NtObjectManager.dll-Help.xml
<?xml version="1.0" encoding="utf-8"?>
<helpItems schema="maml" xmlns="http://msh"> <!-- Cmdlet: Get-AccessibleDevice --> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"> <command:details> <command:name>Get-AccessibleDevice</command:name> <command:verb>Get</command:verb> <command:noun>AccessibleDevice</command:noun> <maml:description> <maml:para>Get a list of devices that can be opened by a specified token.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>This cmdlet checks a device and optionally tries to determine if one or more specified tokens can open it. If no tokens are specified the current process token is used.</maml:para> </maml:description> <command:syntax> <!-- Parameter set: __AllParameterSets --> <command:syntaxItem> <maml:name>Get-AccessibleDevice</maml:name> <!-- Parameter: Path --> <command:parameter required="true" globbing="false" pipelineInput="true (ByValue)" position="0"> <maml:name>Path</maml:name> <maml:description> <maml:para>Specify a list of native paths to check. Can refer to object directories to search for device objects or explicit paths.</maml:para> </maml:description> <command:parameterValue required="true">string[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Access --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="AccessRights"> <maml:name>Access</maml:name> <maml:description> <maml:para>Access rights to check for in an object's access.</maml:para> <maml:para>Possible values: None, ListDirectory, AddFile, AddSubDirectory, ReadEa, WriteEa, Traverse, DeleteChild, ReadAttributes, WriteAttributes, GenericRead, GenericWrite, GenericExecute, GenericAll, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, MaximumAllowed, AccessSystemSecurity</maml:para> </maml:description> <command:parameterValue required="true">FileDirectoryAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.FileDirectoryAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">ListDirectory</command:parameterValue> <command:parameterValue required="false" variableLength="false">AddFile</command:parameterValue> <command:parameterValue required="false" variableLength="false">AddSubDirectory</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadEa</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteEa</command:parameterValue> <command:parameterValue required="false" variableLength="false">Traverse</command:parameterValue> <command:parameterValue required="false" variableLength="false">DeleteChild</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadAttributes</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteAttributes</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> <command:parameterValue required="false" variableLength="false">AccessSystemSecurity</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: AllowEmptyAccess --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>AllowEmptyAccess</maml:name> <maml:description> <maml:para>If set an access entry will be generated even if granted access is 0.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: AllowPartialAccess --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>AllowPartialAccess</maml:name> <maml:description> <maml:para>If AccessRights specified require that only part of the access rights are required to match an access check.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: CheckEaBuffer --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CheckEaBuffer</maml:name> <maml:description> <maml:para>Check whether the device can be accessed with an EA buffer.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: CheckMode --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CheckMode</maml:name> <maml:description> <maml:para>Check mode for device and/or namespace.</maml:para> <maml:para>Possible values: DeviceOnly, NamespaceOnly, DeviceAndNamespace</maml:para> </maml:description> <command:parameterValue required="true">DeviceCheckMode</command:parameterValue> <dev:type> <maml:name>NtObjectManager.Cmdlets.Accessible.DeviceCheckMode</maml:name> <maml:uri /> <maml:description> <maml:para>Mode for checking device object.</maml:para> </maml:description> </dev:type> <dev:defaultValue>DeviceOnly</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">DeviceOnly</command:parameterValue> <command:parameterValue required="false" variableLength="false">NamespaceOnly</command:parameterValue> <command:parameterValue required="false" variableLength="false">DeviceAndNamespace</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: EaBuffer --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>EaBuffer</maml:name> <maml:description> <maml:para>If CheckEaBuffer enabled specify an explicit buffer instead of a default.</maml:para> </maml:description> <command:parameterValue required="true">EaBuffer</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.EaBuffer</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: MaxDepth --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>MaxDepth</maml:name> <maml:description> <maml:para>When recursing specify maximum depth.</maml:para> </maml:description> <command:parameterValue required="true">int</command:parameterValue> <dev:type> <maml:name>System.Int32</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: NamespacePath --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>NamespacePath</maml:name> <maml:description> <maml:para>If check mode allows namespace paths specify a list of namespace paths to check for access to the device namespace instead of a default.</maml:para> </maml:description> <command:parameterValue required="true">string[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: NoImpersonation --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>NoImpersonation</maml:name> <maml:description> <maml:para>Specify not to use impersonation for access checks.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: OpenOptions --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>OpenOptions</maml:name> <maml:description> <maml:para>Specify open options for access.</maml:para> <maml:para>Possible values: None, DirectoryFile, WriteThrough, SequentialOnly, NoIntermediateBuffering, SynchronousIoAlert, SynchronousIoNonAlert, NonDirectoryFile, CreateTreeConnection, CompleteIfOplocked, NoEaKnowledge, OpenRemoteInstance, RandomAccess, DeleteOnClose, OpenByFileId, OpenForBackupIntent, NoCompression, OpenRequiringOplock, DisallowExclusive, SessionAware, ReserveOpfilter, OpenReparsePoint, OpenNoRecall, OpenForFreeSpaceQuery</maml:para> </maml:description> <command:parameterValue required="true">FileOpenOptions</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.FileOpenOptions</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">DirectoryFile</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteThrough</command:parameterValue> <command:parameterValue required="false" variableLength="false">SequentialOnly</command:parameterValue> <command:parameterValue required="false" variableLength="false">NoIntermediateBuffering</command:parameterValue> <command:parameterValue required="false" variableLength="false">SynchronousIoAlert</command:parameterValue> <command:parameterValue required="false" variableLength="false">SynchronousIoNonAlert</command:parameterValue> <command:parameterValue required="false" variableLength="false">NonDirectoryFile</command:parameterValue> <command:parameterValue required="false" variableLength="false">CreateTreeConnection</command:parameterValue> <command:parameterValue required="false" variableLength="false">CompleteIfOplocked</command:parameterValue> <command:parameterValue required="false" variableLength="false">NoEaKnowledge</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenRemoteInstance</command:parameterValue> <command:parameterValue required="false" variableLength="false">RandomAccess</command:parameterValue> <command:parameterValue required="false" variableLength="false">DeleteOnClose</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenByFileId</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenForBackupIntent</command:parameterValue> <command:parameterValue required="false" variableLength="false">NoCompression</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenRequiringOplock</command:parameterValue> <command:parameterValue required="false" variableLength="false">DisallowExclusive</command:parameterValue> <command:parameterValue required="false" variableLength="false">SessionAware</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReserveOpfilter</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenReparsePoint</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenNoRecall</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenForFreeSpaceQuery</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: Process --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="Processes"> <maml:name>Process</maml:name> <maml:description> <maml:para>Specify a list of process objects to get tokens from.</maml:para> </maml:description> <command:parameterValue required="true">NtProcess[]</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtProcess[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: ProcessCommandLine --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ProcessCommandLines"> <maml:name>ProcessCommandLine</maml:name> <maml:description> <maml:para>Specify a list of command lines to filter on find for the process tokens.</maml:para> </maml:description> <command:parameterValue required="true">string[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: ProcessId --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ProcessIds"> <maml:name>ProcessId</maml:name> <maml:description> <maml:para>Specify a list of process IDs to open for their tokens.</maml:para> </maml:description> <command:parameterValue required="true">int[]</command:parameterValue> <dev:type> <maml:name>System.Int32[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: ProcessName --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ProcessNames"> <maml:name>ProcessName</maml:name> <maml:description> <maml:para>Specify a list of process names to open for their tokens.</maml:para> </maml:description> <command:parameterValue required="true">string[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Recurse --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Recurse</maml:name> <maml:description> <maml:para>Specify whether to recursively check the directories for devices.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: Token --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="Tokens"> <maml:name>Token</maml:name> <maml:description> <maml:para>Specify a list token objects.</maml:para> </maml:description> <command:parameterValue required="true">NtToken[]</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtToken[]</maml:name> <maml:uri /> </dev:type> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <!-- Parameter: Path --> <command:parameter required="true" globbing="false" pipelineInput="true (ByValue)" position="0"> <maml:name>Path</maml:name> <maml:description> <maml:para>Specify a list of native paths to check. Can refer to object directories to search for device objects or explicit paths.</maml:para> </maml:description> <command:parameterValue required="true">string[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Recurse --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Recurse</maml:name> <maml:description> <maml:para>Specify whether to recursively check the directories for devices.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: MaxDepth --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>MaxDepth</maml:name> <maml:description> <maml:para>When recursing specify maximum depth.</maml:para> </maml:description> <command:parameterValue required="true">int</command:parameterValue> <dev:type> <maml:name>System.Int32</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: CheckMode --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CheckMode</maml:name> <maml:description> <maml:para>Check mode for device and/or namespace.