I thought that today I’d start putting together a function to add an ACL to a file system object. The starting point is the code that stepped through the process in an earlier post: http://msmvps.com/blogs/richardsiddaway/archive/2014/05/26/file-system-acls-creating-an-acl.aspx function add-acl { [CmdletBinding()] param ( [Parameter(Mandatory=$true)] [ValidateScript({Test-Path -Path $_ })] [string]$path, [Parameter(Mandatory=$true)] [string]$trusteeName, [Parameter(Mandatory=$true)] [ValidateSet("Read", "Write", "ListDirectory", "ReadandExecute", "Modify", […]
Archive for May, 2014
Ed Wilson is running a series on Best Practices on his Hey, Scripting Guy blog at the moment. I especially like today’s which is on simple scripts. I do a lot of quick and dirty scripts that end up being thrown away at the end of the project or incorporated into more formal modules for […]
A comment was left on the first post in the series asking if I could show how to copy ACLs from one object to another. For the sake of this post we’ll assume that the ACLs from c:\test will be copied to c:\test2. If this is one shot deal you can just use the PowerShell […]
Last time you saw that the permissions assign to a file system object are built from instances of the System.Security.AccessControl.FileSystemAccessRule class. Run Get-Acl -Path c:\test | fl * and look at the Access property. Drilling into an individual ACL they look like this: FileSystemRights : FullControl AccessControlType : Allow IdentityReference : BUILTIN\Administrators IsInherited : True […]
File System ACLs – Get-Acl #1 – Retrieving permissions
Posted by: richardsiddaway | May 25, 2014 | No Comment |Following on from the recent set of posts about setting security permissions on shares I thought it about time I looked at the file system security permissions. PowerShell supplies 2 cmdlets, in the core engine, Get-Acl and Set-Acl for workign with permissions. These two cmdlets are part of the Microsoft.PowerShell.Security module. Many Powershell users shy […]
The last variant I want to show is removing a single entry from the list function remove-trustedhost { [CmdletBinding()] param ( [string]$trustedhost, [string]$computername = $env:COMPUTERNAME ) if (Test-Connection -ComputerName $computername -Quiet -Count 1) { $th = Get-WSManInstance -ResourceURI winrm/config/client -ComputerName $computername | select -ExpandProperty TrustedHosts if ($th) { $ths = $th […]
Clearing the trusted hosts list with Set-WSManInstance
Posted by: richardsiddaway | May 22, 2014 | No Comment |Sometimes you may just need to clear out all of the current values in the trusted hosts list and start again – especially in a lab environment where you may be experimenting. function clear-trustedhost { [CmdletBinding()] param ( [string]$computername = $env:COMPUTERNAME ) if (Test-Connection -ComputerName $computername -Quiet -Count 1) { Set-WSManInstance -ResourceURI winrm/config/client -ComputerName […]
Its OK to be able to read the contents of the trusted hosts list but what about adding values to it? function add-trustedhost { [CmdletBinding()] param ( [string]$trustedhost, [string]$computername = $env:COMPUTERNAME ) if (Test-Connection -ComputerName $computername -Quiet -Count 1) { $th = Get-WSManInstance -ResourceURI winrm/config/client -ComputerName $computername | select -ExpandProperty TrustedHosts if […]
One of the sessions I did at the recent PowerShell summit was on using the WSMAN cmdlets. In my experience, these cmdlets aren’t used much. This is for a couple of reasons I think – the syntax is a bit difficult and there are often other ways to perform the task. This short series of […]
The last change to the share permissions functions to modify the Set-SharePermissions functions to enable the application of Deny permissions. The function becomes: #requires -Version 3.0 function Set-SharePermission { [CmdletBinding()] param ( [Parameter(Mandatory=$true)] [string]$sharename, [string]$domain = $env:COMPUTERNAME, [Parameter(Mandatory=$true)] [string]$trusteeName, [Parameter(Mandatory=$true)] [ValidateSet("Read", "Change", "FullControl")] [string]$permission = "Read", […]
Categories
- .NET
- Active Directory
- Architecture
- Azure
- Bash
- BITS
- Books
- CDXML
- CIM
- Cloud
- COM
- Containers
- Deep Dive
- Desired State Configuration
- DevOps
- DHCP
- DNS
- DSC
- European Summit
- Events
- Exchange
- File System
- Firewall
- General
- General IT Matters
- Hyper-V
- IIS
- Infrastructure
- IT Community
- IT Security
- Learning PowerShell
- Linux
- Math
- Microsoft
- Modules
- Nano Server
- Networking
- Office 2010
- Office 2013
- Open Source
- Opinion
- Outlook
- Philosophy
- PowerShell
- PowerShell 7
- PowerShell and .NET
- PowerShell and Active Directory
- PowerShell and CIM
- PowerShell and Exchange 2007
- PowerShell and IIS
- PowerShell and SQL Server
- PowerShell and WMI
- PowerShell Basics
- PowerShell original
- PowerShell Summit
- PowerShell User Group
- PowerShell User Group 2
- PowerShell v2
- PowerShell V3
- PowerShell v4
- PowerShell v5
- PowerShell v6
- PowerShell.org
- PowerShellGet
- PowerShellV2
- PSAM
- Rant
- Registry
- Scripting
- Scripting Games
- Scripting Games 2104
- Security
- SQL Server
- Storage
- Strings
- Summit
- Technology
- Uncategorized
- Virtualization
- Windows 10
- Windows 2012 R2
- Windows 7
- Windows 8
- Windows 8 Server
- Windows 8.1
- Windows Server
- Windows server 1709
- Windows Server 2008
- Windows Server 2008 R2
- Windows Server 2012
- Windows Server 2012 R2
- Windows Server 2016
- Windows Server 2019
- WMFv5
- WPF
- WSUS