windows - Trying to prevent a security group from applying to other folders/files -

-

i'm trying make $adnamero , $adnamerw (that i've created below) don't applied folders below let rest of permissions inherited.

i've tried change propagation flag 2 strings applied folder , files added to, still get's added sub files , folders...

i thought might need change inheritanceflags object both of strings, when changed manually (through windows gui) didn't seem work correctly...

any appreciated.

function new-ace {   [cmdletbinding()]   param(     [parameter(mandatory=$true, position=0)]     [security.principal.ntaccount]$account,     [parameter(mandatory=$false, position=1)]     [security.accesscontrol.filesystemrights]$permissions = 'readandexecute',     [parameter(mandatory=$false, position=2)]     [security.accesscontrol.inheritanceflags]$inheritanceflags = 'containerinherit,objectinherit',     [parameter(mandatory=$false, position=3)]     [security.accesscontrol.propagationflags]$propagationflags = 'none',     [parameter(mandatory=$false, position=4)]     [security.accesscontrol.accesscontroltype]$type = 'allow'   )    new-object security.accesscontrol.filesystemaccessrule(     $account, $permissions, $inheritanceflags, $propagationflags, $type   ) }  $domain = 'esg.intl' $administrators = ([wmi]"win32_sid.sid='s-1-5-32-544'").accountname $addomainusers = "$domain\domain users"  $acl = get-acl $path  $administrators, "$domain\domain admins" | foreach-object {   $acl.addaccessrule((new-ace $_ 'fullcontrol')) } $acl.addaccessrule((new-ace $adnamerw 'modify')) $acl.addaccessrule((new-ace $adnamero 'readandexecute')) $acl.addaccessrule((new-ace $addomainusers 'readandexecute'))

setting access permissions folders , files without inheritance requires 2 aces: 1 "this folder only" , 1 "files only". former set both inheritance , propagation flags none, latter set inheritance flags objectinherit , propagation flags inheritonly:

$acl.addaccessrule((new-ace $adnamerw 'modify' 'none')) $acl.addaccessrule((new-ace $adnamerw 'modify' 'objectinherit' 'inheritonly')) $acl.addaccessrule((new-ace $adnamero 'readandexecute' 'none')) $acl.addaccessrule((new-ace $adnamero 'readandexecute' 'objectinherit' 'inheritonly'))

Comments

Post a Comment

Popular posts from this blog

Django REST Framework perform_create: You cannot call `.save()` after accessing `serializer.data` -

-
i have following viewset: class artistprofileviewset(viewsets.modelviewset): queryset = artistprofile.objects.all() serializer_class = artistprofileserializer def perform_create(self, serializer): if serializer.is_valid(): serializer.save() with following serializers: class simpleartisttrackserializer(serializers.hyperlinkedmodelserializer): class meta: model = artisttrack fields = (...my fields...) class artistprofileserializer(serializers.hyperlinkedmodelserializer): owners = userserializer(many=true, required=false) tracks = simpleartisttrackserializer(many=true, required=false) class meta: model = artistprofile fields = (...my fields...) i getting following error: assertionerror: cannot call `.save()` after accessing `serializer.data`.if need access data before committing database inspect 'serializer.validated_data' instead. i don't see editing serializer.data object. th...
Read more

Why does Go error when trying to marshal this JSON? -

-
i'm trying rather simple example of trying decode json file structs using golang. however, when attempting error that json: cannot unmarshal object go value of type []main.track which don't understand. here's code in question, , json can found here . package main import ( "encoding/json" "fmt" "net/http" "os" ) // tracks group of track types type tracks struct { tracks []track } // track represents singular track type track struct { name string url string artist artist } // artist represents single artist type artist struct { name string mbid string url string } func main() { url := "http://ws.audioscrobbler.com/2.0/?method=geo.gettoptracks&api_key=c1572082105bd40d247836b5c1819623&format=json&country=netherlands" response, err := http.get(url) if err != nil { fmt.printf("%s\n", err) os.exit(1) } de...
Read more