diff --git a/Docs/Cmdlets/Add-NTFSAudit.md b/Docs/Cmdlets/Add-NTFSAudit.md index 9872a64..59183f5 100644 --- a/Docs/Cmdlets/Add-NTFSAudit.md +++ b/Docs/Cmdlets/Add-NTFSAudit.md @@ -9,7 +9,7 @@ schema: 2.0.0 ## SYNOPSIS -{{ Fill in the Synopsis }} +Add auditing to a folder or file. ## SYNTAX @@ -42,23 +42,24 @@ Add-NTFSAudit [-SecurityDescriptor] [-Account] {{ Add example code here }} +PS C:\> Add-NTFSAudit -Path C:\Data -Account 'NT AUTHORITY\Authenticated Users' -AcessRights generic All -AuditFlags Failure ``` -{{ Add example description here }} - +The above command adds auditing to the folder C:\Data on any failure. ## PARAMETERS ### -AccessRights -{{ Fill AccessRights Description }} +The AccessRights parameter designates the permissions to monitor or audit. There are individual permissions as well as 'basic' permissions. See the below table for how the basic permissions permissions map the the advanced permissions in the advanced security window. ```yaml Type: FileSystemRights2 @@ -75,7 +76,7 @@ Accept wildcard characters: False ### -Account -{{ Fill Account Description }} +The Account parameter defines the account or group to apply the auditing to. ```yaml Type: IdentityReference2[] @@ -91,7 +92,7 @@ Accept wildcard characters: False ### -AppliesTo -{{ Fill AppliesTo Description }} +The AppliesTo parameter defines where the auditing will apply to and if there is any inheritance e.g "this folder only" or "this folder and subfolders". ```yaml Type: ApplyTo @@ -108,7 +109,7 @@ Accept wildcard characters: False ### -AuditFlags -{{ Fill AuditFlags Description }} +The AuditFlags parameter defines what types of events will be audited. If you would only like to audit denied access you would choose failure. ```yaml Type: AuditFlags @@ -125,7 +126,13 @@ Accept wildcard characters: False ### -InheritanceFlags -{{ Fill InheritanceFlags Description }} +The InheritanceFlags parameter defines the inheritance of the auditing. + +ObjectInherit will apply the auditing to files and folders in the folder defined by the Path parameter. + +ContainerInherit will apply the auditing to subfolders but not files. + +There is more information on Microsoft Docs [here](https://docs.microsoft.com/en-us/previous-versions/dotnet/netframework-4.0/ms229747(v=vs.100)?redirectedfrom=MSDN) ```yaml Type: InheritanceFlags @@ -142,7 +149,7 @@ Accept wildcard characters: False ### -PassThru -{{ Fill PassThru Description }} +The PassThru parameter will return the new auditing as a table. If the PassThru parameter is omitted, there is no information returned if the operation was successful. ```yaml Type: SwitchParameter @@ -158,7 +165,7 @@ Accept wildcard characters: False ### -Path -{{ Fill Path Description }} +The Path parameter defines where the file or container exists to apply the auditing to. ```yaml Type: String[] @@ -174,7 +181,13 @@ Accept wildcard characters: False ### -PropagationFlags -{{ Fill PropagationFlags Description }} +The PropagationFlags parameter defines how the auditing is propagated to child objects. + +Inherit specifies that the auditing is propagated only to child objects. This includes both folder and file child objects. + +NoPropagateInherit specifies that the auditing is not propagated to child objects. + +None specifies that no inheritance flags are set. ```yaml Type: PropagationFlags @@ -191,7 +204,9 @@ Accept wildcard characters: False ### -SecurityDescriptor -{{ Fill SecurityDescriptor Description }} +The SecurityDescriptor parameter allows passing an security descriptor or an array or security descriptors. + +A security descriptor contains information about the owner of the object, and the primary group of an object. The security descriptor also contains two access control lists (ACL). The first list is called the discretionary access control lists (DACL), and describes who should have access to an object and what type of access to grant. The second list is called the system access control lists (SACL) and defines what type of auditing to record for an object. ```yaml Type: FileSystemSecurity2[] diff --git a/Docs/Cmdlets/Clear-NTFSAccess.md b/Docs/Cmdlets/Clear-NTFSAccess.md index 0184914..5eb4198 100644 --- a/Docs/Cmdlets/Clear-NTFSAccess.md +++ b/Docs/Cmdlets/Clear-NTFSAccess.md @@ -9,7 +9,7 @@ schema: 2.0.0 ## SYNOPSIS -{{ Fill in the Synopsis }} +Removes all access control entries from a file or folder. ## SYNTAX @@ -32,16 +32,16 @@ Clear-NTFSAccess [-SecurityDescriptor] [-DisableInherita ### Example 1 ```PowerShell -PS C:\> {{ Add example code here }} +PS C:\> Clear-NTFSAccess -Path C:\Data\ -DisableInheritance ``` -{{ Add example description here }} +The above example would remove all access control entries from the folder C:\Data and disable inheritance on the folder as well. ## PARAMETERS ### -DisableInheritance -{{ Fill DisableInheritance Description }} +The DisableInheritance parameter defines if you would like to didable the inheritance on the file or folder when clearing permissions. ```yaml Type: SwitchParameter @@ -57,7 +57,7 @@ Accept wildcard characters: False ### -Path -{{ Fill Path Description }} +The Path parameter defines where the file or container exists to remove the access control entries from. ```yaml Type: String[] @@ -73,7 +73,9 @@ Accept wildcard characters: False ### -SecurityDescriptor -{{ Fill SecurityDescriptor Description }} +The SecurityDescriptor parameter allows passing an security descriptor or an array or security descriptors. + +A security descriptor contains information about the owner of the object, and the primary group of an object. The security descriptor also contains two access control lists (ACL). The first list is called the discretionary access control lists (DACL), and describes who should have access to an object and what type of access to grant. The second list is called the system access control lists (SACL) and defines what type of auditing to record for an object. ```yaml Type: FileSystemSecurity2[] diff --git a/Docs/Cmdlets/Clear-NTFSAudit.md b/Docs/Cmdlets/Clear-NTFSAudit.md index 09f1c64..7b2ded4 100644 --- a/Docs/Cmdlets/Clear-NTFSAudit.md +++ b/Docs/Cmdlets/Clear-NTFSAudit.md @@ -73,7 +73,9 @@ Accept wildcard characters: False ### -SecurityDescriptor -{{ Fill SecurityDescriptor Description }} +The SecurityDescriptor parameter allows passing an security descriptor or an array or security descriptors. + +A security descriptor contains information about the owner of the object, and the primary group of an object. The security descriptor also contains two access control lists (ACL). The first list is called the discretionary access control lists (DACL), and describes who should have access to an object and what type of access to grant. The second list is called the system access control lists (SACL) and defines what type of auditing to record for an object. ```yaml Type: FileSystemSecurity2[] diff --git a/Docs/Cmdlets/Disable-NTFSAccessInheritance.md b/Docs/Cmdlets/Disable-NTFSAccessInheritance.md index 5afaf9e..be0fbf4 100644 --- a/Docs/Cmdlets/Disable-NTFSAccessInheritance.md +++ b/Docs/Cmdlets/Disable-NTFSAccessInheritance.md @@ -91,7 +91,9 @@ Accept wildcard characters: False ### -SecurityDescriptor -{{ Fill SecurityDescriptor Description }} +The SecurityDescriptor parameter allows passing an security descriptor or an array or security descriptors. + +A security descriptor contains information about the owner of the object, and the primary group of an object. The security descriptor also contains two access control lists (ACL). The first list is called the discretionary access control lists (DACL), and describes who should have access to an object and what type of access to grant. The second list is called the system access control lists (SACL) and defines what type of auditing to record for an object. ```yaml Type: FileSystemSecurity2[] diff --git a/Docs/Cmdlets/Disable-NTFSAuditInheritance.md b/Docs/Cmdlets/Disable-NTFSAuditInheritance.md index def9bbb..8b31e55 100644 --- a/Docs/Cmdlets/Disable-NTFSAuditInheritance.md +++ b/Docs/Cmdlets/Disable-NTFSAuditInheritance.md @@ -91,7 +91,9 @@ Accept wildcard characters: False ### -SecurityDescriptor -{{ Fill SecurityDescriptor Description }} +The SecurityDescriptor parameter allows passing an security descriptor or an array or security descriptors. + +A security descriptor contains information about the owner of the object, and the primary group of an object. The security descriptor also contains two access control lists (ACL). The first list is called the discretionary access control lists (DACL), and describes who should have access to an object and what type of access to grant. The second list is called the system access control lists (SACL) and defines what type of auditing to record for an object. ```yaml Type: FileSystemSecurity2[] diff --git a/Docs/Cmdlets/Enable-NTFSAccessInheritance.md b/Docs/Cmdlets/Enable-NTFSAccessInheritance.md index fb2e1a0..1d2577c 100644 --- a/Docs/Cmdlets/Enable-NTFSAccessInheritance.md +++ b/Docs/Cmdlets/Enable-NTFSAccessInheritance.md @@ -90,7 +90,9 @@ Accept wildcard characters: False ### -SecurityDescriptor -{{ Fill SecurityDescriptor Description }} +The SecurityDescriptor parameter allows passing an security descriptor or an array or security descriptors. + +A security descriptor contains information about the owner of the object, and the primary group of an object. The security descriptor also contains two access control lists (ACL). The first list is called the discretionary access control lists (DACL), and describes who should have access to an object and what type of access to grant. The second list is called the system access control lists (SACL) and defines what type of auditing to record for an object. ```yaml Type: FileSystemSecurity2[] diff --git a/Docs/Cmdlets/Enable-NTFSAuditInheritance.md b/Docs/Cmdlets/Enable-NTFSAuditInheritance.md index 2128fcd..5e2af62 100644 --- a/Docs/Cmdlets/Enable-NTFSAuditInheritance.md +++ b/Docs/Cmdlets/Enable-NTFSAuditInheritance.md @@ -90,7 +90,9 @@ Accept wildcard characters: False ### -SecurityDescriptor -{{ Fill SecurityDescriptor Description }} +The SecurityDescriptor parameter allows passing an security descriptor or an array or security descriptors. + +A security descriptor contains information about the owner of the object, and the primary group of an object. The security descriptor also contains two access control lists (ACL). The first list is called the discretionary access control lists (DACL), and describes who should have access to an object and what type of access to grant. The second list is called the system access control lists (SACL) and defines what type of auditing to record for an object. ```yaml Type: FileSystemSecurity2[] diff --git a/Docs/Cmdlets/Get-NTFSAccess.md b/Docs/Cmdlets/Get-NTFSAccess.md index 35f5b6b..9e3e099 100644 --- a/Docs/Cmdlets/Get-NTFSAccess.md +++ b/Docs/Cmdlets/Get-NTFSAccess.md @@ -107,7 +107,9 @@ Accept wildcard characters: False ### -SecurityDescriptor -{{ Fill SecurityDescriptor Description }} +The SecurityDescriptor parameter allows passing an security descriptor or an array or security descriptors. + +A security descriptor contains information about the owner of the object, and the primary group of an object. The security descriptor also contains two access control lists (ACL). The first list is called the discretionary access control lists (DACL), and describes who should have access to an object and what type of access to grant. The second list is called the system access control lists (SACL) and defines what type of auditing to record for an object. ```yaml Type: FileSystemSecurity2[] diff --git a/Docs/Cmdlets/Get-NTFSAudit.md b/Docs/Cmdlets/Get-NTFSAudit.md index 21e5dbb..0bdbfdb 100644 --- a/Docs/Cmdlets/Get-NTFSAudit.md +++ b/Docs/Cmdlets/Get-NTFSAudit.md @@ -107,7 +107,9 @@ Accept wildcard characters: False ### -SecurityDescriptor -{{ Fill SecurityDescriptor Description }} +The SecurityDescriptor parameter allows passing an security descriptor or an array or security descriptors. + +A security descriptor contains information about the owner of the object, and the primary group of an object. The security descriptor also contains two