Powershell-Modules
/
NTFSSecurity-Module
mirror of https://github.com/raandree/NTFSSecurity
1
0
Fork 0
Code Issues 0 Releases 3 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
25 Commits
3 Branches
30 MiB
 
 
Tree: 4bcaaa9427
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '4bcaaa9427'
${ noResults }
NTFSSecurity-Module/NTFSSecurity/AuditCmdlets/RemoveAudit.cs

188 lines
7.0 KiB
Raw Blame History 

  1. using Alphaleonis.Win32.Filesystem;

  2. using Security2;

  3. using System;

  4. using System.Linq;

  5. using System.Management.Automation;

  6. using System.Security.AccessControl;

  7. 

  8. namespace NTFSSecurity

  9. {

  10.     [Cmdlet(VerbsCommon.Remove, "NTFSAudit", DefaultParameterSetName = "PathComplex")]

  11.     [OutputType(typeof(FileSystemAccessRule2))]

  12.     public class RemoveAudit : BaseCmdletWithPrivControl

  13.     {

  14.         private IdentityReference2[] account;

  15.         private FileSystemRights2 accessRights;

  16.         private AuditFlags auditFlags = AuditFlags.Failure | AuditFlags.Success;

  17.         private InheritanceFlags inheritanceFlags = InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit;

  18.         private PropagationFlags propagationFlags = PropagationFlags.None;

  19.         private ApplyTo appliesTo;

  20.         private bool removeSpecific;

  21.         private bool passThru;

  22. 

  23.         [Parameter(Mandatory = true, Position = 1, ValueFromPipeline = true, ValueFromPipelineByPropertyName = true, ParameterSetName = "PathSimple")]

  24.         [Parameter(Mandatory = true, Position = 1, ValueFromPipeline = true, ValueFromPipelineByPropertyName = true, ParameterSetName = "PathComplex")]

  25.         [ValidateNotNullOrEmpty]

  26.         [Alias("FullName")]

  27.         public string[] Path

  28.         {

  29.             get { return paths.ToArray(); }

  30.             set

  31.             {

  32.                 paths.Clear();

  33.                 paths.AddRange(value);

  34.             }

  35.         }

  36. 

  37.         [Parameter(Mandatory = true, Position = 1, ValueFromPipeline = true, ValueFromPipelineByPropertyName = true, ParameterSetName = "SDSimple")]

  38.         [Parameter(Mandatory = true, Position = 1, ValueFromPipeline = true, ValueFromPipelineByPropertyName = true, ParameterSetName = "SDComplex")]

  39.         [ValidateNotNullOrEmpty]

  40.         public FileSystemSecurity2[] SecurityDescriptor

  41.         {

  42.             get { return securityDescriptors.ToArray(); }

  43.             set

  44.             {

  45.                 securityDescriptors.Clear();

  46.                 securityDescriptors.AddRange(value);

  47.             }

  48.         }

  49. 

  50.         [Parameter(Mandatory = true, Position = 2, ValueFromPipelineByPropertyName = true)]

  51.         [Alias("IdentityReference, ID")]

  52.         public IdentityReference2[] Account

  53.         {

  54.             get { return account; }

  55.             set { account = value; }

  56.         }

  57. 

  58.         [Parameter(Mandatory = true, Position = 3, ValueFromPipelineByPropertyName = true)]

  59.         [Alias("FileSystemRights")]

  60.         public FileSystemRights2 AccessRights

  61.         {

  62.             get { return accessRights; }

  63.             set { accessRights = value; }

  64.         }

  65. 

  66.         [Parameter(ValueFromPipelineByPropertyName = true)]

  67.         public AuditFlags AuditFlags

  68.         {

  69.             get { return auditFlags; }

  70.             set { auditFlags = value; }

  71.         }

  72. 

  73.         [Parameter(ValueFromPipelineByPropertyName = true, ParameterSetName = "PathComplex")]

  74.         [Parameter(ValueFromPipelineByPropertyName = true, ParameterSetName = "SDComplex")]

  75.         public InheritanceFlags InheritanceFlags

  76.         {

  77.             get { return inheritanceFlags; }

  78.             set { inheritanceFlags = value; }

  79.         }

  80. 

