Powershell-Modules
/
NTFSSecurity-Module
mirror of https://github.com/raandree/NTFSSecurity
1
0
Fork 0
Code Issues 0 Releases 3 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
85 Commits
3 Branches
10 MiB
Tree: 28289c442e
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '28289c442e'
${ noResults }
NTFSSecurity-Module/Docs/Cmdlets/Add-NTFSAccess.md

Add-NTFSAccess.md 11 KiB
Raw Normal View History

initial commit
5 years ago
fixed markdown linting
5 years ago
initial commit
5 years ago
removed md fixes to fix docs build
5 years ago
initial commit
5 years ago
removed md fixes to fix docs build
5 years ago
initial commit
5 years ago
removed md fixes to fix docs build
5 years ago
initial commit
5 years ago
removed md fixes to fix docs build
5 years ago
initial commit
5 years ago
fixed markdown linting
5 years ago
added primer on permissions
5 years ago
initial commit
5 years ago
added primer on permissions
5 years ago
fixed markdown linting
5 years ago
initial commit
5 years ago
added primer on permissions
5 years ago
more examples
5 years ago
added primer on permissions
5 years ago
initial commit
5 years ago
fixed markdown linting
5 years ago
initial commit
5 years ago
fixed markdown linting
5 years ago
description updates
5 years ago
initial commit
5 years ago
fixed markdown linting
5 years ago
description updates
5 years ago
initial commit
5 years ago
fixed markdown linting
5 years ago
initial commit
5 years ago
fixed markdown linting
5 years ago
initial commit
5 years ago
fixed markdown linting
5 years ago
description updates
5 years ago
initial commit
5 years ago
fixed markdown linting
5 years ago
initial commit
5 years ago
fixed markdown linting
5 years ago
initial commit
5 years ago
 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274 
  1. ---

  2. external help file: NTFSSecurity.dll-Help.xml

  3. Module Name: ntfssecurity

  4. online version:

  5. schema: 2.0.0

  6. ---

  7. 

  8. # Add-NTFSAccess

  9. 

  10. ## SYNOPSIS

  11. 

  12. Adds an access control entry (ACE) to an object.

  13. 

  14. ## SYNTAX

  15. 

  16. ### PathComplex (Default)

  17. ```

  18. Add-NTFSAccess [-Path] <String[]> [-Account] <IdentityReference2[]> [-AccessRights] <FileSystemRights2>

  19.  [-AccessType <AccessControlType>] [-InheritanceFlags <InheritanceFlags>]

  20.  [-PropagationFlags <PropagationFlags>] [-PassThru] [<CommonParameters>]

  21. ```

  22. 

  23. ### PathSimple

  24. ```

  25. Add-NTFSAccess [-Path] <String[]> [-Account] <IdentityReference2[]> [-AccessRights] <FileSystemRights2>

  26.  [-AccessType <AccessControlType>] [-AppliesTo <ApplyTo>] [-PassThru] [<CommonParameters>]

  27. ```

  28. 

  29. ### SDSimple

  30. ```

  31. Add-NTFSAccess [-SecurityDescriptor] <FileSystemSecurity2[]> [-Account] <IdentityReference2[]>

  32.  [-AccessRights] <FileSystemRights2> [-AccessType <AccessControlType>] [-AppliesTo <ApplyTo>] [-PassThru]

  33.  [<CommonParameters>]

  34. ```

  35. 

  36. ### SDComplex

  37. ```

  38. Add-NTFSAccess [-SecurityDescriptor] <FileSystemSecurity2[]> [-Account] <IdentityReference2[]>

  39.  [-AccessRights] <FileSystemRights2> [-AccessType <AccessControlType>] [-InheritanceFlags <InheritanceFlags>]

  40.  [-PropagationFlags <PropagationFlags>] [-PassThru] [<CommonParameters>]

  41. ```

  42. 

  43. ## DESCRIPTION

  44. 

  45. Adds an access control entry (ACE) to an object such as a file or folder. NTFSSecurity allows you to apply basic permission groups (read, read/write, full) or advanced permissions that allow you to get granular with the permissions. See the below table for how the basic permissions map to the advanced permissions, and how NTFSSecurity handles them.

  46. 

