{"id":208141,"date":"2023-11-29T11:47:10","date_gmt":"2023-11-29T11:47:10","guid":{"rendered":"https:\/\/www.ninjaone.com\/script-hub\/impostare-le-autorizzazioni-per-le-cartelle-con-powershell-2\/"},"modified":"2024-03-04T19:06:34","modified_gmt":"2024-03-04T19:06:34","slug":"impostare-le-autorizzazioni-per-le-cartelle-con-powershell-2","status":"publish","type":"script_hub","link":"https:\/\/www.ninjaone.com\/it\/script-hub\/impostare-le-autorizzazioni-per-le-cartelle-con-powershell-2\/","title":{"rendered":"Come impostare le autorizzazioni per le cartelle con PowerShell"},"content":{"rendered":"

Garantire che le persone giuste abbiano l’accesso corretto a file e cartelle specifici \u00e8 fondamentale nel settore IT. La gestione delle autorizzazioni protegge efficacemente i dati sensibili, favorisce la conformit\u00e0 alle normative e migliora l’efficienza operativa<\/a>. Uno strumento molto diffuso per impostare le autorizzazioni per le cartelle e i file \u00e8 PowerShell e oggi analizzeremo uno script che semplifica il processo di modifica dei permessi per le cartelle.\u00a0<\/strong><\/p>\n

Background<\/h2>\n

In un panorama digitale in continua evoluzione, i professionisti IT e i Managed Service Provider (MSP) si destreggiano costantemente tra le autorizzazioni di pi\u00f9 utenti su vari file e cartelle. Lo script fornito, per impostare le autorizzazioni per le cartelle, \u00e8 una manna dal cielo in questi scenari. Offre flessibilit\u00e0, consentendo di assegnare o rimuovere le autorizzazioni a pi\u00f9 utenti su pi\u00f9 percorsi. Ci\u00f2 significa che, che tu stia lavorando con singoli file o con intere directory, questo script ti sar\u00e0 comunque utile.<\/p>\n

