以下のコードは、Domain Admins グループを適切に設定します。ただし、フォルダーにもローカル管理者 [COMPUTER-NAME\Administrators] グループを設定する必要があります。
function Set-DirACLs
{
# Gets the names of the directories in the directory and adds them to an array.
$dircount = Get-ChildItem $UV | foreach-object -process { $_.FullName }
$cname = $env:computername
$localadmin = "$cname\" + "Administrators"
$userlist = @("MYDOMAIN\Domain Admins", $localadmin)
#Loops through the directories and sets the ACL on each.
foreach($folder in $dircount)
{
#Print some info to the console so we don't mistake the script being stuck.
Write-Host "Editing ACL for $folder "
Write-Host "Standby "
Write-Host $localadmin
$InheritanceFlag = [System.Security.AccessControl.InheritanceFlags]::ContainerInherit -bor [System.Security.AccessControl.InheritanceFlags]::ObjectInherit
$PropagationFlag = [System.Security.AccessControl.PropagationFlags]::none
$colRights = [System.Security.AccessControl.FileSystemRights]"FullControl"
$objType =[System.Security.AccessControl.AccessControlType]::Allow
$ACL = Get-Acl $folder
$folder = (convert-path $ACL.pspath)
$acl.SetAccessRuleProtection($True, $False)
#Now we have to iterate over the users in userlist for each directory.
foreach($user in $userlist)
{
$objUser = New-Object System.Security.Principal.NTAccount($user)
$rule = New-Object System.Security.AccessControl.FileSystemAccessRule($objUser, $colRights, $InheritanceFlag,$PropagationFlag, $objType)
$ACL.AddAccessRule($rule)
Set-Acl $folder $ACL
}
}
}
ただし、このエラーが発生し続け、 $localadmin 変数を変更してコンピューター名 + \Administrators を連結しても、このエラーが発生します
Exception calling "AddAccessRule" with "1" argument(s): "Some or all identity references could not be translated."
これは私を夢中にさせています!!