</maml:para> <maml:para>Possible values: DeviceOnly, NamespaceOnly, DeviceAndNamespace</maml:para> </maml:description> <command:parameterValue required="true">DeviceCheckMode</command:parameterValue> <dev:type> <maml:name>NtObjectManager.Cmdlets.Accessible.DeviceCheckMode</maml:name> <maml:uri /> <maml:description> <maml:para>Mode for checking device object.</maml:para> </maml:description> </dev:type> <dev:defaultValue>DeviceOnly</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">DeviceOnly</command:parameterValue> <command:parameterValue required="false" variableLength="false">NamespaceOnly</command:parameterValue> <command:parameterValue required="false" variableLength="false">DeviceAndNamespace</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: NamespacePath --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>NamespacePath</maml:name> <maml:description> <maml:para>If check mode allows namespace paths specify a list of namespace paths to check for access to the device namespace instead of a default.</maml:para> </maml:description> <command:parameterValue required="true">string[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: CheckEaBuffer --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CheckEaBuffer</maml:name> <maml:description> <maml:para>Check whether the device can be accessed with an EA buffer.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: EaBuffer --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>EaBuffer</maml:name> <maml:description> <maml:para>If CheckEaBuffer enabled specify an explicit buffer instead of a default.</maml:para> </maml:description> <command:parameterValue required="true">EaBuffer</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.EaBuffer</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: OpenOptions --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>OpenOptions</maml:name> <maml:description> <maml:para>Specify open options for access.</maml:para> <maml:para>Possible values: None, DirectoryFile, WriteThrough, SequentialOnly, NoIntermediateBuffering, SynchronousIoAlert, SynchronousIoNonAlert, NonDirectoryFile, CreateTreeConnection, CompleteIfOplocked, NoEaKnowledge, OpenRemoteInstance, RandomAccess, DeleteOnClose, OpenByFileId, OpenForBackupIntent, NoCompression, OpenRequiringOplock, DisallowExclusive, SessionAware, ReserveOpfilter, OpenReparsePoint, OpenNoRecall, OpenForFreeSpaceQuery</maml:para> </maml:description> <command:parameterValue required="true">FileOpenOptions</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.FileOpenOptions</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">DirectoryFile</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteThrough</command:parameterValue> <command:parameterValue required="false" variableLength="false">SequentialOnly</command:parameterValue> <command:parameterValue required="false" variableLength="false">NoIntermediateBuffering</command:parameterValue> <command:parameterValue required="false" variableLength="false">SynchronousIoAlert</command:parameterValue> <command:parameterValue required="false" variableLength="false">SynchronousIoNonAlert</command:parameterValue> <command:parameterValue required="false" variableLength="false">NonDirectoryFile</command:parameterValue> <command:parameterValue required="false" variableLength="false">CreateTreeConnection</command:parameterValue> <command:parameterValue required="false" variableLength="false">CompleteIfOplocked</command:parameterValue> <command:parameterValue required="false" variableLength="false">NoEaKnowledge</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenRemoteInstance</command:parameterValue> <command:parameterValue required="false" variableLength="false">RandomAccess</command:parameterValue> <command:parameterValue required="false" variableLength="false">DeleteOnClose</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenByFileId</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenForBackupIntent</command:parameterValue> <command:parameterValue required="false" variableLength="false">NoCompression</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenRequiringOplock</command:parameterValue> <command:parameterValue required="false" variableLength="false">DisallowExclusive</command:parameterValue> <command:parameterValue required="false" variableLength="false">SessionAware</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReserveOpfilter</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenReparsePoint</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenNoRecall</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenForFreeSpaceQuery</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: NoImpersonation --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>NoImpersonation</maml:name> <maml:description> <maml:para>Specify not to use impersonation for access checks.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: Access --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="AccessRights"> <maml:name>Access</maml:name> <maml:description> <maml:para>Access rights to check for in an object's access.</maml:para> <maml:para>Possible values: None, ListDirectory, AddFile, AddSubDirectory, ReadEa, WriteEa, Traverse, DeleteChild, ReadAttributes, WriteAttributes, GenericRead, GenericWrite, GenericExecute, GenericAll, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, MaximumAllowed, AccessSystemSecurity</maml:para> </maml:description> <command:parameterValue required="true">FileDirectoryAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.FileDirectoryAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">ListDirectory</command:parameterValue> <command:parameterValue required="false" variableLength="false">AddFile</command:parameterValue> <command:parameterValue required="false" variableLength="false">AddSubDirectory</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadEa</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteEa</command:parameterValue> <command:parameterValue required="false" variableLength="false">Traverse</command:parameterValue> <command:parameterValue required="false" variableLength="false">DeleteChild</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadAttributes</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteAttributes</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> <command:parameterValue required="false" variableLength="false">AccessSystemSecurity</command:parameterValue> </command:parameterValueGroup> </command:parameter> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="AccessRights"> <maml:name>AccessRights</maml:name> <maml:description> <maml:para>Access rights to check for in an object's access.</maml:para> <maml:para>Possible values: None, ListDirectory, AddFile, AddSubDirectory, ReadEa, WriteEa, Traverse, DeleteChild, ReadAttributes, WriteAttributes, GenericRead, GenericWrite, GenericExecute, GenericAll, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, MaximumAllowed, AccessSystemSecurity</maml:para> <maml:para>This is an alias of the Access parameter.</maml:para> </maml:description> <command:parameterValue required="true">FileDirectoryAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.FileDirectoryAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">ListDirectory</command:parameterValue> <command:parameterValue required="false" variableLength="false">AddFile</command:parameterValue> <command:parameterValue required="false" variableLength="false">AddSubDirectory</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadEa</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteEa</command:parameterValue> <command:parameterValue required="false" variableLength="false">Traverse</command:parameterValue> <command:parameterValue required="false" variableLength="false">DeleteChild</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadAttributes</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteAttributes</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> <command:parameterValue required="false" variableLength="false">AccessSystemSecurity</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: AllowPartialAccess --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>AllowPartialAccess</maml:name> <maml:description> <maml:para>If AccessRights specified require that only part of the access rights are required to match an access check.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: AllowEmptyAccess --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>AllowEmptyAccess</maml:name> <maml:description> <maml:para>If set an access entry will be generated even if granted access is 0.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: ProcessId --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ProcessIds"> <maml:name>ProcessId</maml:name> <maml:description> <maml:para>Specify a list of process IDs to open for their tokens.</maml:para> </maml:description> <command:parameterValue required="true">int[]</command:parameterValue> <dev:type> <maml:name>System.Int32[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ProcessIds"> <maml:name>ProcessIds</maml:name> <maml:description> <maml:para>Specify a list of process IDs to open for their tokens.</maml:para> <maml:para>This is an alias of the ProcessId parameter.</maml:para> </maml:description> <command:parameterValue required="true">int[]</command:parameterValue> <dev:type> <maml:name>System.Int32[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: ProcessName --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ProcessNames"> <maml:name>ProcessName</maml:name> <maml:description> <maml:para>Specify a list of process names to open for their tokens.</maml:para> </maml:description> <command:parameterValue required="true">string[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ProcessNames"> <maml:name>ProcessNames</maml:name> <maml:description> <maml:para>Specify a list of process names to open for their tokens.</maml:para> <maml:para>This is an alias of the ProcessName parameter.</maml:para> </maml:description> <command:parameterValue required="true">string[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: ProcessCommandLine --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ProcessCommandLines"> <maml:name>ProcessCommandLine</maml:name> <maml:description> <maml:para>Specify a list of command lines to filter on find for the process tokens.</maml:para> </maml:description> <command:parameterValue required="true">string[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ProcessCommandLines"> <maml:name>ProcessCommandLines</maml:name> <maml:description> <maml:para>Specify a list of command lines to filter on find for the process tokens.</maml:para> <maml:para>This is an alias of the ProcessCommandLine parameter.</maml:para> </maml:description> <command:parameterValue required="true">string[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Token --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="Tokens"> <maml:name>Token</maml:name> <maml:description> <maml:para>Specify a list token objects.</maml:para> </maml:description> <command:parameterValue required="true">NtToken[]</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtToken[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="Tokens"> <maml:name>Tokens</maml:name> <maml:description> <maml:para>Specify a list token objects.</maml:para> <maml:para>This is an alias of the Token parameter.</maml:para> </maml:description> <command:parameterValue required="true">NtToken[]</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtToken[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Process --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="Processes"> <maml:name>Process</maml:name> <maml:description> <maml:para>Specify a list of process objects to get tokens from.</maml:para> </maml:description> <command:parameterValue required="true">NtProcess[]</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtProcess[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="Processes"> <maml:name>Processes</maml:name> <maml:description> <maml:para>Specify a list of process objects to get tokens from.</maml:para> <maml:para>This is an alias of the Process parameter.