Icacls 在windows目录文件授权中的应用

前言


        最近因工作需要,需要对批量服务器某一目录下的文件进行统一授权,对于linux来说,授权很方便,对于window来说,要对目录下的文件进行批量授权还是很不方便的,windows平台授权自然想到用icacls或cacls工具来完成任务,且灵活。

需求

 

 

  • 用vbs脚本完成授权工作,以便远程调用批量执行
  • 能指定授权目录
  • 能指定授权方式,即只对目录授权还是对目录文件统一授权
  • 若对文件授权,需递归遍历指定目录,对子目录文件也授权
  • 指定授权用户
  • 指定授予用户权限(如:RX,W,F)

实现

        基于以上需求,写了如下vbs脚本

If WScript.Arguments.Count = 0 then
    WScript.Echo "Usage: do_auth.vbs [-d|-f] [FilePath] [AuthUser]"
    WScript.Quit(1)
end if
Set WshShell = CreateObject("WScript.Shell")
Set objFSO = CreateObject("Scripting.FileSystemObject")
objAuthOption=WScript.Arguments(0)
objStartFolder = WScript.Arguments(1)
objAuthUser = WScript.Arguments(2)
Set objFolder = objFSO.GetFolder(objStartFolder)

ShowSubfolders objFSO.GetFolder(objStartFolder)

Sub ShowSubFolders(Folder)

'Wscript.Echo Subfolder.Path
If objAuthOption = "-f" Then
    Set curFiles = objFSO.GetFolder(Folder.Path).Files
        For Each curFile in curFiles
        intRunError = WshShell.Run("icacls " & curFile.Path & " /grant " & chr("34") & objAuthUser & chr("34") & ":F ", 2, True)

        If intRunError <> 0 Then
            Wscript.Echo "Error assigning permissions for user " & objAuthUser & " to file " & curFile.Name        
        Else
            Wscript.Echo "Success: file " & curFile.Name & " assigned user " & objAuthUser
        End If
    Next
    For Each Subfolder in Folder.SubFolders
    Set objFolder = objFSO.GetFolder(Subfolder.Path)
        Set colFiles = objFolder.Files
            For Each objFile in colFiles
            intRunError = WshShell.Run("icacls " & objFile.Path & " /grant " & chr("34") & objAuthUser & chr("34") & ":F ", 2, True)

            If intRunError <> 0 Then
                Wscript.Echo "Error assigning permissions for user " & objAuthUser & " to file " & objFile.Name        
            Else
                Wscript.Echo "Success: file " & objFile.Name & " assigned user " & objAuthUser
            End If
        Next
        ShowSubFolders Subfolder
    Next

ElseIf objAuthOption = "-d" Then
    For Each Subfolder in Folder.SubFolders
    intRunError = WshShell.Run("icacls " & Subfolder.Path & " /grant " & chr("34") & objAuthUser & chr("34") & ":F ", 2, True)

    If intRunError <> 0 Then
        Wscript.Echo "Error assigning permissions for user " & objAuthUser & " to folder " & Subfolder.Path            
    Else
        Wscript.Echo "Success: folder " & Subfolder.Path & " assigned user " & objAuthUser
    End If
    ShowSubFolders Subfolder
Next
Else
WScript.Echo "Parameter error"
WScript.Quit(1)
End If
End Sub

总结

    上述代码实现了文件中所列的需求,希望能帮助到大家

posted @ 2015-08-28 09:58  ballwql  阅读(2349)  评论(0编辑  收藏  举报