You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

Add-NTFSAccess.md 10 KiB

5 years ago
5 years ago
5 years ago
5 years ago
5 years ago
5 years ago
5 years ago
5 years ago
5 years ago
5 years ago
5 years ago
5 years ago
5 years ago
5 years ago
5 years ago
5 years ago
5 years ago
123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258
  1. ---
  2. external help file: NTFSSecurity.dll-Help.xml
  3. Module Name: ntfssecurity
  4. online version:
  5. schema: 2.0.0
  6. ---
  7. # Add-NTFSAccess
  8. ## SYNOPSIS
  9. Adds an access control entry (ACE) to an object.
  10. ## SYNTAX
  11. ### PathComplex (Default)
  12. ```
  13. Add-NTFSAccess [-Path] <String[]> [-Account] <IdentityReference2[]> [-AccessRights] <FileSystemRights2>
  14. [-AccessType <AccessControlType>] [-InheritanceFlags <InheritanceFlags>]
  15. [-PropagationFlags <PropagationFlags>] [-PassThru] [<CommonParameters>]
  16. ```
  17. ### PathSimple
  18. ```
  19. Add-NTFSAccess [-Path] <String[]> [-Account] <IdentityReference2[]> [-AccessRights] <FileSystemRights2>
  20. [-AccessType <AccessControlType>] [-AppliesTo <ApplyTo>] [-PassThru] [<CommonParameters>]
  21. ```
  22. ### SDSimple
  23. ```
  24. Add-NTFSAccess [-SecurityDescriptor] <FileSystemSecurity2[]> [-Account] <IdentityReference2[]>
  25. [-AccessRights] <FileSystemRights2> [-AccessType <AccessControlType>] [-AppliesTo <ApplyTo>] [-PassThru]
  26. [<CommonParameters>]
  27. ```
  28. ### SDComplex
  29. ```
  30. Add-NTFSAccess [-SecurityDescriptor] <FileSystemSecurity2[]> [-Account] <IdentityReference2[]>
  31. [-AccessRights] <FileSystemRights2> [-AccessType <AccessControlType>] [-InheritanceFlags <InheritanceFlags>]
  32. [-PropagationFlags <PropagationFlags>] [-PassThru] [<CommonParameters>]
  33. ```
  34. ## DESCRIPTION
  35. Adds an access control entry (ACE) to an object such as a file or folder. NTFSSecurity allows you to apply basic permission groups (read, read/write, full) or advanced permissions that allow you to get granular with the permissions. See the below table for how the basic permissions map to the advanced permissions, and how NTFSSecurity handles them.
  36. | NTFSSecurity | AccessRight displayed | Advanced Security Window |
  37. |------------------------------|------------------------------|---------------------------------------------------------------------------------------------------------------------------|
  38. | ReadData | ListDirectory | List Folder / Read Data |
  39. | ListDirectory | ListDirectory | List Folder / Read Data |
  40. | WriteData | CreateFile | Create Files / Write Data |
  41. | CreateFiles | CreateFile | Create Files / Write Data |
  42. | AppendData | CreateDirectories | Create Folders / Append Data |
  43. | CreateDirectories | CreateDirectories | Create Folders / Append Data |
  44. | ReadExtendedAttributes | ReadExtendedAttributes | Read Extended Attributes |
  45. | WriteExtendedAttributes | WriteExtendedAttributes | WriteExtendedAttributes |
  46. | ExecuteFile | Traverse | Traverse Folder / Execute File |
  47. | Traverse | Traverse | Traverse Folder / Execute File |
  48. | DeleteSubdirectoriesAndFiles | DeleteSubdirectoriesAndFiles | Delete Sub-folders and Files |
  49. | ReadAttributes | ReadAttributes | Read Attributes |
  50. | WriteAttributes | WriteAttributes | Write Attributes |
  51. | Write | Write | Create Files / Write Data, Create Folders / Append Data, Write-Attributes, Write Extended Attributes |
  52. | Delete | Delete | Delete |
  53. | ReadPermissions | ReadPermissions | Read Permissions |
  54. | Read | Read | List Folder / Read Data, Read Attributes, Read Extended Attributes, Read Permissions |
  55. | ReadAndExecute | ReadAndExecute | Traverse Folder / Execute File, List Folder / Read Data, Read Attributes, Read Extended Attributes, Read Permissions |
  56. | Modify | Modify | Everything except Full Control, Delete SubFolders and Files, Change Permissions, Take Ownership |
  57. | ChangePermissions | ChangePermissions | Change Permissions |
  58. ## EXAMPLES
  59. ### Example 1
  60. ```PowerShell
  61. PS C:\> Add-NTFSAccess -Path C:\Data -Account 'NT AUTHORITY\Authenticated Users' -AccessRights Read
  62. ```
  63. The above command gives the read permissions to the built-in group of 'Authenticated users'
  64. ## PARAMETERS
  65. ### -AccessRights
  66. The AccessRights parameter designates the permissions to assign. There are individual permissions as well as 'basic' permissions. See the below table for how the basic permissions permissions map the the advanced permissions in the advanced security window.