</maml:para> </maml:description> <command:parameterValue required="true">NtProcess[]</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtProcess[]</maml:name> <maml:uri /> </dev:type> </command:parameter> </command:parameters> <command:inputTypes> <command:inputType> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> <maml:description> <maml:para>Specify a list of native paths to check. Can refer to object directories to search for device objects or explicit paths.</maml:para> </maml:description> </command:inputType> </command:inputTypes> <command:returnValues> <!-- OutputType: CommonAccessCheckResult --> <command:returnValue> <dev:type> <maml:name>NtObjectManager.Cmdlets.Accessible.CommonAccessCheckResult</maml:name> <maml:uri /> </dev:type> <maml:description> <maml:para>General Access check result.</maml:para> </maml:description> </command:returnValue> </command:returnValues> <command:examples> <command:example> <maml:title>---------- EXAMPLE 1 ----------</maml:title> <dev:code>Get-AccessibleDevice \Device</dev:code> <dev:remarks> <maml:para>Check accessible devices under \Device for the current process token.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 2 ----------</maml:title> <dev:code>Get-AccessibleDevice \Device -AccessRights GenericWrite</dev:code> <dev:remarks> <maml:para>Check write accessible devices under \Device for the current process token.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 3 ----------</maml:title> <dev:code>Get-AccessibleDevice \Device -ProcessIds 1234,5678</dev:code> <dev:remarks> <maml:para>Check accessible devices under \Device for the process tokens of PIDs 1234 and 5678</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 4 ----------</maml:title> <dev:code>Get-AccessibleDevice \Device -CheckMode DeviceAndNamespace</dev:code> <dev:remarks> <maml:para>Check accessible devices under \Device for the current process token including ones under a namespace.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 5 ----------</maml:title> <dev:code>Get-AccessibleDevice \ -Recurse</dev:code> <dev:remarks> <maml:para>Check recursively for accessible devices under \ for the current process token.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 6 ----------</maml:title> <dev:code>Get-AccessibleDevice \ -Recurse -MaxDepth 5</dev:code> <dev:remarks> <maml:para>Check recursively for accessible objects under \BaseNamedObjects for the current process token to a maximum depth of 5.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 7 ----------</maml:title> <dev:code>Get-AccessibleDevice \Device\Afd,\Device\Blah</dev:code> <dev:remarks> <maml:para>Check two devices for the current process token.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 8 ----------</maml:title> <dev:code>Get-AccessibleDevice \ -Recurse -AccessRights GenericWrite</dev:code> <dev:remarks> <maml:para>Check recursively for accessible devices under with write access.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 9 ----------</maml:title> <dev:code>Get-AccessibleDevice \ -Recurse -AccessRights GenericWrite -AllowPartialAccess</dev:code> <dev:remarks> <maml:para>Check recursively for accessible devices with partial write access.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 10 ----------</maml:title> <dev:code>$token = Get-NtToken -Primary -Duplicate -IntegrityLevel Low Get-AccessibleDevice \Device -Recurse -Tokens $token -AccessRights GenericWrite</dev:code> <dev:remarks> <maml:para>Get all devices which can be written to in \Device by a low integrity copy of current token.</maml:para> </dev:remarks> </command:example> </command:examples> </command:command> <!-- Cmdlet: Get-AccessibleEventTrace --> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"> <command:details> <command:name>Get-AccessibleEventTrace</command:name> <command:verb>Get</command:verb> <command:noun>AccessibleEventTrace</command:noun> <maml:description> <maml:para>Get a list of ETW providers accessible by a specified token.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>This cmdlet checks all ETW providers and tries to determine if one or more specified tokens can access them. If no tokens are specified then the current process token is used.</maml:para> </maml:description> <command:syntax> <!-- Parameter set: FromId --> <command:syntaxItem> <maml:name>Get-AccessibleEventTrace</maml:name> <!-- Parameter: Access --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="AccessRights"> <maml:name>Access</maml:name> <maml:description> <maml:para>Access rights to check for in an object's access.</maml:para> <maml:para>Possible values: None, Query, Set, Notification, ReadDescription, Execute, CreateRealtime, CreateOnDisk, GuidEnable, AccessKernelLogger, LogEvent, AccessRealtime, RegisterGuids, JoinGroup, GenericRead, GenericWrite, GenericExecute, GenericAll, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, MaximumAllowed, AccessSystemSecurity</maml:para> </maml:description> <command:parameterValue required="true">TraceAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.TraceAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">Query</command:parameterValue> <command:parameterValue required="false" variableLength="false">Set</command:parameterValue> <command:parameterValue required="false" variableLength="false">Notification</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadDescription</command:parameterValue> <command:parameterValue required="false" variableLength="false">Execute</command:parameterValue> <command:parameterValue required="false" variableLength="false">CreateRealtime</command:parameterValue> <command:parameterValue required="false" variableLength="false">CreateOnDisk</command:parameterValue> <command:parameterValue required="false" variableLength="false">GuidEnable</command:parameterValue> <command:parameterValue required="false" variableLength="false">AccessKernelLogger</command:parameterValue> <command:parameterValue required="false" variableLength="false">LogEvent</command:parameterValue> <command:parameterValue required="false" variableLength="false">AccessRealtime</command:parameterValue> <command:parameterValue required="false" variableLength="false">RegisterGuids</command:parameterValue> <command:parameterValue required="false" variableLength="false">JoinGroup</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> <command:parameterValue required="false" variableLength="false">AccessSystemSecurity</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: AllowEmptyAccess --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>AllowEmptyAccess</maml:name> <maml:description> <maml:para>If set an access entry will be generated even if granted access is 0.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: AllowPartialAccess --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>AllowPartialAccess</maml:name> <maml:description> <maml:para>If AccessRights specified require that only part of the access rights are required to match an access check.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: Process --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="Processes"> <maml:name>Process</maml:name> <maml:description> <maml:para>Specify a list of process objects to get tokens from.</maml:para> </maml:description> <command:parameterValue required="true">NtProcess[]</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtProcess[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: ProcessCommandLine --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ProcessCommandLines"> <maml:name>ProcessCommandLine</maml:name> <maml:description> <maml:para>Specify a list of command lines to filter on find for the process tokens.</maml:para> </maml:description> <command:parameterValue required="true">string[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: ProcessId --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ProcessIds"> <maml:name>ProcessId</maml:name> <maml:description> <maml:para>Specify a list of process IDs to open for their tokens.</maml:para> </maml:description> <command:parameterValue required="true">int[]</command:parameterValue> <dev:type> <maml:name>System.Int32[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: ProcessName --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ProcessNames"> <maml:name>ProcessName</maml:name> <maml:description> <maml:para>Specify a list of process names to open for their tokens.</maml:para> </maml:description> <command:parameterValue required="true">string[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: ProviderId --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ProviderId</maml:name> <maml:description> <maml:para>Specify list of ETW provider GUID to check.</maml:para> </maml:description> <command:parameterValue required="true">Guid[]</command:parameterValue> <dev:type> <maml:name>System.Guid[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Token --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="Tokens"> <maml:name>Token</maml:name> <maml:description> <maml:para>Specify a list token objects.</maml:para> </maml:description> <command:parameterValue required="true">NtToken[]</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtToken[]</maml:name> <maml:uri /> </dev:type> </command:parameter> </command:syntaxItem> <!-- Parameter set: FromName --> <command:syntaxItem> <maml:name>Get-AccessibleEventTrace</maml:name> <!-- Parameter: Access --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="AccessRights"> <maml:name>Access</maml:name> <maml:description> <maml:para>Access rights to check for in an object's access.</maml:para> <maml:para>Possible values: None, Query, Set, Notification, ReadDescription, Execute, CreateRealtime, CreateOnDisk, GuidEnable, AccessKernelLogger, LogEvent, AccessRealtime, RegisterGuids, JoinGroup, GenericRead, GenericWrite, GenericExecute, GenericAll, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, MaximumAllowed, AccessSystemSecurity</maml:para> </maml:description> <command:parameterValue required="true">TraceAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.TraceAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">Query</command:parameterValue> <command:parameterValue required="false" variableLength="false">Set</command:parameterValue> <command:parameterValue required="false" variableLength="false">Notification</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadDescription</command:parameterValue> <command:parameterValue required="false" variableLength="false">Execute</command:parameterValue> <command:parameterValue required="false" variableLength="false">CreateRealtime</command:parameterValue> <command:parameterValue required="false" variableLength="false">CreateOnDisk</command:parameterValue> <command:parameterValue required="false" variableLength="false">GuidEnable</command:parameterValue> <command:parameterValue required="false" variableLength="false">AccessKernelLogger</command:parameterValue> <command:parameterValue required="false" variableLength="false">LogEvent</command:parameterValue> <command:parameterValue required="false" variableLength="false">AccessRealtime</command:parameterValue> <command:parameterValue required="false" variableLength="false">RegisterGuids</command:parameterValue> <command:parameterValue required="false" variableLength="false">JoinGroup</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> <command:parameterValue required="false" variableLength="false">AccessSystemSecurity</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: AllowEmptyAccess --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>AllowEmptyAccess</maml:name> <maml:description> <maml:para>If set an access entry will be generated even if granted access is 0.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: AllowPartialAccess --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>AllowPartialAccess</maml:name> <maml:description> <maml:para>If AccessRights specified require that only part of the access rights are required to match an access check.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: Name --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Name</maml:name> <maml:description> <maml:para>Specify list of ETW provider names to check.