access control lists (ACL). The first list is called the discretionary access control lists (DACL), and describes who should have access to an object and what type of access to grant. The second list is called the system access control lists (SACL) and defines what type of auditing to record for an object. ```yaml Type: FileSystemSecurity2[] diff --git a/Docs/Cmdlets/Get-NTFSEffectiveAccess.md b/Docs/Cmdlets/Get-NTFSEffectiveAccess.md index d32d85d..35b5d22 100644 --- a/Docs/Cmdlets/Get-NTFSEffectiveAccess.md +++ b/Docs/Cmdlets/Get-NTFSEffectiveAccess.md @@ -91,7 +91,9 @@ Accept wildcard characters: False ### -SecurityDescriptor -{{ Fill SecurityDescriptor Description }} +The SecurityDescriptor parameter allows passing an security descriptor or an array or security descriptors. + +A security descriptor contains information about the owner of the object, and the primary group of an object. The security descriptor also contains two access control lists (ACL). The first list is called the discretionary access control lists (DACL), and describes who should have access to an object and what type of access to grant. The second list is called the system access control lists (SACL) and defines what type of auditing to record for an object. ```yaml Type: FileSystemSecurity2[] diff --git a/Docs/Cmdlets/Get-NTFSInheritance.md b/Docs/Cmdlets/Get-NTFSInheritance.md index 4c9ce85..f434759 100644 --- a/Docs/Cmdlets/Get-NTFSInheritance.md +++ b/Docs/Cmdlets/Get-NTFSInheritance.md @@ -57,7 +57,9 @@ Accept wildcard characters: False ### -SecurityDescriptor -{{ Fill SecurityDescriptor Description }} +The SecurityDescriptor parameter allows passing an security descriptor or an array or security descriptors. + +A security descriptor contains information about the owner of the object, and the primary group of an object. The security descriptor also contains two access control lists (ACL). The first list is called the discretionary access control lists (DACL), and describes who should have access to an object and what type of access to grant. The second list is called the system access control lists (SACL) and defines what type of auditing to record for an object. ```yaml Type: FileSystemSecurity2[] diff --git a/Docs/Cmdlets/Get-NTFSOrphanedAccess.md b/Docs/Cmdlets/Get-NTFSOrphanedAccess.md index 8e49e98..9d99a82 100644 --- a/Docs/Cmdlets/Get-NTFSOrphanedAccess.md +++ b/Docs/Cmdlets/Get-NTFSOrphanedAccess.md @@ -107,7 +107,9 @@ Accept wildcard characters: False ### -SecurityDescriptor -{{ Fill SecurityDescriptor Description }} +The SecurityDescriptor parameter allows passing an security descriptor or an array or security descriptors. + +A security descriptor contains information about the owner of the object, and the primary group of an object. The security descriptor also contains two access control lists (ACL). The first list is called the discretionary access control lists (DACL), and describes who should have access to an object and what type of access to grant. The second list is called the system access control lists (SACL) and defines what type of auditing to record for an object. ```yaml Type: FileSystemSecurity2[] diff --git a/Docs/Cmdlets/Get-NTFSOrphanedAudit.md b/Docs/Cmdlets/Get-NTFSOrphanedAudit.md index 5172ae8..3237e5e 100644 --- a/Docs/Cmdlets/Get-NTFSOrphanedAudit.md +++ b/Docs/Cmdlets/Get-NTFSOrphanedAudit.md @@ -107,7 +107,9 @@ Accept wildcard characters: False ### -SecurityDescriptor -{{ Fill SecurityDescriptor Description }} +The SecurityDescriptor parameter allows passing an security descriptor or an array or security descriptors. + +A security descriptor contains information about the owner of the object, and the primary group of an object. The security descriptor also contains two access control lists (ACL). The first list is called the discretionary access control lists (DACL), and describes who should have access to an object and what type of access to grant. The second list is called the system access control lists (SACL) and defines what type of auditing to record for an object. ```yaml