Powershell-Modules
/
NTFSSecurity-Module
miroir de https://github.com/raandree/NTFSSecurity
1
0
Bifurcation 0
Code Tickets 0 Versions 3 Wiki Activité
Vous ne pouvez pas sélectionner plus de 25 sujets Les noms de sujets doivent commencer par une lettre ou un nombre, peuvent contenir des tirets ('-') et peuvent comporter jusqu'à 35 caractères.
98 Révisions
3 Branches
10 MiB
Branche: master
Branches Tags
${ item.name }
Créer la branche ${ searchTerm }
de 'master'
${ noResults }
NTFSSecurity-Module/Docs/Cmdlets/Add-NTFSAccess.md

Add-NTFSAccess.md 12 KiB
Brut Lien permanent Vue normale Historique

initial commit
il y a 4 ans
Finished
il y a 4 ans
initial commit
il y a 4 ans
fixed markdown linting
il y a 4 ans
initial commit
il y a 4 ans
removed md fixes to fix docs build
il y a 4 ans
initial commit
il y a 4 ans
removed md fixes to fix docs build
il y a 4 ans
initial commit
il y a 4 ans
removed md fixes to fix docs build
il y a 4 ans
initial commit
il y a 4 ans
removed md fixes to fix docs build
il y a 4 ans
initial commit
il y a 4 ans
fixed markdown linting
il y a 4 ans
added primer on permissions
il y a 4 ans
initial commit
il y a 4 ans
added primer on permissions
il y a 4 ans
fixed markdown linting
il y a 4 ans
initial commit
il y a 4 ans
added primer on permissions
il y a 4 ans
more examples
il y a 4 ans
added primer on permissions
il y a 4 ans
initial commit
il y a 4 ans
fixed markdown linting
il y a 4 ans
initial commit
il y a 4 ans
fixed markdown linting
il y a 4 ans
description updates
il y a 4 ans
initial commit
il y a 4 ans
fixed markdown linting
il y a 4 ans
Finished
il y a 4 ans
initial commit
il y a 4 ans
fixed markdown linting
il y a 4 ans
Finished
il y a 4 ans
initial commit
il y a 4 ans
fixed markdown linting
il y a 4 ans
Finished
il y a 4 ans
initial commit
il y a 4 ans
fixed markdown linting
il y a 4 ans
description updates
il y a 4 ans
initial commit
il y a 4 ans
fixed markdown linting
il y a 4 ans
Finished
il y a 4 ans
initial commit
il y a 4 ans
fixed markdown linting
il y a 4 ans
Finished
il y a 4 ans
initial commit
il y a 4 ans
 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288 
  1. ---

  2. external help file: NTFSSecurity.dll-Help.xml

  3. Module Name: NTFSSecurity

  4. online version:

  5. schema: 2.0.0

  6. ---

  7. 

  8. # Add-NTFSAccess

  9. 

  10. ## SYNOPSIS

  11. 

  12. Adds an access control entry (ACE) to an object.

  13. 

  14. ## SYNTAX

  15. 

  16. ### PathComplex (Default)

  17. ```

  18. Add-NTFSAccess [-Path] <String[]> [-Account] <IdentityReference2[]> [-AccessRights] <FileSystemRights2>

  19.  [-AccessType <AccessControlType>] [-InheritanceFlags <InheritanceFlags>]

  20.  [-PropagationFlags <PropagationFlags>] [-PassThru] [<CommonParameters>]

  21. ```

  22. 

  23. ### PathSimple

  24. ```

  25. Add-NTFSAccess [-Path] <String[]> [-Account] <IdentityReference2[]> [-AccessRights] <FileSystemRights2>

  26.  [-AccessType <AccessControlType>] [-AppliesTo <ApplyTo>] [-PassThru] [<CommonParameters>]

  27. ```

  28. 

