感謝馬特對他的一些對此有所幫助,但答案結果有點不同。這是最後的工作產品。
重要提示:腳本必須從另一臺計算機上運行,理想的Windows 2012年或更高版本,否則你會得到一個錯誤說「的安全標識符不允許是這個對象的所有者」。
$path = Get-ChildItem \\COMPUTERNAME\SHARENAME\* | ?{ $_.PSIsContainer }
ForEach ($folder in $path) {
$ACL = (get-item $folder.FullName).GetAccessControl('Owner')
$username = $folder.Name
$userobject = New-Object System.Security.Principal.NTAccount("NTDOMAIN", $username)
$AccessRule1 = New-Object system.security.accesscontrol.filesystemaccessrule("CREATOR OWNER","FullControl","ContainerInherit, ObjectInherit","InheritOnly","Allow")
$AccessRule2 = New-Object system.security.accesscontrol.filesystemaccessrule("Domain Admins","FullControl","ContainerInherit, ObjectInherit","InheritOnly","Allow")
$AccessRule3 = New-Object system.security.accesscontrol.filesystemaccessrule($userobject,"FullControl","ContainerInherit, ObjectInherit","InheritOnly","Allow")
try {
$ACL.SetOwner($userobject)
$ACL.AddAccessRule($AccessRule1)
$ACL.AddAccessRule($AccessRule2)
$ACL.AddAccessRule($AccessRule3)
Set-Acl $folder.FullName $ACL
Write-Host $username
}
catch {
#Delete folder if user is not found.
Remove-Item $folder -recurse -force
Write-Host $username "CANNOT BE FOUND"
}
}
你可以用'新物體System.Security.Principal.NTAccount'喜歡:'$ objUser =新物體System.Security.Principal.NTAccount( 「」, 「」); $ acl.SetOwner($ objUser)' –
Matt
我認爲這有效,但有幾個文件夾出現錯誤,提示「某些或全部標識引用無法翻譯」。 –
不知道當用戶標識不存在時,該錯誤似乎發生。有沒有辦法處理錯誤? –