Ви не можете вибрати більше 25 тем Теми мають розпочинатися з літери або цифри, можуть містити дефіси (-) і не повинні перевищувати 35 символів.

5 роки тому
4 роки тому
5 роки тому
5 роки тому
5 роки тому
5 роки тому
5 роки тому
5 роки тому
5 роки тому
5 роки тому
5 роки тому
5 роки тому
5 роки тому
5 роки тому
5 роки тому
5 роки тому
5 роки тому
5 роки тому
5 роки тому
5 роки тому
5 роки тому
5 роки тому
5 роки тому
5 роки тому
5 роки тому
4 роки тому
5 роки тому
5 роки тому
4 роки тому
5 роки тому
5 роки тому
4 роки тому
5 роки тому
5 роки тому
5 роки тому
5 роки тому
5 роки тому
4 роки тому
5 роки тому
5 роки тому
4 роки тому
5 роки тому
123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288
  1. ---
  2. external help file: NTFSSecurity.dll-Help.xml
  3. Module Name: NTFSSecurity
  4. online version:
  5. schema: 2.0.0
  6. ---
  7. # Add-NTFSAccess
  8. ## SYNOPSIS
  9. Adds an access control entry (ACE) to an object.
  10. ## SYNTAX
  11. ### PathComplex (Default)
  12. ```
  13. Add-NTFSAccess [-Path] <String[]> [-Account] <IdentityReference2[]> [-AccessRights] <FileSystemRights2>
  14. [-AccessType <AccessControlType>] [-InheritanceFlags <InheritanceFlags>]
  15. [-PropagationFlags <PropagationFlags>] [-PassThru] [<CommonParameters>]
  16. ```
  17. ### PathSimple
  18. ```
  19. Add-NTFSAccess [-Path] <String[]> [-Account] <IdentityReference2[]> [-AccessRights] <FileSystemRights2>
  20. [-AccessType <AccessControlType>] [-AppliesTo <ApplyTo>] [-PassThru] [<CommonParameters>]
  21. ```
  22. ### SDSimple
  23. ```
  24. Add-NTFSAccess [-SecurityDescriptor] <FileSystemSecurity2[]> [-Account] <IdentityReference2[]>
  25. [-AccessRights] <FileSystemRights2> [-AccessType <AccessControlType>] [-AppliesTo <ApplyTo>] [-PassThru]
  26. [<CommonParameters>]
  27. ```
  28. ### SDComplex
  29. ```
  30. Add-NTFSAccess [-SecurityDescriptor] <FileSystemSecurity2[]> [-Account] <IdentityReference2[]>
  31. [-AccessRights] <FileSystemRights2> [-AccessType <AccessControlType>] [-InheritanceFlags <InheritanceFlags>]
  32. [-PropagationFlags <PropagationFlags>] [-PassThru] [<CommonParameters>]
  33. ```
  34. ## DESCRIPTION
  35. Adds an access control entry (ACE) to an object such as a file or folder. NTFSSecurity allows you to apply basic permission groups (read, read/write, full) or advanced permissions that allow you to get granular with the permissions. See the below table for how the basic permissions map to the advanced permissions, and how NTFSSecurity handles them.