  29. ### SDSimple

  30. ```

  31. Add-NTFSAccess [-SecurityDescriptor] <FileSystemSecurity2[]> [-Account] <IdentityReference2[]>

  32.  [-AccessRights] <FileSystemRights2> [-AccessType <AccessControlType>] [-AppliesTo <ApplyTo>] [-PassThru]

  33.  [<CommonParameters>]

  34. ```

  35. 

  36. ### SDComplex

  37. ```

  38. Add-NTFSAccess [-SecurityDescriptor] <FileSystemSecurity2[]> [-Account] <IdentityReference2[]>

  39.  [-AccessRights] <FileSystemRights2> [-AccessType <AccessControlType>] [-InheritanceFlags <InheritanceFlags>]

  40.  [-PropagationFlags <PropagationFlags>] [-PassThru] [<CommonParameters>]

  41. ```

  42. 

  43. ## DESCRIPTION

  44. 

  45. Adds an access control entry (ACE) to an object such as a file or folder. NTFSSecurity allows you to apply basic permission groups (read, read/write, full) or advanced permissions that allow you to get granular with the permissions. See the below table for how the basic permissions map to the advanced permissions, and how NTFSSecurity handles them.

  46. 

  47. | NTFSSecurity         | AccessRight displayed        | Advanced Security Window                                                                                                  |

  48. |------------------------------|------------------------------|---------------------------------------------------------------------------------------------------------------------------|

  49. | ReadData                     | ListDirectory                | List Folder / Read Data                                                                                                   |

  50. | ListDirectory                | ListDirectory                | List Folder / Read Data                                                                                                   |

  51. | WriteData                    | CreateFile                   | Create Files / Write Data                                                                                                 |

  52. | CreateFiles                  | CreateFile                   | Create Files / Write Data                                                                                                 |

  53. | AppendData                   | CreateDirectories            | Create Folders / Append Data                                                                                              |

  54. | CreateDirectories            | CreateDirectories            | Create Folders / Append Data                                                                                              |

  55. | ReadExtendedAttributes       | ReadExtendedAttributes       | Read Extended Attributes                                                                                                  |

  56. | WriteExtendedAttributes      | WriteExtendedAttributes      | WriteExtendedAttributes                                                                                                   |

  57. | ExecuteFile                  | Traverse                     | Traverse Folder / Execute File                                                                                            |

  58. | Traverse                     | Traverse                     | Traverse Folder / Execute File                                                                                            |

  59. | DeleteSubdirectoriesAndFiles | DeleteSubdirectoriesAndFiles | Delete Sub-folders and Files                                                                                              |

  60. | ReadAttributes               | ReadAttributes               | Read Attributes                                                                                                           |

  61. | WriteAttributes              | WriteAttributes              | Write Attributes                                                                                                          |

  62. | Write                        | Write                        |  Create Files / Write Data,   Create Folders / Append Data,   Write-Attributes, Write Extended Attributes                 |

  63. | Delete                       | Delete                       | Delete                                                                                                                    |

  64. | ReadPermissions              | ReadPermissions              | Read Permissions                                                                                                          |

  65. | Read                         | Read                         |  List Folder / Read Data, Read Attributes,   Read Extended Attributes, Read Permissions                                   |

  66. | ReadAndExecute               | ReadAndExecute               |  Traverse Folder / Execute File,   List Folder / Read Data, Read Attributes,   Read Extended Attributes, Read Permissions |

  67. | Modify                       | Modify                       |  Everything except Full Control,   Delete SubFolders and Files,   Change Permissions, Take Ownership                      |

  68. | ChangePermissions            | ChangePermissions            | Change Permissions                                                                                                        |

  69. 

  70. ## EXAMPLES

  71. 

  72. ### Example 1

  73. 

  74. ```PowerShell

  75. PS C:\> Add-NTFSAccess -Path C:\Data -Account 'NT AUTHORITY\Authenticated Users' -AccessRights Read

  76. ```

  77. 

  78. The above command gives the read permissions to the built-in group of 'Authenticated users'.

  79. 

  80. ### Example 2

  81. 

  82. ```PowerShell

  83. PS C:\> Add-NTFSAccess -Path C:\Data -Account 'Contoso\Domain Admins' -AccessRights Full

  84. ```

  85. 

