我想更改C:驱动器的ACL .我想要做的是删除用户可以直接在驱动器上创建文件夹的权限.我在编写时在另一个文件夹上测试了脚本.它没有问题.完成后,我在我们的测试环境中尝试了实际驱动器上的脚本.我得到一个我无法弄清楚的错误.如果我手动删除权限它没有问题.有人有个主意吗?
$path = "C:\"
$colRights = [System.Security.AccessControl.FileSystemRights]"CreateDirectories"
$InheritanceFlag = [System.Security.AccessControl.InheritanceFlags]::None
$PropagationFlag = [System.Security.AccessControl.PropagationFlags]::None
$objType =[System.Security.AccessControl.AccessControlType]::Allow
$objUser = New-Object System.Security.Principal.NTAccount("Authenticated Users")
$objACE = New-Object System.Security.AccessControl.FileSystemAccessRule ($objUser, $colRights, $InheritanceFlag, $PropagationFlag, $objType)
$objACL = Get-ACL $path
$objACL.RemoveAccessRule($objACE)
Set-ACL $path $objACL
错误是:
Set-Acl : The security identifier is not allowed to be the owner of this object.
At C:\Users\mhodler\Desktop\Remove Permission.ps1:57 char:8
+ Set-ACL <<<< $path $objACL
+ CategoryInfo : InvalidOperation: (C:\:String) [Set-Acl], InvalidOperationException
+ FullyQualifiedErrorId : System.InvalidOperationException,Microsoft.PowerShell.Commands.SetAclCommand