使用命令行 Windows 修改文件权限

向文件添加管理员组和系统组的完全访问权限（F）

icacls <file> /inheritance:r /grant "Administrators:F" /grant "SYSTEM:F"

将 <file> 替换为你的文件名

向文件添加指定用户（组）的完全访问权限（F）

首先查询该用户的 SID：

$ Get-LocalUser | Select-Object Name, SID
Name               SID
----               ---
Administrator      S-1-5-21-479362186-2444553748-1039381088-500
DefaultAccount     S-1-5-21-479362186-2444553748-1039381088-503
Guest              S-1-5-21-479362186-2444553748-1039381088-501
WDAGUtilityAccount S-1-5-21-479362186-2444553748-1039381088-504
MyUser             S-1-5-21-479362186-2444553748-1039381088-1001

如果你要查找用户组的 SID：

$ Get-LocalGroup | Select-Object Name, SID
Name                                SID
----                                ---
docker-users                        S-1-5-21-479362186-2444553748-1039381088-1010
__vmware__                          S-1-5-21-479362186-2444553748-1039381088-1013
Access Control Assistance Operators S-1-5-32-579
Administrators                      S-1-5-32-544
Backup Operators                    S-1-5-32-551
Cryptographic Operators             S-1-5-32-569
Device Owners                       S-1-5-32-583
Distributed COM Users               S-1-5-32-562
Event Log Readers                   S-1-5-32-573
Guests                              S-1-5-32-546
Hyper-V Administrators              S-1-5-32-578
IIS_IUSRS                           S-1-5-32-568
Network Configuration Operators     S-1-5-32-556
Performance Log Users               S-1-5-32-559
Performance Monitor Users           S-1-5-32-558
Power Users                         S-1-5-32-547
Remote Desktop Users                S-1-5-32-555
Remote Management Users             S-1-5-32-580
Replicator                          S-1-5-32-552
System Managed Accounts Group       S-1-5-32-581
Users                               S-1-5-32-545

找到你的用户（组）对应的 SID，拷贝下来，然后运行命令：

icacls <file> /inheritance:r /grant "*<SID>:F"

将 <SID> 替换为你刚刚拷贝的 SID。

注意 SID 前面要有一个 * 号。