  86. The above command gives full permissions to the domain administrators group in the contoso active directory.

  87. 

  88. ### Example 3

  89. 

  90. ```PowerShell

  91. PS C:\> Add-NTFSAccess -Path C:\Data -Account 'NT AUTHORITY\Authenticated Users' -AccessRights CreateFiles -AccessType Deny -AppliesTo ThisFolderOnly

  92. ```

  93. 

  94. The above command denies the the built-in group of 'Authenticated users' from creating files in this folder only.

  95. 

  96. ## PARAMETERS

  97. 

  98. ### -AccessRights

  99. 

  100. The AccessRights parameter designates the permissions to assign. There are individual permissions as well as 'basic' permissions. See the below table for how the basic permissions permissions map the the advanced permissions in the advanced security window.

  101. 

  102. ```yaml

  103. Type: FileSystemRights2

  104. Parameter Sets: (All)

  105. Aliases: FileSystemRights

  106. Accepted values: None, ReadData, ListDirectory, WriteData, CreateFiles, AppendData, CreateDirectories, ReadExtendedAttributes, WriteExtendedAttributes, ExecuteFile, Traverse, DeleteSubdirectoriesAndFiles, ReadAttributes, WriteAttributes, Write, Delete, ReadPermissions, Read, ReadAndExecute, Modify, ChangePermissions, TakeOwnership, Synchronize, FullControl, GenericAll, GenericExecute, GenericWrite, GenericRead

  107. 

  108. Required: True

  109. Position: 3

  110. Default value: None

  111. Accept pipeline input: True (ByPropertyName)

  112. Accept wildcard characters: False

  113. ```

  114. 

  115. ### -AccessType

  116. 

  117. The AccessType parameter determines if the ACE allows or denies the permissions assigned.

  118. 

  119. ```yaml

  120. Type: AccessControlType

  121. Parameter Sets: (All)

  122. Aliases: AccessControlType

  123. Accepted values: Allow, Deny

  124. 

  125. Required: False

  126. Position: Named

  127. Default value: None

  128. Accept pipeline input: True (ByPropertyName)

  129. Accept wildcard characters: False

  130. ```

  131. 

  132. ### -Account

  133. 

  134. The Account parameter defines the account or group to apply the permissions to.

  135. 

  136. ```yaml

  137. Type: IdentityReference2[]

  138. Parameter Sets: (All)

  139. Aliases: IdentityReference, ID

  140. 

  141. Required: True

  142. Position: 2

  143. Default value: None

  144. Accept pipeline input: True (ByPropertyName)

  145. Accept wildcard characters: False

  146. ```

  147. 

  148. ### -AppliesTo

  149. 

  150. The AppliesTo parameter defines where the permissions apply to and if there is any inheritance e.g "this folder only" or "this folder and subfolders".

  151. 

  152. ```yaml

  153. Type: ApplyTo

  154. Parameter Sets: PathSimple, SDSimple

  155. Aliases:

  156. Accepted values: ThisFolderOnly, ThisFolderSubfoldersAndFiles, ThisFolderAndSubfolders, ThisFolderAndFiles, SubfoldersAndFilesOnly, SubfoldersOnly, FilesOnly, ThisFolderSubfoldersAndFilesOneLevel, ThisFolderAndSubfoldersOneLevel, ThisFolderAndFilesOneLevel, SubfoldersAndFilesOnlyOneLevel, SubfoldersOnlyOneLevel, FilesOnlyOneLevel

  157. 

  158. Required: False

  159. Position: Named

  160. Default value: None

  161. Accept pipeline input: True (ByPropertyName)

  162. Accept wildcard characters: False

  163. ```

  164. 

  165. ### -InheritanceFlags

  166. 

  167. The InheritanceFlags parameter defines the inheritance of the ACLs.

  168. 

  169. ObjectInherit will apply the ACE to files and folders in the folder defined by the Path parameter.

  170. 

  171. ContainerInherit will apply the ACE to subfolders but not files.

  172. 