Type: FileSystemSecurity2[] diff --git a/Docs/Cmdlets/Get-NTFSOwner.md b/Docs/Cmdlets/Get-NTFSOwner.md index 5a0d237..0ce560a 100644 --- a/Docs/Cmdlets/Get-NTFSOwner.md +++ b/Docs/Cmdlets/Get-NTFSOwner.md @@ -57,7 +57,9 @@ Accept wildcard characters: False ### -SecurityDescriptor -{{ Fill SecurityDescriptor Description }} +The SecurityDescriptor parameter allows passing an security descriptor or an array or security descriptors. + +A security descriptor contains information about the owner of the object, and the primary group of an object. The security descriptor also contains two access control lists (ACL). The first list is called the discretionary access control lists (DACL), and describes who should have access to an object and what type of access to grant. The second list is called the system access control lists (SACL) and defines what type of auditing to record for an object. ```yaml Type: FileSystemSecurity2[] diff --git a/Docs/Cmdlets/Get-NTFSSimpleAccess.md b/Docs/Cmdlets/Get-NTFSSimpleAccess.md index c34118a..7958182 100644 --- a/Docs/Cmdlets/Get-NTFSSimpleAccess.md +++ b/Docs/Cmdlets/Get-NTFSSimpleAccess.md @@ -123,7 +123,9 @@ Accept wildcard characters: False ### -SecurityDescriptor -{{ Fill SecurityDescriptor Description }} +The SecurityDescriptor parameter allows passing an security descriptor or an array or security descriptors. + +A security descriptor contains information about the owner of the object, and the primary group of an object. The security descriptor also contains two access control lists (ACL). The first list is called the discretionary access control lists (DACL), and describes who should have access to an object and what type of access to grant. The second list is called the system access control lists (SACL) and defines what type of auditing to record for an object. ```yaml Type: FileSystemSecurity2[] diff --git a/Docs/Cmdlets/Get-Privileges.md b/Docs/Cmdlets/Get-Privileges.md index 703ef06..e75bed8 100644 --- a/Docs/Cmdlets/Get-Privileges.md +++ b/Docs/Cmdlets/Get-Privileges.md @@ -26,10 +26,38 @@ Get-Privileges [] ### Example 1 ```PowerShell -PS C:\> {{ Add example code here }} +PS C:\> Get-Privileges + +------------------------------------------------------------------------- +| Privilege | PrivilegeAttributes | PriviliegeState | +|-------------------------------|---------------------|-----------------| +| IncreaseQuota | Disabled | Disabled | +| Security | Enabled | Enabled | +| TakeOwnership | Enabled | Enabled | +| LoadDriver | Disabled | Disabled | +| SystemProfile | Disabled | Disabled | +| SystemTime | Disabled | Disabled | +| ProfileSingleProcess | Disabled | Disabled | +| IncreaseBasePriority | Disabled | Disabled | +| CreatePageFile | Disabled | Disabled | +| Backup | Enabled | Enabled | +| Restore | Enabled | Enabled | +| Shutdown | Disabled | Disabled | +| Debug | Enabled | Enabled | +| SystemEnvironment | Disabled | Disabled | +| ChangeNotify EnabledByDefault | Enabled | Enabled | +| RemoteShutdown | Disabled | Disabled | +| Undock | Disabled | Disabled | +| ManageVolume | Disabled | Disabled | +| Impersonate EnabledByDefault | Enabled | Enabled | +| CreateGlobal EnabledByDefault | Enabled | Enabled | +| IncreaseWorkingSet | Disabled | Disabled | +| TimeZone | Disabled | Disabled | +| CreateSymbolicLink | Disabled | Disabled | +------------------------------------------------------------------------- ``` -{{ Add example description here }} +The above command gets the privliges. ## PARAMETERS diff --git a/Docs/Cmdlets/Remove-NTFSAccess.md b/Docs/Cmdlets/Remove-NTFSAccess.md index 3f1f5fb..0736c23 100644 --- a/Docs/Cmdlets/Remove-NTFSAccess.md +++ b/Docs/Cmdlets/Remove-NTFSAccess.md @@ -191,7 +191,9 @@ Accept wildcard characters: False ### -SecurityDescriptor -{{ Fill SecurityDescriptor Description }} +The SecurityDescriptor parameter allows passing an security descriptor or an array or security descriptors. + +A security descriptor contains information about the owner of the object, and the primary group of an object. The security descriptor