  67. ```yaml
  68. Type: FileSystemRights2
  69. Parameter Sets: (All)
  70. Aliases: FileSystemRights
  71. Accepted values: None, ReadData, ListDirectory, WriteData, CreateFiles, AppendData, CreateDirectories, ReadExtendedAttributes, WriteExtendedAttributes, ExecuteFile, Traverse, DeleteSubdirectoriesAndFiles, ReadAttributes, WriteAttributes, Write, Delete, ReadPermissions, Read, ReadAndExecute, Modify, ChangePermissions, TakeOwnership, Synchronize, FullControl, GenericAll, GenericExecute, GenericWrite, GenericRead
  72. Required: True
  73. Position: 3
  74. Default value: None
  75. Accept pipeline input: True (ByPropertyName)
  76. Accept wildcard characters: False
  77. ```
  78. ### -AccessType
  79. The AccessType parameter determines if the ACE allows or denies the permissions assigned.
  80. ```yaml
  81. Type: AccessControlType
  82. Parameter Sets: (All)
  83. Aliases: AccessControlType
  84. Accepted values: Allow, Deny
  85. Required: False
  86. Position: Named
  87. Default value: None
  88. Accept pipeline input: True (ByPropertyName)
  89. Accept wildcard characters: False
  90. ```
  91. ### -Account
  92. {{ Fill Account Description }}
  93. ```yaml
  94. Type: IdentityReference2[]
  95. Parameter Sets: (All)
  96. Aliases: IdentityReference, ID
  97. Required: True
  98. Position: 2
  99. Default value: None
  100. Accept pipeline input: True (ByPropertyName)
  101. Accept wildcard characters: False
  102. ```
  103. ### -AppliesTo
  104. {{ Fill AppliesTo Description }}
  105. ```yaml
  106. Type: ApplyTo
  107. Parameter Sets: PathSimple, SDSimple
  108. Aliases:
  109. Accepted values: ThisFolderOnly, ThisFolderSubfoldersAndFiles, ThisFolderAndSubfolders, ThisFolderAndFiles, SubfoldersAndFilesOnly, SubfoldersOnly, FilesOnly, ThisFolderSubfoldersAndFilesOneLevel, ThisFolderAndSubfoldersOneLevel, ThisFolderAndFilesOneLevel, SubfoldersAndFilesOnlyOneLevel, SubfoldersOnlyOneLevel, FilesOnlyOneLevel
  110. Required: False
  111. Position: Named
  112. Default value: None
  113. Accept pipeline input: True (ByPropertyName)
  114. Accept wildcard characters: False
  115. ```
  116. ### -InheritanceFlags
  117. {{ Fill InheritanceFlags Description }}
  118. ```yaml
  119. Type: InheritanceFlags
  120. Parameter Sets: PathComplex, SDComplex
  121. Aliases:
  122. Accepted values: None, ContainerInherit, ObjectInherit
  123. Required: False
  124. Position: Named
  125. Default value: None
  126. Accept pipeline input: True (ByPropertyName)
  127. Accept wildcard characters: False
  128. ```
  129. ### -PassThru
  130. {{ Fill PassThru Description }}
  131. ```yaml
  132. Type: SwitchParameter
  133. Parameter Sets: (All)
  134. Aliases:
  135. Required: False
  136. Position: Named
  137. Default value: None
  138. Accept pipeline input: False
  139. Accept wildcard characters: False
  140. ```
  141. ### -Path
  142. {{ Fill Path Description }}
  143. ```yaml
  144. Type: String[]
  145. Parameter Sets: PathComplex, PathSimple
  146. Aliases: FullName
  147. Required: True
  148. Position: 1
  149. Default value: None
  150. Accept pipeline input: True (ByPropertyName, ByValue)
  151. Accept wildcard characters: False
  152. ```
  153. ### -PropagationFlags
  154. {{ Fill PropagationFlags Description }}
  155. ```yaml
  156. Type: PropagationFlags
  157. Parameter Sets: PathComplex, SDComplex
  158. Aliases:
  159. Accepted values: None, NoPropagateInherit, InheritOnly
  160. Required: False
  161. Position: Named
  162. Default value: None
  163. Accept pipeline input: True (ByPropertyName)
  164. Accept wildcard characters: False
  165. ```
  166. ### -SecurityDescriptor
  167. {{ Fill SecurityDescriptor Description }}
  168. ```yaml
  169. Type: FileSystemSecurity2[]
  170. Parameter Sets: SDSimple, SDComplex
  171. Aliases:
  172. Required: True
  173. Position: 1
  174. Default value: None
  175. Accept pipeline input: True (ByPropertyName, ByValue)
  176. Accept wildcard characters: False
  177. ```
  178. ### CommonParameters
  179. This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216).
  180. ## INPUTS
  181. ### System.String[]
  182. ### Security2.FileSystemSecurity2[]
  183. ### Security2.IdentityReference2[]
  184. ### Security2.FileSystemRights2
  185. ### System.Security.AccessControl.AccessControlType
  186. ### System.Security.AccessControl.InheritanceFlags
  187. ### System.Security.AccessControl.PropagationFlags
  188. ### Security2.ApplyTo
  189. ## OUTPUTS
  190. ### Security2.FileSystemAccessRule2
  191. ## NOTES
  192. ## RELATED LINKS