You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
10 KiB
10 KiB
| external help file | Module Name | online version | schema |
|---|---|---|---|
| NTFSSecurity.dll-Help.xml | ntfssecurity | <nil> | 2.0.0 |
Add-NTFSAccess
SYNOPSIS
Adds an access control entry (ACE) to an object.
SYNTAX
PathComplex (Default)
Add-NTFSAccess [-Path] <String[]> [-Account] <IdentityReference2[]> [-AccessRights] <FileSystemRights2>
[-AccessType <AccessControlType>] [-InheritanceFlags <InheritanceFlags>]
[-PropagationFlags <PropagationFlags>] [-PassThru] [<CommonParameters>]
PathSimple
Add-NTFSAccess [-Path] <String[]> [-Account] <IdentityReference2[]> [-AccessRights] <FileSystemRights2>
[-AccessType <AccessControlType>] [-AppliesTo <ApplyTo>] [-PassThru] [<CommonParameters>]
SDSimple
Add-NTFSAccess [-SecurityDescriptor] <FileSystemSecurity2[]> [-Account] <IdentityReference2[]>
[-AccessRights] <FileSystemRights2> [-AccessType <AccessControlType>] [-AppliesTo <ApplyTo>] [-PassThru]
[<CommonParameters>]
SDComplex
Add-NTFSAccess [-SecurityDescriptor] <FileSystemSecurity2[]> [-Account] <IdentityReference2[]>
[-AccessRights] <FileSystemRights2> [-AccessType <AccessControlType>] [-InheritanceFlags <InheritanceFlags>]
[-PropagationFlags <PropagationFlags>] [-PassThru] [<CommonParameters>]
DESCRIPTION
Adds an access control entry (ACE) to an object such as a file or folder. NTFSSecurity allows you to apply basic permission groups (read, read/write, full) or advanced permissions that allow you to get granular with the permissions. See the below table for how the basic permissions map to the advanced permissions, and how NTFSSecurity handles them.
| NTFSSecurity | AccessRight displayed | Advanced Security Window |
|---|---|---|
| ReadData | ListDirectory | List Folder / Read Data |
| ListDirectory | ListDirectory | List Folder / Read Data |
| WriteData | CreateFile | Create Files / Write Data |
| CreateFiles | CreateFile | Create Files / Write Data |
| AppendData | CreateDirectories | Create Folders / Append Data |
| CreateDirectories | CreateDirectories | Create Folders / Append Data |
| ReadExtendedAttributes | ReadExtendedAttributes | Read Extended Attributes |
| WriteExtendedAttributes | WriteExtendedAttributes | WriteExtendedAttributes |
| ExecuteFile | Traverse | Traverse Folder / Execute File |
| Traverse | Traverse | Traverse Folder / Execute File |
| DeleteSubdirectoriesAndFiles | DeleteSubdirectoriesAndFiles | Delete Sub-folders and Files |
| ReadAttributes | ReadAttributes | Read Attributes |
| WriteAttributes | WriteAttributes | Write Attributes |
| Write | Write | Create Files / Write Data, Create Folders / Append Data, Write-Attributes, Write Extended Attributes |
| Delete | Delete | Delete |
| ReadPermissions | ReadPermissions | Read Permissions |
| Read | Read | List Folder / Read Data, Read Attributes, Read Extended Attributes, Read Permissions |
| ReadAndExecute | ReadAndExecute | Traverse Folder / Execute File, List Folder / Read Data, Read Attributes, Read Extended Attributes, Read Permissions |
| Modify | Modify | Everything except Full Control, Delete SubFolders and Files, Change Permissions, Take Ownership |
| ChangePermissions | ChangePermissions | Change Permissions |
EXAMPLES
Example 1
PS C:\> Add-NTFSAccess -Path C:\Data -Account 'NT AUTHORITY\Authenticated Users' -AccessRights Read
The above command gives the read permissions to the built-in group of ‘Authenticated users’
PARAMETERS
-AccessRights
The AccessRights parameter designates the permissions to assign. There are individual permissions as well as ‘basic’ permissions. See the below table for how the basic permissions permissions map the the advanced permissions in the advanced security window.
Type: FileSystemRights2
Parameter Sets: (All)
Aliases: FileSystemRights
Accepted values: None, ReadData, ListDirectory, WriteData, CreateFiles, AppendData, CreateDirectories, ReadExtendedAttributes, WriteExtendedAttributes, ExecuteFile, Traverse, DeleteSubdirectoriesAndFiles, ReadAttributes, WriteAttributes, Write, Delete, ReadPermissions, Read, ReadAndExecute, Modify, ChangePermissions, TakeOwnership, Synchronize, FullControl, GenericAll, GenericExecute, GenericWrite, GenericRead
Required: True
Position: 3
Default value: None
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: False
-AccessType
The AccessType parameter determines if the ACE allows or denies the permissions assigned.
Type: AccessControlType
Parameter Sets: (All)
Aliases: AccessControlType
Accepted values: Allow, Deny
Required: False
Position: Named
Default value: None
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: False
-Account
{{ Fill Account Description }}
Type: IdentityReference2[]
Parameter Sets: (All)
Aliases: IdentityReference, ID
Required: True
Position: 2
Default value: None
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: False
-AppliesTo
{{ Fill AppliesTo Description }}
Type: ApplyTo
Parameter Sets: PathSimple, SDSimple
Aliases:
Accepted values: ThisFolderOnly, ThisFolderSubfoldersAndFiles, ThisFolderAndSubfolders, ThisFolderAndFiles, SubfoldersAndFilesOnly, SubfoldersOnly, FilesOnly, ThisFolderSubfoldersAndFilesOneLevel, ThisFolderAndSubfoldersOneLevel, ThisFolderAndFilesOneLevel, SubfoldersAndFilesOnlyOneLevel, SubfoldersOnlyOneLevel, FilesOnlyOneLevel
Required: False
Position: Named
Default value: None
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: False
-InheritanceFlags
{{ Fill InheritanceFlags Description }}
Type: InheritanceFlags
Parameter Sets: PathComplex, SDComplex
Aliases:
Accepted values: None, ContainerInherit, ObjectInherit
Required: False
Position: Named
Default value: None
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: False
-PassThru
{{ Fill PassThru Description }}
Type: SwitchParameter
Parameter Sets: (All)
Aliases:
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
-Path
{{ Fill Path Description }}
Type: String[]
Parameter Sets: PathComplex, PathSimple
Aliases: FullName
Required: True
Position: 1
Default value: None
Accept pipeline input: True (ByPropertyName, ByValue)
Accept wildcard characters: False
-PropagationFlags
{{ Fill PropagationFlags Description }}
Type: PropagationFlags
Parameter Sets: PathComplex, SDComplex
Aliases:
Accepted values: None, NoPropagateInherit, InheritOnly
Required: False
Position: Named
Default value: None
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: False
-SecurityDescriptor
{{ Fill SecurityDescriptor Description }}
Type: FileSystemSecurity2[]
Parameter Sets: SDSimple, SDComplex
Aliases:
Required: True
Position: 1
Default value: None
Accept pipeline input: True (ByPropertyName, ByValue)
Accept wildcard characters: False
CommonParameters
This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.