Richard Siddaway's Blog

I thought that today I’d start putting together a function to add an ACL to a file system object. The starting point is the code that stepped through the process in an earlier post: http://msmvps.com/blogs/richardsiddaway/archive/2014/05/26/file-system-acls-creating-an-acl.aspx function add-acl { [CmdletBinding()] param ( [Parameter(Mandatory=$true)] [ValidateScript({Test-Path -Path $_ })] [string]$path, [Parameter(Mandatory=$true)] [string]$trusteeName, [Parameter(Mandatory=$true)] [ValidateSet("Read", "Write", "ListDirectory", "ReadandExecute", "Modify", […]

Ed Wilson is running a series on Best Practices on his Hey, Scripting Guy blog at the moment.  I especially like today’s which is on simple scripts.  I do a lot of quick and dirty scripts that end up being thrown away at the  end of the project or incorporated into more formal modules for […]

A comment was left on the first post in the series asking if I could show how to copy ACLs from one object to another.  For the sake of this post we’ll assume that the ACLs from c:\test will be copied to c:\test2. If this is one shot deal you can just use the PowerShell […]

Last time you saw that the permissions assign to a file system object are built from instances of the System.Security.AccessControl.FileSystemAccessRule class.  Run Get-Acl -Path c:\test | fl * and look at the Access property. Drilling into an individual ACL they look like this: FileSystemRights  : FullControl AccessControlType : Allow IdentityReference : BUILTIN\Administrators IsInherited       : True […]

Following on from the recent set of posts about setting security permissions on shares I thought it about time I looked at the file system security permissions. PowerShell supplies 2 cmdlets, in the core engine, Get-Acl and Set-Acl for workign with permissions. These two cmdlets are part of the Microsoft.PowerShell.Security module. Many Powershell users shy […]

The last variant I want to show is removing a single entry from the list function remove-trustedhost { [CmdletBinding()] param ( [string]$trustedhost, [string]$computername = $env:COMPUTERNAME ) if (Test-Connection -ComputerName $computername -Quiet -Count 1) {   $th = Get-WSManInstance -ResourceURI winrm/config/client -ComputerName $computername |   select -ExpandProperty TrustedHosts   if ($th) {     $ths = $th […]

Sometimes you may just need to clear out all of the current values in the trusted hosts list and start again – especially in a lab environment where you may be experimenting. function clear-trustedhost { [CmdletBinding()] param ( [string]$computername = $env:COMPUTERNAME ) if (Test-Connection -ComputerName $computername -Quiet -Count 1) {   Set-WSManInstance -ResourceURI winrm/config/client -ComputerName […]

Its OK to be able to read the contents of the trusted hosts list but what about adding values to it? function add-trustedhost { [CmdletBinding()] param ( [string]$trustedhost, [string]$computername = $env:COMPUTERNAME ) if (Test-Connection -ComputerName $computername -Quiet -Count 1) {   $th = Get-WSManInstance -ResourceURI winrm/config/client -ComputerName $computername |   select -ExpandProperty TrustedHosts   if […]

One of the sessions I did at the recent PowerShell summit was on using the WSMAN cmdlets. In my experience, these cmdlets aren’t used much. This is for a couple of reasons I think – the syntax is a bit difficult and there are often other ways to perform the task. This short series of […]

The last change to the share permissions functions to modify the Set-SharePermissions functions to enable the application of Deny permissions. The function becomes: #requires -Version 3.0 function Set-SharePermission { [CmdletBinding()] param (   [Parameter(Mandatory=$true)]   [string]$sharename,   [string]$domain = $env:COMPUTERNAME,   [Parameter(Mandatory=$true)]   [string]$trusteeName,   [Parameter(Mandatory=$true)]   [ValidateSet("Read", "Change", "FullControl")]   [string]$permission = "Read",   […]