  173. There is more information on Microsoft Docs [here](https://docs.microsoft.com/en-us/previous-versions/dotnet/netframework-4.0/ms229747(v=vs.100)?redirectedfrom=MSDN)

  174. 

  175. ```yaml

  176. Type: InheritanceFlags

  177. Parameter Sets: PathComplex, SDComplex

  178. Aliases:

  179. Accepted values: None, ContainerInherit, ObjectInherit

  180. 

  181. Required: False

  182. Position: Named

  183. Default value: None

  184. Accept pipeline input: True (ByPropertyName)

  185. Accept wildcard characters: False

  186. ```

  187. 

  188. ### -PassThru

  189. 

  190. The PassThru parameter will return the new permissions as a table. If the PassThru parameter is omitted, there is no information returned if the operation was successful.

  191. 

  192. ```yaml

  193. Type: SwitchParameter

  194. Parameter Sets: (All)

  195. Aliases:

  196. 

  197. Required: False

  198. Position: Named

  199. Default value: None

  200. Accept pipeline input: False

  201. Accept wildcard characters: False

  202. ```

  203. 

  204. ### -Path

  205. 

  206. The Path parameter defines where the file or container exists.

  207. 

  208. ```yaml

  209. Type: String[]

  210. Parameter Sets: PathComplex, PathSimple

  211. Aliases: FullName

  212. 

  213. Required: True

  214. Position: 1

  215. Default value: None

  216. Accept pipeline input: True (ByPropertyName, ByValue)

  217. Accept wildcard characters: False

  218. ```

  219. 

  220. ### -PropagationFlags

  221. 

  222. The PropagationFlags parameter defines how the ACE is propagated to child objects.

  223. 

  224. Inherit specifies that the ACE is propagated only to child objects. This includes both folder and file child objects.

  225. 

  226. NoPropagateInherit specifies that the ACE is not propagated to child objects.

  227. 

  228. None specifies that no inheritance flags are set.

  229. 

  230. ```yaml

  231. Type: PropagationFlags

  232. Parameter Sets: PathComplex, SDComplex

  233. Aliases:

  234. Accepted values: None, NoPropagateInherit, InheritOnly

  235. 

  236. Required: False

  237. Position: Named

  238. Default value: None

  239. Accept pipeline input: True (ByPropertyName)

  240. Accept wildcard characters: False

  241. ```

  242. 

  243. ### -SecurityDescriptor

  244. 

  245. The SecurityDescriptor parameter allows passing an security descriptor or an array or security descriptors.

  246. 

  247. A security descriptor contains information about the owner of the object, and the primary group of an object. The security descriptor also contains two access control lists (ACL). The first list is called the discretionary access control lists (DACL), and describes who should have access to an object and what type of access to grant. The second list is called the system access control lists (SACL) and defines what type of auditing to record for an object.

  248. 

  249. ```yaml

  250. Type: FileSystemSecurity2[]

  251. Parameter Sets: SDSimple, SDComplex

  252. Aliases:

  253. 

  254. Required: True

  255. Position: 1

  256. Default value: None

  257. Accept pipeline input: True (ByPropertyName, ByValue)

  258. Accept wildcard characters: False

  259. ```

  260. 

  261. ### CommonParameters

  262. This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216).

  263. 

  264. ## INPUTS

  265. 

  266. ### System.String[]

  267. 

  268. ### Security2.FileSystemSecurity2[]

  269. 

  270. ### Security2.IdentityReference2[]

  271. 

  272. ### Security2.FileSystemRights2

  273. 

  274. ### System.Security.AccessControl.AccessControlType

  275. 

  276. ### System.Security.AccessControl.InheritanceFlags

  277. 

  278. ### System.Security.AccessControl.PropagationFlags

  279. 

  280. ### Security2.ApplyTo

  281. 

  282. ## OUTPUTS

  283. 

  284. ### Security2.FileSystemAccessRule2

  285. 

  286. ## NOTES

  287. 

  288. ## RELATED LINKS