also contains two access control lists (ACL). The first list is called the discretionary access control lists (DACL), and describes who should have access to an object and what type of access to grant. The second list is called the system access control lists (SACL) and defines what type of auditing to record for an object. ```yaml Type: FileSystemSecurity2[] diff --git a/Docs/Cmdlets/Remove-NTFSAudit.md b/Docs/Cmdlets/Remove-NTFSAudit.md index 399ca1d..a40dbc1 100644 --- a/Docs/Cmdlets/Remove-NTFSAudit.md +++ b/Docs/Cmdlets/Remove-NTFSAudit.md @@ -191,7 +191,9 @@ Accept wildcard characters: False ### -SecurityDescriptor -{{ Fill SecurityDescriptor Description }} +The SecurityDescriptor parameter allows passing an security descriptor or an array or security descriptors. + +A security descriptor contains information about the owner of the object, and the primary group of an object. The security descriptor also contains two access control lists (ACL). The first list is called the discretionary access control lists (DACL), and describes who should have access to an object and what type of access to grant. The second list is called the system access control lists (SACL) and defines what type of auditing to record for an object. ```yaml Type: FileSystemSecurity2[] diff --git a/Docs/Cmdlets/Set-NTFSInheritance.md b/Docs/Cmdlets/Set-NTFSInheritance.md index dec6c97..cf6301c 100644 --- a/Docs/Cmdlets/Set-NTFSInheritance.md +++ b/Docs/Cmdlets/Set-NTFSInheritance.md @@ -107,7 +107,9 @@ Accept wildcard characters: False ### -SecurityDescriptor -{{ Fill SecurityDescriptor Description }} +The SecurityDescriptor parameter allows passing an security descriptor or an array or security descriptors. + +A security descriptor contains information about the owner of the object, and the primary group of an object. The security descriptor also contains two access control lists (ACL). The first list is called the discretionary access control lists (DACL), and describes who should have access to an object and what type of access to grant. The second list is called the system access control lists (SACL) and defines what type of auditing to record for an object. ```yaml Type: FileSystemSecurity2[] diff --git a/Docs/Cmdlets/Set-NTFSOwner.md b/Docs/Cmdlets/Set-NTFSOwner.md index e0c947b..44ff4d0 100644 --- a/Docs/Cmdlets/Set-NTFSOwner.md +++ b/Docs/Cmdlets/Set-NTFSOwner.md @@ -90,7 +90,9 @@ Accept wildcard characters: False ### -SecurityDescriptor -{{ Fill SecurityDescriptor Description }} +The SecurityDescriptor parameter allows passing an security descriptor or an array or security descriptors. + +A security descriptor contains information about the owner of the object, and the primary group of an object. The security descriptor also contains two access control lists (ACL). The first list is called the discretionary access control lists (DACL), and describes who should have access to an object and what type of access to grant. The second list is called the system access control lists (SACL) and defines what type of auditing to record for an object. ```yaml Type: FileSystemSecurity2[] diff --git a/Docs/Cmdlets/Set-NTFSSecurityDescriptor.md b/Docs/Cmdlets/Set-NTFSSecurityDescriptor.md index eb14872..d24ee5c 100644 --- a/Docs/Cmdlets/Set-NTFSSecurityDescriptor.md +++ b/Docs/Cmdlets/Set-NTFSSecurityDescriptor.md @@ -51,7 +51,9 @@ Accept wildcard characters: False ### -SecurityDescriptor -{{ Fill SecurityDescriptor Description }} +The SecurityDescriptor parameter allows passing an security descriptor or an array or security descriptors. + +A security descriptor contains information about the owner of the object, and the primary group of an object. The security descriptor also contains two access control lists (ACL). The first list is called the discretionary access control lists (DACL), and describes who should have access to an object and what type of access to grant. The second list is called the system access control lists (SACL) and defines what type of auditing to record for an object. ```yaml Type: FileSystemSecurity2[]