Lo script per impostare le autorizzazioni per le cartelle e i file<\/h2>\n
#Requires -Version 5.1\r\n\r\n<#\r\n.SYNOPSIS\r\n    Modify User Permissions for files and folder.\r\n.DESCRIPTION\r\n    Modify User Permissions for files and folder. You can assign or block multiple permissions to multiple users, and multiple files and folders.\r\n.EXAMPLE\r\n     -User \"Test\" -Path \"C:Test\" -Permissions FullControl\r\n    Gives FullControl permissions to the user Test for just the folder C:Test\r\n.EXAMPLE\r\n     -User \"Test1\", \"Test2\" -Path \"C:Test\" -Permissions FullControl\r\n    Gives FullControl permissions to the user Test1 and Test2 for just the folder C:Test\r\n.EXAMPLE\r\n     -User \"Test1\", \"Test2\" -Path \"C:Test\", \"C:Temp\" -Permissions FullControl\r\n    Gives FullControl permissions to the user Test1 and Test2 for just the folders C:Test and C:Temp\r\n.EXAMPLE\r\n     -User \"Test\" -Path \"C:TestDocument.docx\" -Permissions FullControl\r\n    Gives FullControl permissions to the user Test for just the file C:TestDocument.docx\r\n.EXAMPLE\r\n     -User \"Test\" -Path \"C:TestDocument.docx\" -Permissions ReadData, Modify\r\n    Gives ReadData and Modify permissions to the user Test for just the file C:TestDocument.docx\r\n.EXAMPLE\r\n     -User \"Test\" -Path \"C:TestDocument.docx\" -Permissions FullControl -Block\r\n    Blocks FullControl permissions from the user Test for just the file C:TestDocument.docx\r\n.EXAMPLE\r\n     -User \"Test\" -Path \"C:Test\" -Permissions FullControl -Recursive\r\n    Gives FullControl permissions to the user Test for the folder C:Test and any folder or file under it will inherit FullControl\r\n.EXAMPLE\r\n    PS C:> .Modify-User-Permissions.ps1 -User \"Test\" -Path \"C:Test\" -Permissions FullControl -Recursive\r\n    Gives FullControl permissions to the user Test for the folder C:Test and any folder or file under it will inherit FullControl\r\n.INPUTS\r\n    Inputs (User,Path,Permissions)\r\n.OUTPUTS\r\n    FileSecurity\r\n.NOTES\r\n    Minimum OS Architecture Supported: Windows 10, Windows Server 2016\r\n    Release Notes:\r\n    Initial Release\r\nBy using this script, you indicate your acceptance of the following legal terms as well as our Terms of Use at https:\/\/www.ninjaone.com\/terms-of-use.\r\n    Ownership Rights: NinjaOne owns and will continue to own all right, title, and interest in and to the script (including the copyright). NinjaOne is giving you a limited license to use the script in accordance with these legal terms. \r\n    Use Limitation: You may only use the script for your legitimate personal or internal business purposes, and you may not share the script with another party. \r\n    Republication Prohibition: Under no circumstances are you permitted to re-publish the script in any script library or website belonging to or under the control of any other software provider. \r\n    Warranty Disclaimer: The script is provided \u201cas is\u201d and \u201cas available\u201d, without warranty of any kind. NinjaOne makes no promise or guarantee that the script will be free from defects or that it will meet your specific needs or expectations. \r\n    Assumption of Risk: Your use of the script is at your own risk. You acknowledge that there are certain inherent risks in using the script, and you understand and assume each of those risks. \r\n    Waiver and Release: You will not hold NinjaOne responsible for any adverse or unintended consequences resulting from your use of the script, and you waive any legal or equitable rights or remedies you may have against NinjaOne relating to your use of the script. \r\n    EULA: If you are a NinjaOne customer, your use of the script is subject to the End User License Agreement applicable to you (EULA).\r\n.COMPONENT\r\n    ManageUsers\r\n#>\r\n\r\n[CmdletBinding()]\r\nparam (\r\n    [Parameter(Mandatory = $true)]\r\n    [ValidateScript(\r\n        {\r\n            # Validate that the User(s) exist\r\n            if ($(Get-LocalUser -Name $_)) { $true } else { $false }\r\n        }\r\n    )]\r\n    [String[]]\r\n    # The user name of the user you want to apply Permissions to a Path(s)\r\n    $User,\r\n    [Parameter(Mandatory = $true)]\r\n    [ValidateScript({ Test-Path -Path $_ })]\r\n    [String[]]\r\n    # File path that you want to apply Permissions to\r\n    $Path,\r\n    [Parameter(Mandatory = $true)]\r\n    # Permission to set the path(s) for the user(s)\r\n    # This accepts the following:\r\n    #  ListDirectory, ReadData, WriteData, CreateFiles, CreateDirectories, AppendData, ReadExtendedAttributes,\r\n    #  WriteExtendedAttributes, Traverse, ExecuteFile, DeleteSubdirectoriesAndFiles, ReadAttributes,\r\n    #  WriteAttributes, Write, Delete, ReadPermissions, Read, ReadAndExecute, Modify, ChangePermissions,\r\n    #  TakeOwnership, Synchronize, FullControl\r\n    [System.Security.AccessControl.FileSystemRights[]]\r\n    $Permissions,\r\n    # Block the specified Permissions for the specified $User\r\n    [Switch]\r\n    $Block,\r\n    # Apply the Permissions down through a folder structure, i.e. inheritance\r\n    [Switch]\r\n    $Recursive\r\n)\r\n\r\nbegin {\r\n    function Test-IsElevated {\r\n        $id = [System.Security.Principal.WindowsIdentity]::GetCurrent()\r\n        $p = New-Object System.Security.Principal.WindowsPrincipal($id)\r\n        if ($p.IsInRole([System.Security.Principal.WindowsBuiltInRole]::Administrator))\r\n        { Write-Output $true }\r\n        else\r\n        { Write-Output $false }\r\n    }\r\n}\r\n\r\nprocess {\r\n    if (-not (Test-IsElevated)) {\r\n        Write-Error -Message \"Access Denied. Please run with Administrator privileges.\"\r\n        exit 1\r\n    }\r\n    $Acl = Get-Acl -Path $Path\r\n    if ($true -in $Acl.AreAccessRulesProtected) {\r\n        Write-Error \"ACL rules are protected for one of the specified paths.\"\r\n        exit 1\r\n    }\r\n    $script:HasError = $false\r\n    $Path | ForEach-Object {\r\n        $CurPath = Get-Item -Path $_\r\n        $User | ForEach-Object {\r\n            $NewAcl = Get-Acl -Path $CurPath\r\n            # Set properties\r\n            $identity = Get-LocalUser -Name $_\r\n            $fileSystemRights = $Permissions\r\n            $type = $(if ($Block) { [System.Security.AccessControl.AccessControlType]::Deny }else { [System.Security.AccessControl.AccessControlType]::Allow })\r\n            $fileSystemRights | ForEach-Object {\r\n                # Create new rule\r\n                Write-Host \"Creating $type $_ rule for user: $identity\"\r\n                # Check if Recursive was used and that the current path is a folder\r\n                if ($CurPath.PSIsContainer -and $Recursive) {\r\n                    $inheritanceFlags = 'ObjectInherit,ContainerInherit'\r\n                    $NewAcl.SetAccessRuleProtection($false, $true)\r\n                }\r\n                else {\r\n                    $inheritanceFlags = [System.Security.AccessControl.InheritanceFlags]::None\r\n                }\r\n                $propagationFlags = [System.Security.AccessControl.PropagationFlags]::None\r\n                $fileSystemAccessRuleArgumentList = $identity, $_, $inheritanceFlags, $propagationFlags, $type\r\n                $fileSystemAccessRule = New-Object -TypeName System.Security.AccessControl.FileSystemAccessRule -ArgumentList $fileSystemAccessRuleArgumentList\r\n\r\n                # Apply new rule\r\n                $NewAcl.SetAccessRule($fileSystemAccessRule)\r\n                try {\r\n                    Set-Acl -Path $CurPath -AclObject $NewAcl -Passthru\r\n                }\r\n                catch {\r\n                    Write-Error $_\r\n                    $script:HasError = $true\r\n                }\r\n            }\r\n        }\r\n    }\r\n    if ($script:HasError) {\r\n        exit 1\r\n    }\r\n}\r\n\r\nend {}<\/pre>\n
 <\/p>\n\n
Accedi a oltre 700 script nel Dojo di NinjaOne<\/p>\n
Ottieni l’accesso<\/a><\/p>\n<\/div>\n
Analisi dettagliata<\/h2>\n
Nel suo nucleo, lo script per impostare le autorizzazioni per le cartelle e i file opera con tre parametri obbligatori: User<\/strong>, Path<\/strong>, e Permissions<\/strong>.<\/p>\n