LoginSignup
0
0

Delete article

Deleted articles cannot be recovered.

Draft of this article would be also deleted.

Are you sure you want to delete this article?

More than 3 years have passed since last update.

@tsurun(Tanaka Hironori)

アクセス権をパワーシェルで設定したい

Posted at

まずは現状の確認コマンド

get-acl -Path \\1.1.1.1\share\dir | fl

継承の無効化

$path = C:\test
$ACL =  get-acl -Path $path
$ACL.SetAccessRuleProtection($true,$true)
$ACL | set-acl -Path $path

ACLのオブジェクトで何ができるか見てみる。

$objACL =  get-acl -Path \\1.1.1.1\share\dir
Get-Member -InputObject $objACL

Name                            MemberType     Definition                                                            
----                            ----------     ----------                                                            
Access                          CodeProperty   System.Security.AccessControl.AuthorizationRuleCollection Access{ge...
CentralAccessPolicyId           CodeProperty   System.Security.Principal.SecurityIdentifier CentralAccessPolicyId{...
CentralAccessPolicyName         CodeProperty   System.String CentralAccessPolicyName{get=GetCentralAccessPolicyName;}
Group                           CodeProperty   System.String Group{get=GetGroup;}                                    
Owner                           CodeProperty   System.String Owner{get=GetOwner;}                                    
Path                            CodeProperty   System.String Path{get=GetPath;}                                      
Sddl                            CodeProperty   System.String Sddl{get=GetSddl;}                                      
AccessRuleFactory               Method         System.Security.AccessControl.AccessRule AccessRuleFactory(System.S...
AddAccessRule                   Method         void AddAccessRule(System.Security.AccessControl.FileSystemAccessRu...
AddAuditRule                    Method         void AddAuditRule(System.Security.AccessControl.FileSystemAuditRule...
AuditRuleFactory                Method         System.Security.AccessControl.AuditRule AuditRuleFactory(System.Sec...
Equals                          Method         bool Equals(System.Object obj)                                        
GetAccessRules                  Method         System.Security.AccessControl.AuthorizationRuleCollection GetAccess...
GetAuditRules                   Method         System.Security.AccessControl.AuthorizationRuleCollection GetAuditR...
GetGroup                        Method         System.Security.Principal.IdentityReference GetGroup(type targetType) 
GetHashCode                     Method         int GetHashCode()                                                     
GetOwner                        Method         System.Security.Principal.IdentityReference GetOwner(type targetType) 
GetSecurityDescriptorBinaryForm Method         byte[] GetSecurityDescriptorBinaryForm()                              
GetSecurityDescriptorSddlForm   Method         string GetSecurityDescriptorSddlForm(System.Security.AccessControl....
GetType                         Method         type GetType()                                                        
ModifyAccessRule                Method         bool ModifyAccessRule(System.Security.AccessControl.AccessControlMo...
ModifyAuditRule                 Method         bool ModifyAuditRule(System.Security.AccessControl.AccessControlMod...
PurgeAccessRules                Method         void PurgeAccessRules(System.Security.Principal.IdentityReference i...
PurgeAuditRules                 Method         void PurgeAuditRules(System.Security.Principal.IdentityReference id...
RemoveAccessRule                Method         bool RemoveAccessRule(System.Security.AccessControl.FileSystemAcces...
RemoveAccessRuleAll             Method         void RemoveAccessRuleAll(System.Security.AccessControl.FileSystemAc...
RemoveAccessRuleSpecific        Method         void RemoveAccessRuleSpecific(System.Security.AccessControl.FileSys...
RemoveAuditRule                 Method         bool RemoveAuditRule(System.Security.AccessControl.FileSystemAuditR...
RemoveAuditRuleAll              Method         void RemoveAuditRuleAll(System.Security.AccessControl.FileSystemAud...
RemoveAuditRuleSpecific         Method         void RemoveAuditRuleSpecific(System.Security.AccessControl.FileSyst...
ResetAccessRule                 Method         void ResetAccessRule(System.Security.AccessControl.FileSystemAccess...
SetAccessRule                   Method         void SetAccessRule(System.Security.AccessControl.FileSystemAccessRu...
SetAccessRuleProtection         Method         void SetAccessRuleProtection(bool isProtected, bool preserveInherit...
SetAuditRule                    Method         void SetAuditRule(System.Security.AccessControl.FileSystemAuditRule...
SetAuditRuleProtection          Method         void SetAuditRuleProtection(bool isProtected, bool preserveInherita...
SetGroup                        Method         void SetGroup(System.Security.Principal.IdentityReference identity)   
SetOwner                        Method         void SetOwner(System.Security.Principal.IdentityReference identity)   
SetSecurityDescriptorBinaryForm Method         void SetSecurityDescriptorBinaryForm(byte[] binaryForm), void SetSe...
SetSecurityDescriptorSddlForm   Method         void SetSecurityDescriptorSddlForm(string sddlForm), void SetSecuri...
ToString                        Method         string ToString()                                                     
PSChildName                     NoteProperty   string PSChildName=dir2                                               
PSParentPath                    NoteProperty   string PSParentPath=Microsoft.PowerShell.Core\FileSystem::\\10.10.1...
PSPath                          NoteProperty   string PSPath=Microsoft.PowerShell.Core\FileSystem::\\10.10.107.102...
PSProvider                      NoteProperty   ProviderInfo PSProvider=Microsoft.PowerShell.Core\FileSystem          
AccessRightType                 Property       type AccessRightType {get;}                                           
AccessRuleType                  Property       type AccessRuleType {get;}                                            
AreAccessRulesCanonical         Property       bool AreAccessRulesCanonical {get;}                                   
AreAccessRulesProtected         Property       bool AreAccessRulesProtected {get;}                                   
AreAuditRulesCanonical          Property       bool AreAuditRulesCanonical {get;}                                    
AreAuditRulesProtected          Property       bool AreAuditRulesProtected {get;}                                    
AuditRuleType                   Property       type AuditRuleType {get;}                                             
AccessToString                  ScriptProperty System.Object AccessToString {get=$toString = "";...                  
AuditToString                   ScriptProperty System.Object AuditToString {get=$toString = "";...

(気が向いたら続きを書きます。)

参考文献

https://saborin.hatenablog.com/entry/2018/05/01/150000
https://saborin.hatenablog.com/category/%E5%82%99%E5%BF%98%E9%8C%B2(PowerShell)
https://www.haruru29.net/blog/how-to-configure-smb-share-folder-using-powershell/#PowerShell-5
and
https://docs.microsoft.com/en-us/archive/msdn-magazine/2008/november/access-control-understanding-windows-file-and-registry-permissions

0
0
0

Register as a new user and use Qiita more conveniently

  1. You get articles that match your needs
  2. You can efficiently read back useful information
  3. You can use dark theme
What you can do with signing up
Sign upLogin
0
0

Delete article

Deleted articles cannot be recovered.

Draft of this article would be also deleted.

Are you sure you want to delete this article?