7.15 命令行查看/设置指定文件的owner https://scz.617.cn/windows/202309251425.txt Q: Win10命令行如何查看、设置指定文件的owner?GUI界面我会操作。 A: 查看owner: dir /q some.ext 该命令会显示some.ext的owner,但有个缺陷 dir /q C:\Windows\System32\notepad.exe | findstr notepad.exe 01/08/2021 06:37 243,200 NT SERVICE\TrustedInstanotepad.exe 倒数第二列的owner本应是"NT SERVICE\TrustedInstaller",被截断了。 wmic path Win32_LogicalFileSecuritySetting where Path="C:\\Windows\\System32\\notepad.exe" ASSOC /RESULTROLE:Owner /ASSOCCLASS:Win32_LogicalFileOwner /RESULTCLASS:Win32_SID ... S-1-5-80-...-2271478464 ... TrustedInstaller ... NT SERVICE ... 表示owner是"NT SERVICE\TrustedInstaller",其SID是 S-1-5-80-...-2271478464 已知SID,查询名称: PowerShell中执行 -------------------------------------------------------------------------- [wmi]"Win32_SID.SID='S-1-5-80-...-2271478464'" -------------------------------------------------------------------------- $sid = 'S-1-5-80-...-2271478464'; $obj = New-Object -TypeName System.Security.Principal.SecurityIdentifier -ArgumentList $sid; $obj.Translate([System.Security.Principal.NTAccount]).Value; -------------------------------------------------------------------------- $sid = 'S-1-5-80-...-2271478464'; $obj = New-Object System.Security.Principal.SecurityIdentifier($sid); $obj.Translate([System.Security.Principal.NTAccount]).Value; -------------------------------------------------------------------------- 若SID对应普通用户,而非内置SID,下列命令亦可查询名称: wmic useraccount where sid="S-1-5-21-...-1001" get Caption 上述命令无法查询内置SID的名称 A: 设置owner: icacls C:\temp\notepad.exe /setowner "DESKTOP-TEST\scz" icacls C:\temp\notepad.exe /setowner "NT SERVICE\TrustedInstaller" 在管理员级cmd中执行上述命令,下列命令检验效果: dir /q C:\temp\notepad.exe wmic path Win32_LogicalFileSecuritySetting where Path="C:\\temp\\notepad.exe" ASSOC /RESULTROLE:Owner /ASSOCCLASS:Win32_LogicalFileOwner /RESULTCLASS:Win32_SID A: 获取owner: takeown /f C:\temp\notepad.exe 不同于"icacls /setowner"指定owner,takeown固定将owner改成当前用户 A: SubInACL https://web.archive.org/web/20190830103837/http://www.microsoft.com/en-us/download/confirmation.aspx?id=23510 https://web.archive.org/web/20190830103837/https://download.microsoft.com/download/1/7/d/17d82b72-bc6a-4dc8-bfaa-98b37b22b367/subinacl.msi 微软已经下架了该工具,上面是archive备份。 设置owner: subinacl /file C:\temp\notepad.exe /setowner="DESKTOP-TEST\scz" subinacl /file C:\temp\notepad.exe /setowner="NT SERVICE\TrustedInstaller" 查看owner: subinacl /file C:\temp\notepad.exe /display=owner Q: 如何用PowerShell查看、设置指定文件的owner? A: -------------------------------------------------------------------------- $target = "C:\Windows\System32\notepad.exe" $acl = Get-Acl $target $acl.Owner $owner = New-Object System.Security.Principal.NTAccount("DESKTOP-TEST\scz") $acl.SetOwner($owner) Set-Acl -Path $target -AclObject $acl $acl.Owner $owner = New-Object System.Security.Principal.NTAccount("NT SERVICE\TrustedInstaller") $acl.SetOwner($owner) Set-Acl -Path $target -AclObject $acl $acl.Owner --------------------------------------------------------------------------