</maml:para> </maml:description> <command:parameterValue required="true">string[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Process --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="Processes"> <maml:name>Process</maml:name> <maml:description> <maml:para>Specify a list of process objects to get tokens from.</maml:para> </maml:description> <command:parameterValue required="true">NtProcess[]</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtProcess[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: ProcessCommandLine --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ProcessCommandLines"> <maml:name>ProcessCommandLine</maml:name> <maml:description> <maml:para>Specify a list of command lines to filter on find for the process tokens.</maml:para> </maml:description> <command:parameterValue required="true">string[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: ProcessId --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ProcessIds"> <maml:name>ProcessId</maml:name> <maml:description> <maml:para>Specify a list of process IDs to open for their tokens.</maml:para> </maml:description> <command:parameterValue required="true">int[]</command:parameterValue> <dev:type> <maml:name>System.Int32[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: ProcessName --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ProcessNames"> <maml:name>ProcessName</maml:name> <maml:description> <maml:para>Specify a list of process names to open for their tokens.</maml:para> </maml:description> <command:parameterValue required="true">string[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Token --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="Tokens"> <maml:name>Token</maml:name> <maml:description> <maml:para>Specify a list token objects.</maml:para> </maml:description> <command:parameterValue required="true">NtToken[]</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtToken[]</maml:name> <maml:uri /> </dev:type> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <!-- Parameter: ProviderId --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ProviderId</maml:name> <maml:description> <maml:para>Specify list of ETW provider GUID to check.</maml:para> </maml:description> <command:parameterValue required="true">Guid[]</command:parameterValue> <dev:type> <maml:name>System.Guid[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Name --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Name</maml:name> <maml:description> <maml:para>Specify list of ETW provider names to check.</maml:para> </maml:description> <command:parameterValue required="true">string[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Access --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="AccessRights"> <maml:name>Access</maml:name> <maml:description> <maml:para>Access rights to check for in an object's access.</maml:para> <maml:para>Possible values: None, Query, Set, Notification, ReadDescription, Execute, CreateRealtime, CreateOnDisk, GuidEnable, AccessKernelLogger, LogEvent, AccessRealtime, RegisterGuids, JoinGroup, GenericRead, GenericWrite, GenericExecute, GenericAll, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, MaximumAllowed, AccessSystemSecurity</maml:para> </maml:description> <command:parameterValue required="true">TraceAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.TraceAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">Query</command:parameterValue> <command:parameterValue required="false" variableLength="false">Set</command:parameterValue> <command:parameterValue required="false" variableLength="false">Notification</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadDescription</command:parameterValue> <command:parameterValue required="false" variableLength="false">Execute</command:parameterValue> <command:parameterValue required="false" variableLength="false">CreateRealtime</command:parameterValue> <command:parameterValue required="false" variableLength="false">CreateOnDisk</command:parameterValue> <command:parameterValue required="false" variableLength="false">GuidEnable</command:parameterValue> <command:parameterValue required="false" variableLength="false">AccessKernelLogger</command:parameterValue> <command:parameterValue required="false" variableLength="false">LogEvent</command:parameterValue> <command:parameterValue required="false" variableLength="false">AccessRealtime</command:parameterValue> <command:parameterValue required="false" variableLength="false">RegisterGuids</command:parameterValue> <command:parameterValue required="false" variableLength="false">JoinGroup</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> <command:parameterValue required="false" variableLength="false">AccessSystemSecurity</command:parameterValue> </command:parameterValueGroup> </command:parameter> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="AccessRights"> <maml:name>AccessRights</maml:name> <maml:description> <maml:para>Access rights to check for in an object's access.</maml:para> <maml:para>Possible values: None, Query, Set, Notification, ReadDescription, Execute, CreateRealtime, CreateOnDisk, GuidEnable, AccessKernelLogger, LogEvent, AccessRealtime, RegisterGuids, JoinGroup, GenericRead, GenericWrite, GenericExecute, GenericAll, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, MaximumAllowed, AccessSystemSecurity</maml:para> <maml:para>This is an alias of the Access parameter.</maml:para> </maml:description> <command:parameterValue required="true">TraceAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.TraceAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">Query</command:parameterValue> <command:parameterValue required="false" variableLength="false">Set</command:parameterValue> <command:parameterValue required="false" variableLength="false">Notification</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadDescription</command:parameterValue> <command:parameterValue required="false" variableLength="false">Execute</command:parameterValue> <command:parameterValue required="false" variableLength="false">CreateRealtime</command:parameterValue> <command:parameterValue required="false" variableLength="false">CreateOnDisk</command:parameterValue> <command:parameterValue required="false" variableLength="false">GuidEnable</command:parameterValue> <command:parameterValue required="false" variableLength="false">AccessKernelLogger</command:parameterValue> <command:parameterValue required="false" variableLength="false">LogEvent</command:parameterValue> <command:parameterValue required="false" variableLength="false">AccessRealtime</command:parameterValue> <command:parameterValue required="false" variableLength="false">RegisterGuids</command:parameterValue> <command:parameterValue required="false" variableLength="false">JoinGroup</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> <command:parameterValue required="false" variableLength="false">AccessSystemSecurity</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: AllowPartialAccess --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>AllowPartialAccess</maml:name> <maml:description> <maml:para>If AccessRights specified require that only part of the access rights are required to match an access check.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: AllowEmptyAccess --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>AllowEmptyAccess</maml:name> <maml:description> <maml:para>If set an access entry will be generated even if granted access is 0.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: ProcessId --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ProcessIds"> <maml:name>ProcessId</maml:name> <maml:description> <maml:para>Specify a list of process IDs to open for their tokens.</maml:para> </maml:description> <command:parameterValue required="true">int[]</command:parameterValue> <dev:type> <maml:name>System.Int32[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ProcessIds"> <maml:name>ProcessIds</maml:name> <maml:description> <maml:para>Specify a list of process IDs to open for their tokens.</maml:para> <maml:para>This is an alias of the ProcessId parameter.</maml:para> </maml:description> <command:parameterValue required="true">int[]</command:parameterValue> <dev:type> <maml:name>System.Int32[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: ProcessName --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ProcessNames"> <maml:name>ProcessName</maml:name> <maml:description> <maml:para>Specify a list of process names to open for their tokens.</maml:para> </maml:description> <command:parameterValue required="true">string[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ProcessNames"> <maml:name>ProcessNames</maml:name> <maml:description> <maml:para>Specify a list of process names to open for their tokens.</maml:para> <maml:para>This is an alias of the ProcessName parameter.</maml:para> </maml:description> <command:parameterValue required="true">string[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: ProcessCommandLine --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ProcessCommandLines"> <maml:name>ProcessCommandLine</maml:name> <maml:description> <maml:para>Specify a list of command lines to filter on find for the process tokens.</maml:para> </maml:description> <command:parameterValue required="true">string[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ProcessCommandLines"> <maml:name>ProcessCommandLines</maml:name> <maml:description> <maml:para>Specify a list of command lines to filter on find for the process tokens.</maml:para> <maml:para>This is an alias of the ProcessCommandLine parameter.</maml:para> </maml:description> <command:parameterValue required="true">string[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Token --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="Tokens"> <maml:name>Token</maml:name> <maml:description> <maml:para>Specify a list token objects.</maml:para> </maml:description> <command:parameterValue required="true">NtToken[]</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtToken[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="Tokens"> <maml:name>Tokens</maml:name> <maml:description> <maml:para>Specify a list token objects.</maml:para> <maml:para>This is an alias of the Token parameter.</maml:para> </maml:description> <command:parameterValue required="true">NtToken[]</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtToken[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Process --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="Processes"> <maml:name>Process</maml:name> <maml:description> <maml:para>Specify a list of process objects to get tokens from.</maml:para> </maml:description> <command:parameterValue required="true">NtProcess[]</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtProcess[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="Processes"> <maml:name>Processes</maml:name> <maml:description> <maml:para>Specify a list of process objects to get tokens from.</maml:para> <maml:para>This is an alias of the Process parameter.</maml:para> </maml:description> <command:parameterValue required="true">NtProcess[]</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtProcess[]</maml:name> <maml:uri /> </dev:type> </command:parameter> </command:parameters> <command:inputTypes /> <command:returnValues> <!-- OutputType: CommonAccessCheckResult --> <command:returnValue> <dev:type> <maml:name>NtObjectManager.Cmdlets.Accessible.CommonAccessCheckResult</maml:name> <maml:uri /> </dev:type> <maml:description> <maml:para>General Access check result.</maml:para> </maml:description> </command:returnValue> </command:returnValues> <command:examples> <command:example> <maml:title>---------- EXAMPLE 1 ----------</maml:title> <dev:code>Get-AccessibleEventTrace</dev:code> <dev:remarks> <maml:para>Check all accessible ETW providers for the current process token.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 2 ----------</maml:title> <dev:code>Get-AccessibleEventTrace -ProcessIds 1234,5678</dev:code> <dev:remarks> <maml:para>>Check all accessible ETW providers for the process tokens of PIDs 1234 and 5678</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 3 ----------</maml:title> <dev:code>$token = Get-NtToken -Primary -Duplicate -IntegrityLevel Low Get-AccessibleEventTrace -Tokens $token</dev:code> <dev:remarks> <maml:para>Get all ETW providers which can be accessed by a low integrity copy of current token.