当前位置 : 主页 > 网络推广 > seo >

powershell – 检索安全描述符并获取FileSystemRights的编号

来源:互联网 收集:自由互联 发布时间:2021-06-16
使用Get-Acl我试图获取文件夹的访问权限.问题是,对于某些组,我得到一个数字而不是访问类型.示例如下: get-acl "C:\TestFolder" | % {$_.access}FileSystemRights : -536805376AccessControlType : AllowIdentityR
使用Get-Acl我试图获取文件夹的访问权限.问题是,对于某些组,我得到一个数字而不是访问类型.示例如下:

get-acl "C:\TestFolder" | % {$_.access}
FileSystemRights  : -536805376
AccessControlType : Allow
IdentityReference : TestDomain\Support
IsInherited       : False
InheritanceFlags  : ObjectInherit
PropagationFlags  : InheritOnly

有没有办法将这个号码翻译成它的名字?

FileSystemRights属性的值是无符号的32位整数,其中每个位表示特定的访问权限.除了“通用”权限(位28-31)和访问SACL(位23)的权限之外,大多数权限都列在 Win32_ACE class documentation中.更多细节可以在 here和 here找到.

如果要将ACE访问掩码分解为其特定的访问权限(vulgo“扩展权限”),您可以执行以下操作:

$accessMask = [ordered]@{
  [uint32]'0x80000000' = 'GenericRead'
  [uint32]'0x40000000' = 'GenericWrite'
  [uint32]'0x20000000' = 'GenericExecute'
  [uint32]'0x10000000' = 'GenericAll'
  [uint32]'0x02000000' = 'MaximumAllowed'
  [uint32]'0x01000000' = 'AccessSystemSecurity'
  [uint32]'0x00100000' = 'Synchronize'
  [uint32]'0x00080000' = 'WriteOwner'
  [uint32]'0x00040000' = 'WriteDAC'
  [uint32]'0x00020000' = 'ReadControl'
  [uint32]'0x00010000' = 'Delete'
  [uint32]'0x00000100' = 'WriteAttributes'
  [uint32]'0x00000080' = 'ReadAttributes'
  [uint32]'0x00000040' = 'DeleteChild'
  [uint32]'0x00000020' = 'Execute/Traverse'
  [uint32]'0x00000010' = 'WriteExtendedAttributes'
  [uint32]'0x00000008' = 'ReadExtendedAttributes'
  [uint32]'0x00000004' = 'AppendData/AddSubdirectory'
  [uint32]'0x00000002' = 'WriteData/AddFile'
  [uint32]'0x00000001' = 'ReadData/ListDirectory'
}

$fileSystemRights = Get-Acl -LiteralPath 'C:\some\folder_or_file' |
                    Select-Object -Expand Access |
                    Select-Object -Expand FileSystemRights -First 1

$permissions = $accessMask.Keys |
               Where-Object { $fileSystemRights.value__ -band $_ } |
               ForEach-Object { $accessMask[$_] }

简单权限FullControl,Modify,ReadAndExecute等只是这些扩展权限的特定组合.例如,ReadAndExecute是以下扩展权限的组合:

> ReadData / ListDirectory
>执行/遍历
> ReadAttributes
> ReadExtendedAttributes
> ReadControl

所以ReadAndExecute的访问掩码的值为131241.

如果您希望结果是简单权限和剩余扩展权限的组合,您可以执行以下操作:

$accessMask = [ordered]@{
  ...
}

$simplePermissions = [ordered]@{
  [uint32]'0x1f01ff' = 'FullControl'
  [uint32]'0x0301bf' = 'Modify'
  [uint32]'0x0200a9' = 'ReadAndExecute'
  [uint32]'0x02019f' = 'ReadAndWrite'
  [uint32]'0x020089' = 'Read'
  [uint32]'0x000116' = 'Write'
}

$fileSystemRights = Get-Acl -LiteralPath 'C:\some\folder_or_file' |
                    Select-Object -Expand Access |
                    Select-Object -Expand FileSystemRights -First 1

$fsr = $fileSystemRights.value__

$permissions = @()

# get simple permission
$permissions += $simplePermissions.Keys | ForEach-Object {
                  if (($fsr -band $_) -eq $_) {
                    $simplePermissions[$_]
                    $fsr = $fsr -band (-bnot $_)
                  }
                }

# get remaining extended permissions
$permissions += $accessMask.Keys |
                Where-Object { $fsr -band $_ } |
                ForEach-Object { $accessMask[$_] }
网友评论