  36. | NTFSSecurity | AccessRight displayed | Advanced Security Window |
  37. |------------------------------|------------------------------|---------------------------------------------------------------------------------------------------------------------------|
  38. | ReadData | ListDirectory | List Folder / Read Data |
  39. | ListDirectory | ListDirectory | List Folder / Read Data |
  40. | WriteData | CreateFile | Create Files / Write Data |
  41. | CreateFiles | CreateFile | Create Files / Write Data |
  42. | AppendData | CreateDirectories | Create Folders / Append Data |
  43. | CreateDirectories | CreateDirectories | Create Folders / Append Data |
  44. | ReadExtendedAttributes | ReadExtendedAttributes | Read Extended Attributes |
  45. | WriteExtendedAttributes | WriteExtendedAttributes | WriteExtendedAttributes |
  46. | ExecuteFile | Traverse | Traverse Folder / Execute File |
  47. | Traverse | Traverse | Traverse Folder / Execute File |
  48. | DeleteSubdirectoriesAndFiles | DeleteSubdirectoriesAndFiles | Delete Sub-folders and Files |
  49. | ReadAttributes | ReadAttributes | Read Attributes |
  50. | WriteAttributes | WriteAttributes | Write Attributes |
  51. | Write | Write | Create Files / Write Data, Create Folders / Append Data, Write-Attributes, Write Extended Attributes |
  52. | Delete | Delete | Delete |
  53. | ReadPermissions | ReadPermissions | Read Permissions |
  54. | Read | Read | List Folder / Read Data, Read Attributes, Read Extended Attributes, Read Permissions |
  55. | ReadAndExecute | ReadAndExecute | Traverse Folder / Execute File, List Folder / Read Data, Read Attributes, Read Extended Attributes, Read Permissions |
  56. | Modify | Modify | Everything except Full Control, Delete SubFolders and Files, Change Permissions, Take Ownership |
  57. | ChangePermissions | ChangePermissions | Change Permissions |
  58. ## EXAMPLES
  59. ### Example 1
  60. ```PowerShell
  61. PS C:\> Add-NTFSAccess -Path C:\Data -Account 'NT AUTHORITY\Authenticated Users' -AccessRights Read
  62. ```
  63. The above command gives the read permissions to the built-in group of 'Authenticated users'.
  64. ### Example 2
  65. ```PowerShell
  66. PS C:\> Add-NTFSAccess -Path C:\Data -Account 'Contoso\Domain Admins' -AccessRights Full
  67. ```
  68. The above command gives full permissions to the domain administrators group in the contoso active directory.
  69. ### Example 3
  70. ```PowerShell
  71. PS C:\> Add-NTFSAccess -Path C:\Data -Account 'NT AUTHORITY\Authenticated Users' -AccessRights CreateFiles -AccessType Deny -AppliesTo ThisFolderOnly
  72. ```
  73. The above command denies the the built-in group of 'Authenticated users' from creating files in this folder only.
  74. ## PARAMETERS
  75. ### -AccessRights
  76. The AccessRights parameter designates the permissions to assign. There are individual permissions as well as 'basic' permissions. See the below table for how the basic permissions permissions map the the advanced permissions in the advanced security window.
  77. ```yaml
  78. Type: FileSystemRights2
  79. Parameter Sets: (All)
  80. Aliases: FileSystemRights
  81. Accepted values: None, ReadData, ListDirectory, WriteData, CreateFiles, AppendData, CreateDirectories, ReadExtendedAttributes, WriteExtendedAttributes, ExecuteFile, Traverse, DeleteSubdirectoriesAndFiles, ReadAttributes, WriteAttributes, Write, Delete, ReadPermissions, Read, ReadAndExecute, Modify, ChangePermissions, TakeOwnership, Synchronize, FullControl, GenericAll, GenericExecute, GenericWrite, GenericRead
  82. Required: True
  83. Position: 3
  84. Default value: None
  85. Accept pipeline input: True (ByPropertyName)
  86. Accept wildcard characters: False
  87. ```
  88. ### -AccessType
  89. The AccessType parameter determines if the ACE allows or denies the permissions assigned.
  90. ```yaml
  91. Type: AccessControlType
  92. Parameter Sets: (All)
  93. Aliases: AccessControlType
  94. Accepted values: Allow, Deny
  95. Required: False
  96. Position: Named
  97. Default value: None
  98. Accept pipeline input: True (ByPropertyName)
  99. Accept wildcard characters: False
  100. ```
  101. ### -Account
  102. The Account parameter defines the account or group to apply the permissions to.
  103. ```yaml
  104. Type: IdentityReference2[]
  105. Parameter Sets: (All)
  106. Aliases: IdentityReference, ID
  107. Required: True
  108. Position: 2
  109. Default value: None
  110. Accept pipeline input: True (ByPropertyName)
  111. Accept wildcard characters: False
  112. ```
  113. ### -AppliesTo
  114. The AppliesTo parameter defines where the permissions apply to and if there is any inheritance e.g "this folder only" or "this folder and subfolders".