</maml:para> </dev:remarks> </command:example> </command:examples> </command:command> <!-- Cmdlet: Get-AccessibleFile --> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"> <command:details> <command:name>Get-AccessibleFile</command:name> <command:verb>Get</command:verb> <command:noun>AccessibleFile</command:noun> <maml:description> <maml:para>Get a list of files that can be opened by a specified token.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>This cmdlet checks a file or directory and tries to determine if one or more specified tokens can open them. If no tokens are specified the current process token is used.</maml:para> </maml:description> <command:syntax> <!-- Parameter set: path --> <command:syntaxItem> <maml:name>Get-AccessibleFile</maml:name> <!-- Parameter: Path --> <command:parameter required="false" globbing="false" pipelineInput="true (ByValue)" position="0"> <maml:name>Path</maml:name> <maml:description> <maml:para>Specify a list of native paths to check.</maml:para> </maml:description> <command:parameterValue required="true">string[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Access --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="AccessRights"> <maml:name>Access</maml:name> <maml:description> <maml:para>Access rights to check for in an object's access.</maml:para> <maml:para>Possible values: None, ReadData, WriteData, AppendData, ReadEa, WriteEa, Execute, DeleteChild, ReadAttributes, WriteAttributes, GenericRead, GenericWrite, GenericExecute, GenericAll, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, MaximumAllowed, AccessSystemSecurity</maml:para> </maml:description> <command:parameterValue required="true">FileAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.FileAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadData</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteData</command:parameterValue> <command:parameterValue required="false" variableLength="false">AppendData</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadEa</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteEa</command:parameterValue> <command:parameterValue required="false" variableLength="false">Execute</command:parameterValue> <command:parameterValue required="false" variableLength="false">DeleteChild</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadAttributes</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteAttributes</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> <command:parameterValue required="false" variableLength="false">AccessSystemSecurity</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: AllowEmptyAccess --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>AllowEmptyAccess</maml:name> <maml:description> <maml:para>If set an access entry will be generated even if granted access is 0.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: AllowPartialAccess --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>AllowPartialAccess</maml:name> <maml:description> <maml:para>If AccessRights specified require that only part of the access rights are required to match an access check.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: CaseSensitive --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CaseSensitive</maml:name> <maml:description> <maml:para>Specify the checks should be attempted case sensitively.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: CheckMode --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CheckMode</maml:name> <maml:description> <maml:para>Limit access check to specific types of files.</maml:para> <maml:para>Possible values: All, FilesOnly, DirectoriesOnly</maml:para> </maml:description> <command:parameterValue required="true">FileCheckMode</command:parameterValue> <dev:type> <maml:name>NtObjectManager.Cmdlets.Accessible.FileCheckMode</maml:name> <maml:uri /> <maml:description> <maml:para>Limit access check to specific types of files.</maml:para> </maml:description> </dev:type> <dev:defaultValue>All</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">All</command:parameterValue> <command:parameterValue required="false" variableLength="false">FilesOnly</command:parameterValue> <command:parameterValue required="false" variableLength="false">DirectoriesOnly</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: Depth --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="MaxDepth"> <maml:name>Depth</maml:name> <maml:description> <maml:para>When recursing specify maximum depth.</maml:para> </maml:description> <command:parameterValue required="true">int</command:parameterValue> <dev:type> <maml:name>System.Int32</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: DirectoryAccess --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="DirectoryAccessRights"> <maml:name>DirectoryAccess</maml:name> <maml:description> <maml:para>Specify a set of directory access rights which a directory must at least be accessible for to count as an access.</maml:para> <maml:para>Possible values: None, ListDirectory, AddFile, AddSubDirectory, ReadEa, WriteEa, Traverse, DeleteChild, ReadAttributes, WriteAttributes, GenericRead, GenericWrite, GenericExecute, GenericAll, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, MaximumAllowed, AccessSystemSecurity</maml:para> </maml:description> <command:parameterValue required="true">FileDirectoryAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.FileDirectoryAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">ListDirectory</command:parameterValue> <command:parameterValue required="false" variableLength="false">AddFile</command:parameterValue> <command:parameterValue required="false" variableLength="false">AddSubDirectory</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadEa</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteEa</command:parameterValue> <command:parameterValue required="false" variableLength="false">Traverse</command:parameterValue> <command:parameterValue required="false" variableLength="false">DeleteChild</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadAttributes</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteAttributes</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> <command:parameterValue required="false" variableLength="false">AccessSystemSecurity</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: Exclude --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Exclude</maml:name> <maml:description> <maml:para>Exclude specific path components. This happens after enumeration so it just excludes them from the output. Takes the form of a DOS style Glob.</maml:para> </maml:description> <command:parameterValue required="true">string[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Filter --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Filter</maml:name> <maml:description> <maml:para>Specify a filter when enumerating paths. This removes paths which don't match and doesn't inspect them further. Takes the form of a DOS style Glob such as *.txt.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: FollowLink --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>FollowLink</maml:name> <maml:description> <maml:para>Specify to follow links in an recursive enumeration.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: FormatWin32Path --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>FormatWin32Path</maml:name> <maml:description> <maml:para>When generating the results format path in Win32 format.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: Include --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Include</maml:name> <maml:description> <maml:para>Include specific path components. This happens after enumeration so it just excludes them from the output. Takes the form of a DOS style Glob such as *.txt.</maml:para> </maml:description> <command:parameterValue required="true">string[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Process --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="Processes"> <maml:name>Process</maml:name> <maml:description> <maml:para>Specify a list of process objects to get tokens from.</maml:para> </maml:description> <command:parameterValue required="true">NtProcess[]</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtProcess[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: ProcessCommandLine --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ProcessCommandLines"> <maml:name>ProcessCommandLine</maml:name> <maml:description> <maml:para>Specify a list of command lines to filter on find for the process tokens.</maml:para> </maml:description> <command:parameterValue required="true">string[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: ProcessId --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ProcessIds"> <maml:name>ProcessId</maml:name> <maml:description> <maml:para>Specify a list of process IDs to open for their tokens.</maml:para> </maml:description> <command:parameterValue required="true">int[]</command:parameterValue> <dev:type> <maml:name>System.Int32[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: ProcessName --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ProcessNames"> <maml:name>ProcessName</maml:name> <maml:description> <maml:para>Specify a list of process names to open for their tokens.</maml:para> </maml:description> <command:parameterValue required="true">string[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Recurse --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Recurse</maml:name> <maml:description> <maml:para>Specify whether to recursively check the path for access.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: Token --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="Tokens"> <maml:name>Token</maml:name> <maml:description> <maml:para>Specify a list token objects.</maml:para> </maml:description> <command:parameterValue required="true">NtToken[]</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtToken[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Win32Path --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Win32Path</maml:name> <maml:description> <maml:para>Specify a list of paths in a Win32 format.</maml:para> </maml:description> <command:parameterValue required="true">string[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <!-- Parameter: DirectoryAccess --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="DirectoryAccessRights"> <maml:name>DirectoryAccess</maml:name> <maml:description> <maml:para>Specify a set of directory access rights which a directory must at least be accessible for to count as an access.</maml:para> <maml:para>Possible values: None, ListDirectory, AddFile, AddSubDirectory, ReadEa, WriteEa, Traverse, DeleteChild, ReadAttributes, WriteAttributes, GenericRead, GenericWrite, GenericExecute, GenericAll, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, MaximumAllowed, AccessSystemSecurity</maml:para> </maml:description> <command:parameterValue required="true">FileDirectoryAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.FileDirectoryAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">ListDirectory</command:parameterValue> <command:parameterValue required="false" variableLength="false">AddFile</command:parameterValue> <command:parameterValue required="false" variableLength="false">AddSubDirectory</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadEa</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteEa</command:parameterValue> <command:parameterValue required="false" variableLength="false">Traverse</command:parameterValue> <command:parameterValue required="false" variableLength="false">DeleteChild</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadAttributes</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteAttributes</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> <command:parameterValue required="false" variableLength="false">AccessSystemSecurity</command:parameterValue> </command:parameterValueGroup> </command:parameter> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="DirectoryAccessRights"> <maml:name>DirectoryAccessRights</maml:name> <maml:description> <maml:para>Specify a set of directory access rights which a directory must at least be accessible for to count as an access.