  47. | NTFSSecurity         | AccessRight displayed        | Advanced Security Window                                                                                                  |

  48. |------------------------------|------------------------------|---------------------------------------------------------------------------------------------------------------------------|

  49. | ReadData                     | ListDirectory                | List Folder / Read Data                                                                                                   |

  50. | ListDirectory                | ListDirectory                | List Folder / Read Data                                                                                                   |

  51. | WriteData                    | CreateFile                   | Create Files / Write Data                                                                                                 |

  52. | CreateFiles                  | CreateFile                   | Create Files / Write Data                                                                                                 |

  53. | AppendData                   | CreateDirectories            | Create Folders / Append Data                                                                                              |

  54. | CreateDirectories            | CreateDirectories            | Create Folders / Append Data                                                                                              |

  55. | ReadExtendedAttributes       | ReadExtendedAttributes       | Read Extended Attributes                                                                                                  |

  56. | WriteExtendedAttributes      | WriteExtendedAttributes      | WriteExtendedAttributes                                                                                                   |

  57. | ExecuteFile                  | Traverse                     | Traverse Folder / Execute File                                                                                            |

  58. | Traverse                     | Traverse                     | Traverse Folder / Execute File                                                                                            |

  59. | DeleteSubdirectoriesAndFiles | DeleteSubdirectoriesAndFiles | Delete Sub-folders and Files                                                                                              |

  60. | ReadAttributes               | ReadAttributes               | Read Attributes                                                                                                           |

  61. | WriteAttributes              | WriteAttributes              | Write Attributes                                                                                                          |

  62. | Write                        | Write                        |  Create Files / Write Data,   Create Folders / Append Data,   Write-Attributes, Write Extended Attributes                 |

  63. | Delete                       | Delete                       | Delete                                                                                                                    |

  64. | ReadPermissions              | ReadPermissions              | Read Permissions                                                                                                          |

  65. | Read                         | Read                         |  List Folder / Read Data, Read Attributes,   Read Extended Attributes, Read Permissions                                   |

  66. | ReadAndExecute               | ReadAndExecute               |  Traverse Folder / Execute File,   List Folder / Read Data, Read Attributes,   Read Extended Attributes, Read Permissions |

  67. | Modify                       | Modify                       |  Everything except Full Control,   Delete SubFolders and Files,   Change Permissions, Take Ownership                      |

  68. | ChangePermissions            | ChangePermissions            | Change Permissions                                                                                                        |

  69. 

  70. ## EXAMPLES

  71. 

  72. ### Example 1

  73. 

  74. ```PowerShell

  75. PS C:\> Add-NTFSAccess -Path C:\Data -Account 'NT AUTHORITY\Authenticated Users' -AccessRights Read

  76. ```

  77. 

  78. The above command gives the read permissions to the built-in group of 'Authenticated users'.

  79. 

  80. ### Example 2

  81. 

  82. ```PowerShell

  83. PS C:\> Add-NTFSAccess -Path C:\Data -Account 'Contoso\Domain Admins' -AccessRights Full

  84. ```

  85. 

  86. The above command gives full permissions to the domain administrators group in the contoso active directory.

  87. 

  88. ### Example 3

  89. 

  90. ```PowerShell

  91. PS C:\> Add-NTFSAccess -Path C:\Data -Account 'NT AUTHORITY\Authenticated Users' -AccessRights CreateFiles -AccessType Deny -AppliesTo ThisFolderOnly

  92. ```

  93. 

  94. The above command denies the the built-in group of 'Authenticated users' from creating files in this folder only.

  95. 

  96. ## PARAMETERS

  97. 

  98. ### -AccessRights

  99. 

  100. The AccessRights parameter designates the permissions to assign. There are individual permissions as well as 'basic' permissions. See the below table for how the basic permissions permissions map the the advanced permissions in the advanced security window.

  101. 

  102. ```yaml

  103. Type: FileSystemRights2

  104. Parameter Sets: (All)

  105. Aliases: FileSystemRights

  106. Accepted values: None, ReadData, ListDirectory, WriteData, CreateFiles, AppendData, CreateDirectories, ReadExtendedAttributes, WriteExtendedAttributes, ExecuteFile, Traverse, DeleteSubdirectoriesAndFiles, ReadAttributes, WriteAttributes, Write, Delete, ReadPermissions, Read, ReadAndExecute, Modify, ChangePermissions, TakeOwnership, Synchronize, FullControl, GenericAll, GenericExecute, GenericWrite, GenericRead

  107. 

  108. Required: True

  109. Position: 3

  110. Default value: None

  111. Accept pipeline input: True (ByPropertyName)

  112. Accept wildcard characters: False

  113. ```

  114. 

  115. ### -AccessType

  116. 

  117. The AccessType parameter determines if the ACE allows or denies the permissions assigned.

  118. 

  119. ```yaml

  120. Type: AccessControlType

  121. Parameter Sets: (All)

  122. Aliases: AccessControlType

  123. Accepted values: Allow, Deny

  124. 

  125. Required: False

  126. Position: Named

  127. Default value: None

  128. Accept pipeline input: True (ByPropertyName)

  129. Accept wildcard characters: False

  130. ```

  131. 

