search

raandree / NTFSSecurity

Managing permissions with PowerShell is only a bit easier than in VBS or the command line as there are no cmdlets for most day-to-day tasks like getting a permission report or adding permission to an item. PowerShell only offers Get-Acl and Set-Acl but everything in between getting and setting the ACL is missing. This module closes the gap.
MIT License
431 stars 61 forks source link

Friends, help write a script to transfer the ACL from .wim to the current system #52

Closed Defender-UI closed 5 years ago

Defender-UI commented 5 years ago

Friends, help write a script to transfer the ACL from .wim to the current system. Required: – clear the current access rights of the current system – transfer permissions to files and folders for all users from .wim – inheritance rules for folders from .wim – the final step to transfer the owner of the folders (including the system folders: TrustedInstaller) What I have at the moment:

$wPath = Read-Host “Enter original location for reading ACL (D: \ wim \) ” # mounted image .wim
$ACLPath = Read-Host “Enter the full name of the file in which to save the ACL (D: \ ACL_file) ”

function Recurse($path) {

    $fc = new-object -com scripting.filesystemobject
    $folder = $fc.getfolder($path)

    foreach ($i in $folder.files) {$i}

    foreach ($i in $folder.subfolders) {
        Write-Host $i.path
        $i
        if ( (get-item -Force $i.path).Attributes.ToString().Contains(“ReparsePoint”) -eq $false)
            {
                Recurse($i.path)
            }
        }
}

Recurse($wPath) | Get-NTFSAccess -ExcludeInherited | Export-Clixml $ACLPath”.xml”
$oldACL = Import-Clixml $ACLPath”.xml”
foreach ($p in $oldACL) {
       $p.Path | Clear-NTFSAccess
       }
$oldACL | Add-NTFSAccess

Help seemed to me not complete (Add-NTFSAccess -? and Clear-NTFSAccess -?), could not understand how to apply the rules from .xml to files and folders in the root of the path C: \, at the moment I manually edit the path in .xml

Defender-UI commented 5 years ago

Import-Clixml $ACLPath”.xml” | Add-NTFSAccess

Add-NTFSAccess : Не удается привязать объект ввода, так как он не содержит сведения, необходимые для привязки всех обязательных параметров: Account Add-NTFSAccess.ps1:32 знак:32

raandree commented 5 years ago

Sorry for the late reply. I guess in the meantime you have solved the issue yourself. If not, please reopen.