAttributes,WriteExtendedAttributes,DeleteSubdirectoriesAndFiles, ReadPermissions"

來源

2017-05-28 scriptkiddie

你嘗試封閉$許可括號，在新物體行？你也可以在整個New-Object子句中放置圓括號。 –

@StephenGTuggy我試過，然後更新我的問題。 – scriptkiddie

您在參數

$permission = $groupdomain, $FileSystemAccessRights, $InheritanceFlags, $PropagationFlags, $AccessControl

編輯忘記$FileSystemAccessRights，去除雙引號。

你仍然有兩個問題：

首先創建一個$主要對象

$principal = New-Object System.Security.Principal.NTAccount($groupdomain)

然後嘗試減少$ FileSystemAccessRights因爲它有問題，嘗試一些簡單的開始像讀/寫訪問。

$FileSystemAccessRights=[System.Security.AccessControl.FileSystemRights]"Read, Write"

更新創建變量$許可的，包括校長：

$permission = $principal, $FileSystemAccessRights, $InheritanceFlags, $PropagationFlags, $AccessControl

來源

2017-05-28 09:52:46

謝謝你指出。我修改了我的腳本，仍然收到類似的錯誤消息。有任何想法嗎？ – scriptkiddie

是的嘗試刪除雙引號，我更新了答案。 –

也看起來像第一個參數是$ FileSystemAccessRights，應該是$ groupdomain中的答案。 –

PowerShell Set-Acl New-Object：無法找到「FileSystemAccessRule」的重載和參數計數：「4」

回答

相關問題