  132. ### -Account

  133. 

  134. The Account parameter defines the account or group to apply the permissions to.

  135. 

  136. ```yaml

  137. Type: IdentityReference2[]

  138. Parameter Sets: (All)

  139. Aliases: IdentityReference, ID

  140. 

  141. Required: True

  142. Position: 2

  143. Default value: None

  144. Accept pipeline input: True (ByPropertyName)

  145. Accept wildcard characters: False

  146. ```

  147. 

  148. ### -AppliesTo

  149. 

  150. The AppliesTo parameter defines where the permissions apply to and if there is any inheritance e.g this folder and subfolders.

  151. 

  152. ```yaml

  153. Type: ApplyTo

  154. Parameter Sets: PathSimple, SDSimple

  155. Aliases:

  156. Accepted values: ThisFolderOnly, ThisFolderSubfoldersAndFiles, ThisFolderAndSubfolders, ThisFolderAndFiles, SubfoldersAndFilesOnly, SubfoldersOnly, FilesOnly, ThisFolderSubfoldersAndFilesOneLevel, ThisFolderAndSubfoldersOneLevel, ThisFolderAndFilesOneLevel, SubfoldersAndFilesOnlyOneLevel, SubfoldersOnlyOneLevel, FilesOnlyOneLevel

  157. 

  158. Required: False

  159. Position: Named

  160. Default value: None

  161. Accept pipeline input: True (ByPropertyName)

  162. Accept wildcard characters: False

  163. ```

  164. 

  165. ### -InheritanceFlags

  166. 

  167. {{ Fill InheritanceFlags Description }}

  168. 

  169. ```yaml

  170. Type: InheritanceFlags

  171. Parameter Sets: PathComplex, SDComplex

  172. Aliases:

  173. Accepted values: None, ContainerInherit, ObjectInherit

  174. 

  175. Required: False

  176. Position: Named

  177. Default value: None

  178. Accept pipeline input: True (ByPropertyName)

  179. Accept wildcard characters: False

  180. ```

  181. 

  182. ### -PassThru

  183. 

  184. {{ Fill PassThru Description }}

  185. 

  186. ```yaml

  187. Type: SwitchParameter

  188. Parameter Sets: (All)

  189. Aliases:

  190. 

  191. Required: False

  192. Position: Named

  193. Default value: None

  194. Accept pipeline input: False

  195. Accept wildcard characters: False

  196. ```

  197. 

  198. ### -Path

  199. 

  200. The Path parameter defines where the file or container exists.

  201. 

  202. ```yaml

  203. Type: String[]

  204. Parameter Sets: PathComplex, PathSimple

  205. Aliases: FullName

  206. 

  207. Required: True

  208. Position: 1

  209. Default value: None

  210. Accept pipeline input: True (ByPropertyName, ByValue)

  211. Accept wildcard characters: False

  212. ```

  213. 

  214. ### -PropagationFlags

  215. 

  216. {{ Fill PropagationFlags Description }}

  217. 

  218. ```yaml

  219. Type: PropagationFlags

  220. Parameter Sets: PathComplex, SDComplex

  221. Aliases:

  222. Accepted values: None, NoPropagateInherit, InheritOnly

  223. 

  224. Required: False

  225. Position: Named

  226. Default value: None

  227. Accept pipeline input: True (ByPropertyName)

  228. Accept wildcard characters: False

  229. ```

  230. 

  231. ### -SecurityDescriptor

  232. 

  233. {{ Fill SecurityDescriptor Description }}

  234. 

  235. ```yaml

  236. Type: FileSystemSecurity2[]

  237. Parameter Sets: SDSimple, SDComplex

  238. Aliases:

  239. 

  240. Required: True

  241. Position: 1

  242. Default value: None

  243. Accept pipeline input: True (ByPropertyName, ByValue)

  244. Accept wildcard characters: False

  245. ```

  246. 

  247. ### CommonParameters

  248. This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216).

  249. 

  250. ## INPUTS

  251. 

  252. ### System.String[]

  253. 

  254. ### Security2.FileSystemSecurity2[]

  255. 

  256. ### Security2.IdentityReference2[]

  257. 

  258. ### Security2.FileSystemRights2

  259. 

  260. ### System.Security.AccessControl.AccessControlType

  261. 

  262. ### System.Security.AccessControl.InheritanceFlags

  263. 

  264. ### System.Security.AccessControl.PropagationFlags

  265. 

  266. ### Security2.ApplyTo

  267. 

  268. ## OUTPUTS

  269. 

  270. ### Security2.FileSystemAccessRule2

  271. 

  272. ## NOTES

  273. 

  274. ## RELATED LINKS