  115. ```yaml
  116. Type: ApplyTo
  117. Parameter Sets: PathSimple, SDSimple
  118. Aliases:
  119. Accepted values: ThisFolderOnly, ThisFolderSubfoldersAndFiles, ThisFolderAndSubfolders, ThisFolderAndFiles, SubfoldersAndFilesOnly, SubfoldersOnly, FilesOnly, ThisFolderSubfoldersAndFilesOneLevel, ThisFolderAndSubfoldersOneLevel, ThisFolderAndFilesOneLevel, SubfoldersAndFilesOnlyOneLevel, SubfoldersOnlyOneLevel, FilesOnlyOneLevel
  120. Required: False
  121. Position: Named
  122. Default value: None
  123. Accept pipeline input: True (ByPropertyName)
  124. Accept wildcard characters: False
  125. ```
  126. ### -InheritanceFlags
  127. The InheritanceFlags parameter defines the inheritance of the ACLs.
  128. ObjectInherit will apply the ACE to files and folders in the folder defined by the Path parameter.
  129. ContainerInherit will apply the ACE to subfolders but not files.
  130. There is more information on Microsoft Docs [here](https://docs.microsoft.com/en-us/previous-versions/dotnet/netframework-4.0/ms229747(v=vs.100)?redirectedfrom=MSDN)
  131. ```yaml
  132. Type: InheritanceFlags
  133. Parameter Sets: PathComplex, SDComplex
  134. Aliases:
  135. Accepted values: None, ContainerInherit, ObjectInherit
  136. Required: False
  137. Position: Named
  138. Default value: None
  139. Accept pipeline input: True (ByPropertyName)
  140. Accept wildcard characters: False
  141. ```
  142. ### -PassThru
  143. The PassThru parameter will return the new permissions as a table. If the PassThru parameter is omitted, there is no information returned if the operation was successful.
  144. ```yaml
  145. Type: SwitchParameter
  146. Parameter Sets: (All)
  147. Aliases:
  148. Required: False
  149. Position: Named
  150. Default value: None
  151. Accept pipeline input: False
  152. Accept wildcard characters: False
  153. ```
  154. ### -Path
  155. The Path parameter defines where the file or container exists.
  156. ```yaml
  157. Type: String[]
  158. Parameter Sets: PathComplex, PathSimple
  159. Aliases: FullName
  160. Required: True
  161. Position: 1
  162. Default value: None
  163. Accept pipeline input: True (ByPropertyName, ByValue)
  164. Accept wildcard characters: False
  165. ```
  166. ### -PropagationFlags
  167. The PropagationFlags parameter defines how the ACE is propagated to child objects.
  168. Inherit specifies that the ACE is propagated only to child objects. This includes both folder and file child objects.
  169. NoPropagateInherit specifies that the ACE is not propagated to child objects.
  170. None specifies that no inheritance flags are set.
  171. ```yaml
  172. Type: PropagationFlags
  173. Parameter Sets: PathComplex, SDComplex
  174. Aliases:
  175. Accepted values: None, NoPropagateInherit, InheritOnly
  176. Required: False
  177. Position: Named
  178. Default value: None
  179. Accept pipeline input: True (ByPropertyName)
  180. Accept wildcard characters: False
  181. ```
  182. ### -SecurityDescriptor
  183. The SecurityDescriptor parameter allows passing an security descriptor or an array or security descriptors.
  184. A security descriptor contains information about the owner of the object, and the primary group of an object. The security descriptor also contains two access control lists (ACL). The first list is called the discretionary access control lists (DACL), and describes who should have access to an object and what type of access to grant. The second list is called the system access control lists (SACL) and defines what type of auditing to record for an object.
  185. ```yaml
  186. Type: FileSystemSecurity2[]
  187. Parameter Sets: SDSimple, SDComplex
  188. Aliases:
  189. Required: True
  190. Position: 1
  191. Default value: None
  192. Accept pipeline input: True (ByPropertyName, ByValue)
  193. Accept wildcard characters: False
  194. ```
  195. ### CommonParameters
  196. This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216).
  197. ## INPUTS
  198. ### System.String[]
  199. ### Security2.FileSystemSecurity2[]
  200. ### Security2.IdentityReference2[]
  201. ### Security2.FileSystemRights2
  202. ### System.Security.AccessControl.AccessControlType
  203. ### System.Security.AccessControl.InheritanceFlags
  204. ### System.Security.AccessControl.PropagationFlags
  205. ### Security2.ApplyTo
  206. ## OUTPUTS
  207. ### Security2.FileSystemAccessRule2
  208. ## NOTES
  209. ## RELATED LINKS