你好!
我这边想请问一下,当我用get-Acl这个命令去拿远程服务器上文件夹的权限的时候,如果文件夹权限里面有本地用户和组,则显示为SID, 有何办法可以解决,或者什么思路,谢谢!
PS C:\Users\Administrator> Get-Acl -Path \\file01\Shared |fl
Path : Microsoft.PowerShell.Core\FileSystem::\\file01\Shared
Owner : BUILTIN\Administrators
Group : G:S-1-5-21-2507041524-4033252695-3107390213-513
Access : BUILTIN\Administrators Allow FullControl
CONTOSO\CO_D_Shared_C Allow Modify, Synchronize
CONTOSO\CO_D_Shared_R Allow ReadAndExecute, Synchronize
S-1-5-21-2507041524-4033252695-3107390213-1002 Allow ReadAndExecute, Synchronize
S-1-5-21-2507041524-4033252695-3107390213-1003 Allow Modify, Synchronize
BUILTIN\Administrators Allow FullControl
NT AUTHORITY\SYSTEM Allow FullControl
CREATOR OWNER Allow 268435456
BUILTIN\Users Allow ReadAndExecute, Synchronize
BUILTIN\Users Allow AppendData
BUILTIN\Users Allow CreateFiles
Audit :
Sddl : O:BAG:S-1-5-21-2507041524-4033252695-3107390213-513D:AI(A;;FA;;;BA)(A;OICI;0x1301bf;;;S-1-5-21-2202709787-3434
925800-3233083121-1105)(A;OICI;0x1200a9;;;S-1-5-21-2202709787-3434925800-3233083121-1106)(A;OICI;0x1200a9;;;S-
1-5-21-2507041524-4033252695-3107390213-1002)(A;OICI;0x1301bf;;;S-1-5-21-2507041524-4033252695-3107390213-1003
)(A;OICIID;FA;;;BA)(A;OICIID;FA;;;SY)(A;OICIIOID;GA;;;CO)(A;OICIID;0x1200a9;;;BU)(A;CIID;LC;;;BU)(A;CIID;DC;;;
BU)
$localIdentityPrefix = @('BUILTIN','NT AUTHORITY','CREATOR OWNER') $dirAcl = Get-Acl '\\pstips.net\share\' $dirAcl.Access | foreach { $sName = $_.IdentityReference.value $prefix = $sName.Split('\')[0] if($localIdentityPrefix -contains $prefix){ $NTAccount = New-Object System.Security.Principal.NTAccount($sName) $NTAccount.Translate([System.Security.Principal.SecurityIdentifier]).value } else { $sName } }
感谢回复,但是我这个问题是本地用户和组的信息无法拿到。比如下面这个就是ACL出来的结果,是一串SID,这个有办法解决吗?
我尝试过使用invoke-command命令。可以拿到远程服务器的本地用户和组的信息,但是效果不是很理想
S-1-5-21-2507041524-4033252695-3107390213-1002 Allow ReadAndExecute, Synchronize
S-1-5-21-2507041524-4033252695-3107390213-1003 Allow Modify, Synchronize