</maml:para> <maml:para>Possible values: None, ListDirectory, AddFile, AddSubDirectory, ReadEa, WriteEa, Traverse, DeleteChild, ReadAttributes, WriteAttributes, GenericRead, GenericWrite, GenericExecute, GenericAll, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, MaximumAllowed, AccessSystemSecurity</maml:para> <maml:para>This is an alias of the DirectoryAccess parameter.</maml:para> </maml:description> <command:parameterValue required="true">FileDirectoryAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.FileDirectoryAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">ListDirectory</command:parameterValue> <command:parameterValue required="false" variableLength="false">AddFile</command:parameterValue> <command:parameterValue required="false" variableLength="false">AddSubDirectory</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadEa</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteEa</command:parameterValue> <command:parameterValue required="false" variableLength="false">Traverse</command:parameterValue> <command:parameterValue required="false" variableLength="false">DeleteChild</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadAttributes</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteAttributes</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> <command:parameterValue required="false" variableLength="false">AccessSystemSecurity</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: CheckMode --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CheckMode</maml:name> <maml:description> <maml:para>Limit access check to specific types of files.</maml:para> <maml:para>Possible values: All, FilesOnly, DirectoriesOnly</maml:para> </maml:description> <command:parameterValue required="true">FileCheckMode</command:parameterValue> <dev:type> <maml:name>NtObjectManager.Cmdlets.Accessible.FileCheckMode</maml:name> <maml:uri /> <maml:description> <maml:para>Limit access check to specific types of files.</maml:para> </maml:description> </dev:type> <dev:defaultValue>All</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">All</command:parameterValue> <command:parameterValue required="false" variableLength="false">FilesOnly</command:parameterValue> <command:parameterValue required="false" variableLength="false">DirectoriesOnly</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: Path --> <command:parameter required="false" globbing="false" pipelineInput="true (ByValue)" position="0"> <maml:name>Path</maml:name> <maml:description> <maml:para>Specify a list of native paths to check.</maml:para> </maml:description> <command:parameterValue required="true">string[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Win32Path --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Win32Path</maml:name> <maml:description> <maml:para>Specify a list of paths in a Win32 format.</maml:para> </maml:description> <command:parameterValue required="true">string[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: FormatWin32Path --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>FormatWin32Path</maml:name> <maml:description> <maml:para>When generating the results format path in Win32 format.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: Recurse --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Recurse</maml:name> <maml:description> <maml:para>Specify whether to recursively check the path for access.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: Depth --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="MaxDepth"> <maml:name>Depth</maml:name> <maml:description> <maml:para>When recursing specify maximum depth.</maml:para> </maml:description> <command:parameterValue required="true">int</command:parameterValue> <dev:type> <maml:name>System.Int32</maml:name> <maml:uri /> </dev:type> </command:parameter> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="MaxDepth"> <maml:name>MaxDepth</maml:name> <maml:description> <maml:para>When recursing specify maximum depth.</maml:para> <maml:para>This is an alias of the Depth parameter.</maml:para> </maml:description> <command:parameterValue required="true">int</command:parameterValue> <dev:type> <maml:name>System.Int32</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Filter --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Filter</maml:name> <maml:description> <maml:para>Specify a filter when enumerating paths. This removes paths which don't match and doesn't inspect them further. Takes the form of a DOS style Glob such as *.txt.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Include --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Include</maml:name> <maml:description> <maml:para>Include specific path components. This happens after enumeration so it just excludes them from the output. Takes the form of a DOS style Glob such as *.txt.</maml:para> </maml:description> <command:parameterValue required="true">string[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Exclude --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Exclude</maml:name> <maml:description> <maml:para>Exclude specific path components. This happens after enumeration so it just excludes them from the output. Takes the form of a DOS style Glob.</maml:para> </maml:description> <command:parameterValue required="true">string[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: FollowLink --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>FollowLink</maml:name> <maml:description> <maml:para>Specify to follow links in an recursive enumeration.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: CaseSensitive --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CaseSensitive</maml:name> <maml:description> <maml:para>Specify the checks should be attempted case sensitively.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: Access --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="AccessRights"> <maml:name>Access</maml:name> <maml:description> <maml:para>Access rights to check for in an object's access.</maml:para> <maml:para>Possible values: None, ReadData, WriteData, AppendData, ReadEa, WriteEa, Execute, DeleteChild, ReadAttributes, WriteAttributes, GenericRead, GenericWrite, GenericExecute, GenericAll, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, MaximumAllowed, AccessSystemSecurity</maml:para> </maml:description> <command:parameterValue required="true">FileAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.FileAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadData</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteData</command:parameterValue> <command:parameterValue required="false" variableLength="false">AppendData</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadEa</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteEa</command:parameterValue> <command:parameterValue required="false" variableLength="false">Execute</command:parameterValue> <command:parameterValue required="false" variableLength="false">DeleteChild</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadAttributes</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteAttributes</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> <command:parameterValue required="false" variableLength="false">AccessSystemSecurity</command:parameterValue> </command:parameterValueGroup> </command:parameter> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="AccessRights"> <maml:name>AccessRights</maml:name> <maml:description> <maml:para>Access rights to check for in an object's access.</maml:para> <maml:para>Possible values: None, ReadData, WriteData, AppendData, ReadEa, WriteEa, Execute, DeleteChild, ReadAttributes, WriteAttributes, GenericRead, GenericWrite, GenericExecute, GenericAll, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, MaximumAllowed, AccessSystemSecurity</maml:para> <maml:para>This is an alias of the Access parameter.</maml:para> </maml:description> <command:parameterValue required="true">FileAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.FileAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadData</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteData</command:parameterValue> <command:parameterValue required="false" variableLength="false">AppendData</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadEa</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteEa</command:parameterValue> <command:parameterValue required="false" variableLength="false">Execute</command:parameterValue> <command:parameterValue required="false" variableLength="false">DeleteChild</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadAttributes</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteAttributes</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> <command:parameterValue required="false" variableLength="false">AccessSystemSecurity</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: AllowPartialAccess --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>AllowPartialAccess</maml:name> <maml:description> <maml:para>If AccessRights specified require that only part of the access rights are required to match an access check.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: AllowEmptyAccess --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>AllowEmptyAccess</maml:name> <maml:description> <maml:para>If set an access entry will be generated even if granted access is 0.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: ProcessId --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ProcessIds"> <maml:name>ProcessId</maml:name> <maml:description> <maml:para>Specify a list of process IDs to open for their tokens.</maml:para> </maml:description> <command:parameterValue required="true">int[]</command:parameterValue> <dev:type> <maml:name>System.Int32[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ProcessIds"> <maml:name>ProcessIds</maml:name> <maml:description> <maml:para>Specify a list of process IDs to open for their tokens.</maml:para> <maml:para>This is an alias of the ProcessId parameter.</maml:para> </maml:description> <command:parameterValue required="true">int[]</command:parameterValue> <dev:type> <maml:name>System.Int32[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: ProcessName --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ProcessNames"> <maml:name>ProcessName</maml:name> <maml:description> <maml:para>Specify a list of process names to open for their tokens.</maml:para> </maml:description> <command:parameterValue required="true">string[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ProcessNames"> <maml:name>ProcessNames</maml:name> <maml:description> <maml:para>Specify a list of process names to open for their tokens.</maml:para> <maml:para>This is an alias of the ProcessName parameter.</maml:para> </maml:description> <command:parameterValue required="true">string[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: ProcessCommandLine --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ProcessCommandLines"> <maml:name>ProcessCommandLine</maml:name> <maml:description> <maml:para>Specify a list of command lines to filter on find for the process tokens.</maml:para> </maml:description> <command:parameterValue required="true">string[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ProcessCommandLines"> <maml:name>ProcessCommandLines</maml:name> <maml:description> <maml:para>Specify a list of command lines to filter on find for the process tokens.</maml:para> <maml:para>This is an alias of the ProcessCommandLine parameter.</maml:para> </maml:description> <command:parameterValue required="true">string[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Token --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="Tokens"> <maml:name>Token</maml:name> <maml:description> <maml:para>Specify a list token objects.</maml:para> </maml:description> <command:parameterValue required="true">NtToken[]</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtToken[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="Tokens"> <maml:name>Tokens</maml:name> <maml:description> <maml:para>Specify a list token objects.