You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

RemoveAudit.cs 7.0 KiB

8 jaren geleden
123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188
  1. using Alphaleonis.Win32.Filesystem;
  2. using Security2;
  3. using System;
  4. using System.Linq;
  5. using System.Management.Automation;
  6. using System.Security.AccessControl;
  7. namespace NTFSSecurity
  8. {
  9. [Cmdlet(VerbsCommon.Remove, "NTFSAudit", DefaultParameterSetName = "PathComplex")]
  10. [OutputType(typeof(FileSystemAccessRule2))]
  11. public class RemoveAudit : BaseCmdletWithPrivControl
  12. {
  13. private IdentityReference2[] account;
  14. private FileSystemRights2 accessRights;
  15. private AuditFlags auditFlags = AuditFlags.Failure | AuditFlags.Success;
  16. private InheritanceFlags inheritanceFlags = InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit;
  17. private PropagationFlags propagationFlags = PropagationFlags.None;
  18. private ApplyTo appliesTo;
  19. private bool removeSpecific;
  20. private bool passThru;
  21. [Parameter(Mandatory = true, Position = 1, ValueFromPipeline = true, ValueFromPipelineByPropertyName = true, ParameterSetName = "PathSimple")]
  22. [Parameter(Mandatory = true, Position = 1, ValueFromPipeline = true, ValueFromPipelineByPropertyName = true, ParameterSetName = "PathComplex")]
  23. [ValidateNotNullOrEmpty]
  24. [Alias("FullName")]
  25. public string[] Path
  26. {
  27. get { return paths.ToArray(); }
  28. set
  29. {
  30. paths.Clear();
  31. paths.AddRange(value);
  32. }
  33. }
  34. [Parameter(Mandatory = true, Position = 1, ValueFromPipeline = true, ValueFromPipelineByPropertyName = true, ParameterSetName = "SDSimple")]
  35. [Parameter(Mandatory = true, Position = 1, ValueFromPipeline = true, ValueFromPipelineByPropertyName = true, ParameterSetName = "SDComplex")]
  36. [ValidateNotNullOrEmpty]
  37. public FileSystemSecurity2[] SecurityDescriptor
  38. {
  39. get { return securityDescriptors.ToArray(); }
  40. set
  41. {
  42. securityDescriptors.Clear();
  43. securityDescriptors.AddRange(value);
  44. }
  45. }
  46. [Parameter(Mandatory = true, Position = 2, ValueFromPipelineByPropertyName = true)]
  47. [Alias("IdentityReference, ID")]
  48. public IdentityReference2[] Account
  49. {
  50. get { return account; }
  51. set { account = value; }
  52. }
  53. [Parameter(Mandatory = true, Position = 3, ValueFromPipelineByPropertyName = true)]
  54. [Alias("FileSystemRights")]
  55. public FileSystemRights2 AccessRights
  56. {
  57. get { return accessRights; }
  58. set { accessRights = value; }
  59. }
  60. [Parameter(ValueFromPipelineByPropertyName = true)]
  61. public AuditFlags AuditFlags
  62. {
  63. get { return auditFlags; }
  64. set { auditFlags = value; }
  65. }
  66. [Parameter(ValueFromPipelineByPropertyName = true, ParameterSetName = "PathComplex")]
  67. [Parameter(ValueFromPipelineByPropertyName = true, ParameterSetName = "SDComplex")]
  68. public InheritanceFlags InheritanceFlags
  69. {
  70. get { return inheritanceFlags; }
  71. set { inheritanceFlags = value; }
  72. }
  73. [Parameter(ValueFromPipelineByPropertyName = true, ParameterSetName = "PathComplex")]
  74. [Parameter(ValueFromPipelineByPropertyName = true, ParameterSetName = "SDComplex")]
  75. public PropagationFlags PropagationFlags
  76. {
  77. get { return propagationFlags; }
  78. set { propagationFlags = value; }
  79. }
  80. [Parameter(ValueFromPipelineByPropertyName = true, ParameterSetName = "PathSimple")]
  81. [Parameter(ValueFromPipelineByPropertyName = true, ParameterSetName = "SDSimple")]
  82. public ApplyTo AppliesTo
  83. {
  84. get { return appliesTo; }
  85. set { appliesTo = value; }
  86. }
  87. [Parameter]
  88. public SwitchParameter PassThru
  89. {
  90. get { return passThru; }
  91. set { passThru = value; }
  92. }
  93. protected override void BeginProcessing()
  94. {
  95. base.BeginProcessing();
  96. }
  97. protected override void ProcessRecord()
  98. {
  99. if (ParameterSetName.EndsWith("Simple"))
  100. {
  101. FileSystemSecurity2.ConvertToFileSystemFlags(appliesTo, out inheritanceFlags, out propagationFlags);
  102. }
  103. if (ParameterSetName.StartsWith("Path"))
  104. {
  105. foreach (var path in paths)
  106. {
  107. FileSystemInfo item = null;
  108. try
  109. {
  110. item = GetFileSystemInfo2(path);
  111. }
  112. catch (Exception ex)
  113. {
  114. WriteError(new ErrorRecord(ex, "ReadFileError", ErrorCategory.OpenError, path));
  115. }
  116. if (ParameterSetName == "PathSimple")
  117. {
  118. FileSystemSecurity2.ConvertToFileSystemFlags(appliesTo, out inheritanceFlags, out propagationFlags);
  119. }
  120. try
  121. {
  122. FileSystemAuditRule2.RemoveFileSystemAuditRule(item, account.ToList(), accessRights, auditFlags, inheritanceFlags, propagationFlags);
  123. }
  124. catch (UnauthorizedAccessException)
  125. {
  126. try
  127. {
  128. var ownerInfo = FileSystemOwner.GetOwner(item);
  129. var previousOwner = ownerInfo.Owner;
  130. FileSystemOwner.SetOwner(item, System.Security.Principal.WindowsIdentity.GetCurrent().User);
  131. FileSystemAuditRule2.RemoveFileSystemAuditRule(item, account.ToList(), accessRights, auditFlags, inheritanceFlags, propagationFlags);
  132. FileSystemOwner.SetOwner(item, previousOwner);
  133. }
  134. catch (Exception ex2)
  135. {
  136. WriteError(new ErrorRecord(ex2, "RemoveAceError", ErrorCategory.WriteError, path));
  137. }
  138. }
  139. catch (Exception ex)
  140. {
  141. WriteError(new ErrorRecord(ex, "RemoveAceError", ErrorCategory.WriteError, path));
  142. }
  143. if (passThru == true)
  144. {
  145. FileSystemAccessRule2.GetFileSystemAccessRules(item, true, true).ForEach(ace => WriteObject(ace));
  146. }
  147. }
  148. }
  149. else
  150. {
  151. foreach (var sd in securityDescriptors)
  152. {
  153. FileSystemAuditRule2.RemoveFileSystemAuditRule(sd, account.ToList(), accessRights, auditFlags, inheritanceFlags, propagationFlags);
  154. if (passThru == true)
  155. {
  156. FileSystemAuditRule2.GetFileSystemAuditRules(sd, true, true).ForEach(ace => WriteObject(ace));
  157. }
  158. }
  159. }
  160. }
  161. protected override void EndProcessing()
  162. {
  163. base.EndProcessing();
  164. }
  165. }
  166. }