  81.         [Parameter(ValueFromPipelineByPropertyName = true, ParameterSetName = "PathComplex")]

  82.         [Parameter(ValueFromPipelineByPropertyName = true, ParameterSetName = "SDComplex")]

  83.         public PropagationFlags PropagationFlags

  84.         {

  85.             get { return propagationFlags; }

  86.             set { propagationFlags = value; }

  87.         }

  88. 

  89.         [Parameter(ValueFromPipelineByPropertyName = true, ParameterSetName = "PathSimple")]

  90.         [Parameter(ValueFromPipelineByPropertyName = true, ParameterSetName = "SDSimple")]

  91.         public ApplyTo AppliesTo

  92.         {

  93.             get { return appliesTo; }

  94.             set { appliesTo = value; }

  95.         }

  96. 

  97.         [Parameter]

  98.         public SwitchParameter PassThru

  99.         {

  100.             get { return passThru; }

  101.             set { passThru = value; }

  102.         }

  103. 

  104.         protected override void BeginProcessing()

  105.         {

  106.             base.BeginProcessing();

  107.         }

  108. 

  109.         protected override void ProcessRecord()

  110.         {

  111.             if (ParameterSetName.EndsWith("Simple"))

  112.             {

  113.                 FileSystemSecurity2.ConvertToFileSystemFlags(appliesTo, out inheritanceFlags, out propagationFlags);

  114.             }

  115. 

  116.             if (ParameterSetName.StartsWith("Path"))

  117.             {

  118.                 foreach (var path in paths)

  119.                 {

  120.                     FileSystemInfo item = null;

  121. 

  122.                     try

  123.                     {

  124.                         item = GetFileSystemInfo2(path);

  125.                     }

  126.                     catch (Exception ex)

  127.                     {

  128.                         WriteError(new ErrorRecord(ex, "ReadFileError", ErrorCategory.OpenError, path));

  129.                     }

  130. 

  131.                     if (ParameterSetName == "PathSimple")

  132.                     {

  133.                         FileSystemSecurity2.ConvertToFileSystemFlags(appliesTo, out inheritanceFlags, out propagationFlags);

  134.                     }

  135. 

  136.                     try

  137.                     {

  138.                         FileSystemAuditRule2.RemoveFileSystemAuditRule(item, account.ToList(), accessRights, auditFlags, inheritanceFlags, propagationFlags);

  139.                     }

  140.                     catch (UnauthorizedAccessException)

  141.                     {

  142.                         try

  143.                         {

  144.                             var ownerInfo = FileSystemOwner.GetOwner(item);

  145.                             var previousOwner = ownerInfo.Owner;

  146. 

  147.                             FileSystemOwner.SetOwner(item, System.Security.Principal.WindowsIdentity.GetCurrent().User);

  148. 

  149.                             FileSystemAuditRule2.RemoveFileSystemAuditRule(item, account.ToList(), accessRights, auditFlags, inheritanceFlags, propagationFlags);

  150. 

  151.                             FileSystemOwner.SetOwner(item, previousOwner);

  152.                         }

  153.                         catch (Exception ex2)

  154.                         {

  155.                             WriteError(new ErrorRecord(ex2, "RemoveAceError", ErrorCategory.WriteError, path));

  156.                         }

  157.                     }

  158.                     catch (Exception ex)

  159.                     {

  160.                         WriteError(new ErrorRecord(ex, "RemoveAceError", ErrorCategory.WriteError, path));

  161.                     }

  162. 

  163.                     if (passThru == true)

  164.                     {

  165.                         FileSystemAccessRule2.GetFileSystemAccessRules(item, true, true).ForEach(ace => WriteObject(ace));

  166.                     }

  167.                 }

  168.             }

  169.             else

  170.             {

  171.                 foreach (var sd in securityDescriptors)

  172.                 {

  173.                     FileSystemAuditRule2.RemoveFileSystemAuditRule(sd, account.ToList(), accessRights, auditFlags, inheritanceFlags, propagationFlags);

  174. 

  175.                     if (passThru == true)

  176.                     {

  177.                         FileSystemAuditRule2.GetFileSystemAuditRules(sd, true, true).ForEach(ace => WriteObject(ace));

  178.                     }

  179.                 }

  180.             }

  181.         }

  182. 

  183.         protected override void EndProcessing()

  184.         {

  185.             base.EndProcessing();

  186.         }

  187.     }

  188. }