</maml:para> <maml:para>This is an alias of the Token parameter.</maml:para> </maml:description> <command:parameterValue required="true">NtToken[]</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtToken[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Process --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="Processes"> <maml:name>Process</maml:name> <maml:description> <maml:para>Specify a list of process objects to get tokens from.</maml:para> </maml:description> <command:parameterValue required="true">NtProcess[]</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtProcess[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="Processes"> <maml:name>Processes</maml:name> <maml:description> <maml:para>Specify a list of process objects to get tokens from.</maml:para> <maml:para>This is an alias of the Process parameter.</maml:para> </maml:description> <command:parameterValue required="true">NtProcess[]</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtProcess[]</maml:name> <maml:uri /> </dev:type> </command:parameter> </command:parameters> <command:inputTypes> <command:inputType> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> <maml:description> <maml:para>Specify a list of native paths to check.</maml:para> </maml:description> </command:inputType> </command:inputTypes> <command:returnValues> <!-- OutputType: CommonAccessCheckResult --> <command:returnValue> <dev:type> <maml:name>NtObjectManager.Cmdlets.Accessible.CommonAccessCheckResult</maml:name> <maml:uri /> </dev:type> <maml:description> <maml:para>General Access check result.</maml:para> </maml:description> </command:returnValue> </command:returnValues> <command:examples> <command:example> <maml:title>---------- EXAMPLE 1 ----------</maml:title> <dev:code>Get-AccessibleFile \??\C:\Windows</dev:code> <dev:remarks> <maml:para>Check accessible file c:\Windows for the current process token.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 2 ----------</maml:title> <dev:code>Get-AccessibleFile \??\C:\Windows -ProcessIds 1234,5678</dev:code> <dev:remarks> <maml:para>Check accessible file c:\Windows for the process tokens of PIDs 1234 and 5678</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 3 ----------</maml:title> <dev:code>Get-AccessibleFile \??\C:\Windows -Recurse</dev:code> <dev:remarks> <maml:para>Check recursively for check accessible files under c:\Windows for the current process token.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 4 ----------</maml:title> <dev:code>Get-AccessibleFile -Win32Path C:\Windows -Recurse</dev:code> <dev:remarks> <maml:para>Check recursively for check accessible files under c:\Windows for the current process token using a Win32 path.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 5 ----------</maml:title> <dev:code>Get-AccessibleFile -Win32Path C:\Windows -Recurse -MaxDepth 2</dev:code> <dev:remarks> <maml:para>Check recursively for check accessible files under c:\Windows for the current process token using a Win32 path with a max depth of 2.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 6 ----------</maml:title> <dev:code>$token = Get-NtToken -Primary -Duplicate -IntegrityLevel Low Get-AccessibleFile \??\C:\Windows -Recurse -Tokens $token -AccessRights GenericWrite</dev:code> <dev:remarks> <maml:para>Get all files with can be written to \??\C:\Windows by a low integrity copy of current token.</maml:para> </dev:remarks> </command:example> </command:examples> </command:command> <!-- Cmdlet: Get-AccessibleHandle --> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"> <command:details> <command:name>Get-AccessibleHandle</command:name> <command:verb>Get</command:verb> <command:noun>AccessibleHandle</command:noun> <maml:description> <maml:para>Get a list of accessible handles from a specified token.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>This cmdlet enumerates all handles accessible from a specific token and checks and determines what the maximum access rights are for that handle.</maml:para> </maml:description> <command:syntax> <!-- Parameter set: __AllParameterSets --> <command:syntaxItem> <maml:name>Get-AccessibleHandle</maml:name> <!-- Parameter: Process --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="Processes"> <maml:name>Process</maml:name> <maml:description> <maml:para>Specify a list of process objects to get tokens from.</maml:para> </maml:description> <command:parameterValue required="true">NtProcess[]</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtProcess[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: ProcessCommandLine --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ProcessCommandLines"> <maml:name>ProcessCommandLine</maml:name> <maml:description> <maml:para>Specify a list of command lines to filter on find for the process tokens.</maml:para> </maml:description> <command:parameterValue required="true">string[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: ProcessId --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ProcessIds"> <maml:name>ProcessId</maml:name> <maml:description> <maml:para>Specify a list of process IDs to open for their tokens.</maml:para> </maml:description> <command:parameterValue required="true">int[]</command:parameterValue> <dev:type> <maml:name>System.Int32[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: ProcessName --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ProcessNames"> <maml:name>ProcessName</maml:name> <maml:description> <maml:para>Specify a list of process names to open for their tokens.</maml:para> </maml:description> <command:parameterValue required="true">string[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: QueryAllDevicePaths --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>QueryAllDevicePaths</maml:name> <maml:description> <maml:para>Specify to query all file device paths. Doing this might cause the cmdlet to hang.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: Token --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="Tokens"> <maml:name>Token</maml:name> <maml:description> <maml:para>Specify a list token objects.</maml:para> </maml:description> <command:parameterValue required="true">NtToken[]</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtToken[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: TypeFilter --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>TypeFilter</maml:name> <maml:description> <maml:para>Specify list of NT object types to filter on.</maml:para> </maml:description> <command:parameterValue required="true">string[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <!-- Parameter: TypeFilter --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>TypeFilter</maml:name> <maml:description> <maml:para>Specify list of NT object types to filter on.</maml:para> </maml:description> <command:parameterValue required="true">string[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: QueryAllDevicePaths --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>QueryAllDevicePaths</maml:name> <maml:description> <maml:para>Specify to query all file device paths. Doing this might cause the cmdlet to hang.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: ProcessId --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ProcessIds"> <maml:name>ProcessId</maml:name> <maml:description> <maml:para>Specify a list of process IDs to open for their tokens.</maml:para> </maml:description> <command:parameterValue required="true">int[]</command:parameterValue> <dev:type> <maml:name>System.Int32[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ProcessIds"> <maml:name>ProcessIds</maml:name> <maml:description> <maml:para>Specify a list of process IDs to open for their tokens.</maml:para> <maml:para>This is an alias of the ProcessId parameter.</maml:para> </maml:description> <command:parameterValue required="true">int[]</command:parameterValue> <dev:type> <maml:name>System.Int32[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: ProcessName --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ProcessNames"> <maml:name>ProcessName</maml:name> <maml:description> <maml:para>Specify a list of process names to open for their tokens.</maml:para> </maml:description> <command:parameterValue required="true">string[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ProcessNames"> <maml:name>ProcessNames</maml:name> <maml:description> <maml:para>Specify a list of process names to open for their tokens.</maml:para> <maml:para>This is an alias of the ProcessName parameter.</maml:para> </maml:description> <command:parameterValue required="true">string[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: ProcessCommandLine --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ProcessCommandLines"> <maml:name>ProcessCommandLine</maml:name> <maml:description> <maml:para>Specify a list of command lines to filter on find for the process tokens.</maml:para> </maml:description> <command:parameterValue required="true">string[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ProcessCommandLines"> <maml:name>ProcessCommandLines</maml:name> <maml:description> <maml:para>Specify a list of command lines to filter on find for the process tokens.</maml:para> <maml:para>This is an alias of the ProcessCommandLine parameter.</maml:para> </maml:description> <command:parameterValue required="true">string[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Token --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="Tokens"> <maml:name>Token</maml:name> <maml:description> <maml:para>Specify a list token objects.</maml:para> </maml:description> <command:parameterValue required="true">NtToken[]</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtToken[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="Tokens"> <maml:name>Tokens</maml:name> <maml:description> <maml:para>Specify a list token objects.</maml:para> <maml:para>This is an alias of the Token parameter.</maml:para> </maml:description> <command:parameterValue required="true">NtToken[]</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtToken[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Process --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="Processes"> <maml:name>Process</maml:name> <maml:description> <maml:para>Specify a list of process objects to get tokens from.</maml:para> </maml:description> <command:parameterValue required="true">NtProcess[]</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtProcess[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="Processes"> <maml:name>Processes</maml:name> <maml:description> <maml:para>Specify a list of process objects to get tokens from.</maml:para> <maml:para>This is an alias of the Process parameter.</maml:para> </maml:description> <command:parameterValue required="true">NtProcess[]</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtProcess[]</maml:name> <maml:uri /> </dev:type> </command:parameter> </command:parameters> <command:inputTypes /> <command:returnValues> <!-- OutputType: HandleAccessCheckResult --> <command:returnValue> <dev:type> <maml:name>NtObjectManager.Cmdlets.Accessible.HandleAccessCheckResult</maml:name> <maml:uri /> </dev:type> <maml:description> <maml:para>Access check result for a handle.</maml:para> </maml:description> </command:returnValue> </command:returnValues> <command:examples> <command:example> <maml:title>---------- EXAMPLE 1 ----------</maml:title> <dev:code>Get-AccessibleHandle</dev:code> <dev:remarks> <maml:para>Check all accessible handles for the current process token.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 2 ----------</maml:title> <dev:code>Get-AccessibleHandle -TypeFilter Key</dev:code> <dev:remarks> <maml:para>Check all accessible key handles for the current process token.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 3 ----------</maml:title> <dev:code>Get-AccessibleHandle -ProcessIds 1234,5678</dev:code> <dev:remarks> <maml:para>>Check all accessible handles for the process tokens of PIDs 1234 and 5678</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 4 ----------</maml:title> <dev:code>Get-AccessibleHandle | Where-Object DifferentAccess</dev:code> <dev:remarks> <maml:para>Check all accessible handles for the current process token where the access differs from what the access would be if you reopened the resource</maml:para> </dev:remarks> </command:example> </command:examples> </command:command> <!-- Cmdlet: Get-AccessibleKey --> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"> <command:details> <command:name>Get-AccessibleKey</command:name> <command:verb>Get</command:verb> <command:noun>AccessibleKey</command:noun> <maml:description> <maml:para>Get a list of Registry Keys that can be opened by a specified token.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>This cmdlet checks a registry key and tries to determine if one or more specified tokens can open them. If no tokens are specified the current process token is used.</maml:para> </maml:description> <command:syntax> <!-- Parameter set: path --> <command:syntaxItem> <maml:name>Get-AccessibleKey</maml:name> <!-- Parameter: Path --> <command:parameter required="false" globbing="false" pipelineInput="true (ByValue)" position="0"> <maml:name>Path</maml:name> <maml:description> <maml:para>Specify a list of native paths to check.</maml:para> </maml:description> <command:parameterValue required="true">string[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Access --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="AccessRights"> <maml:name>Access</maml:name> <maml:description> <maml:para>Access rights to check for in an object's access.</maml:para> <maml:para>Possible values: QueryValue, SetValue, CreateSubKey, EnumerateSubKeys, Notify, CreateLink, GenericRead, GenericWrite, GenericExecute, GenericAll, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, MaximumAllowed, AccessSystemSecurity</maml:para> </maml:description> <command:parameterValue required="true">KeyAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.KeyAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>0</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">QueryValue</command:parameterValue> <command:parameterValue required="false" variableLength="false">SetValue</command:parameterValue> <command:parameterValue required="false" variableLength="false">CreateSubKey</command:parameterValue> <command:parameterValue required="false" variableLength="false">EnumerateSubKeys</command:parameterValue> <command:parameterValue required="false" variableLength="false">Notify</command:parameterValue> <command:parameterValue required="false" variableLength="false">CreateLink</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> <command:parameterValue required="false" variableLength="false">AccessSystemSecurity</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: AllowEmptyAccess --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>AllowEmptyAccess</maml:name> <maml:description> <maml:para>If set an access entry will be generated even if granted access is 0.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: AllowPartialAccess --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>AllowPartialAccess</maml:name> <maml:description> <maml:para>If AccessRights specified require that only part of the access rights are required to match an access check.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: CaseSensitive --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CaseSensitive</maml:name> <maml:description> <maml:para>Specify the checks should be attempted case sensitively.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: Depth --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="MaxDepth"> <maml:name>Depth</maml:name> <maml:description> <maml:para>When recursing specify maximum depth.</maml:para> </maml:description> <command:parameterValue required="true">int</command:parameterValue> <dev:type> <maml:name>System.Int32</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Exclude --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Exclude</maml:name> <maml:description> <maml:para>Exclude specific path components. This happens after enumeration so it just excludes them from the output. Takes the form of a DOS style Glob.</maml:para> </maml:description> <command:parameterValue required="true">string[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Filter --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Filter</maml:name> <maml:description> <maml:para>Specify a filter when enumerating paths. This removes paths which don't match and doesn't inspect them further. Takes the form of a DOS style Glob such as *.txt.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: FollowLink --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>FollowLink</maml:name> <maml:description> <maml:para>Specify to follow links in an recursive enumeration.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: FormatWin32Path --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>FormatWin32Path</maml:name> <maml:description> <maml:para>When generating the results format path in Win32 format.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: Include --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Include</maml:name> <maml:description> <maml:para>Include specific path components. This happens after enumeration so it just excludes them from the output. Takes the form of a DOS style Glob such as *.txt.</maml:para> </maml:description> <command:parameterValue required="true">string[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Process --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="Processes"> <maml:name>Process</maml:name> <maml:description> <maml:para>Specify a list of process objects to get tokens from.</maml:para> </maml:description> <command:parameterValue required="true">NtProcess[]</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtProcess[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: ProcessCommandLine --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ProcessCommandLines"> <maml:name>ProcessCommandLine</maml:name> <maml:description> <maml:para>Specify a list of command lines to filter on find for the process tokens.</maml:para> </maml:description> <command:parameterValue required="true">string[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: ProcessId --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ProcessIds"> <maml:name>ProcessId</maml:name> <maml:description> <maml:para>Specify a list of process IDs to open for their tokens.</maml:para> </maml:description> <command:parameterValue required="true">int[]</command:parameterValue> <dev:type> <maml:name>System.Int32[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: ProcessName --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ProcessNames"> <maml:name>ProcessName</maml:name> <maml:description> <maml:para>Specify a list of process names to open for their tokens.</maml:para> </maml:description> <command:parameterValue required="true">string[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Recurse --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Recurse</maml:name> <maml:description> <maml:para>Specify whether to recursively check the path for access.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: Token --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="Tokens"> <maml:name>Token</maml:name> <maml:description> <maml:para>Specify a list token objects.</maml:para> </maml:description> <command:parameterValue required="true">NtToken[]</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtToken[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Win32Path --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Win32Path</maml:name> <maml:description> <maml:para>Specify a list of paths in a Win32 format.</maml:para> </maml:description> <command:parameterValue required="true">string[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <!-- Parameter: Path --> <command:parameter required="false" globbing="false" pipelineInput="true (ByValue)" position="0"> <maml:name>Path</maml:name> <maml:description> <maml:para>Specify a list of native paths to check.</maml:para> </maml:description> <command:parameterValue required="true">string[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Win32Path --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Win32Path</maml:name> <maml:description> <maml:para>Specify a list of paths in a Win32 format.</maml:para> </maml:description> <command:parameterValue required="true">string[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: FormatWin32Path --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>FormatWin32Path</maml:name> <maml:description> <maml:para>When generating the results format path in Win32 format.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: Recurse --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Recurse</maml:name> <maml:description> <maml:para>Specify whether to recursively check the path for access.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: Depth --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="MaxDepth"> <maml:name>Depth</maml:name> <maml:description> <maml:para>When recursing specify maximum depth.</maml:para> </maml:description> <command:parameterValue required="true">int</command:parameterValue> <dev:type> <maml:name>System.Int32</maml:name> <maml:uri /> </dev:type> </command:parameter> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="MaxDepth"> <maml:name>MaxDepth</maml:name> <maml:description> <maml:para>When recursing specify maximum depth.</maml:para> <maml:para>This is an alias of the Depth parameter.</maml:para> </maml:description> <command:parameterValue required="true">int</command:parameterValue> <dev:type> <maml:name>System.Int32</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Filter --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Filter</maml:name> <maml:description> <maml:para>Specify a filter when enumerating paths. This removes paths which don't match and doesn't inspect them further. Takes the form of a DOS style Glob such as *.txt.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Include --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Include</maml:name> <maml:description> <maml:para>Include specific path components. This happens after enumeration so it just excludes them from the output. Takes the form of a DOS style Glob such as *.txt.</maml:para> </maml:description> <command:parameterValue required="true">string[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Exclude --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Exclude</maml:name> <maml:description> <maml:para>Exclude specific path components. This happens after enumeration so it just excludes them from the output. Takes the form of a DOS style Glob.</maml:para> </maml:description> <command:parameterValue required="true">string[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: FollowLink --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>FollowLink</maml:name> <maml:description> <maml:para>Specify to follow links in an recursive enumeration.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: CaseSensitive --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CaseSensitive</maml:name> <maml:description> <maml:para>Specify the checks should be attempted case sensitively.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: Access --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="AccessRights"> <maml:name>Access</maml:name> <maml:description> <maml:para>Access rights to check for in an object's access.</maml:para> <maml:para>Possible values: QueryValue, SetValue, CreateSubKey, EnumerateSubKeys, Notify, CreateLink, GenericRead, GenericWrite, GenericExecute, GenericAll, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, MaximumAllowed, AccessSystemSecurity</maml:para> </maml:description> <command:parameterValue required="true">KeyAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.KeyAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>0</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">QueryValue</command:parameterValue> <command:parameterValue required="false" variableLength="false">SetValue</command:parameterValue> <command:parameterValue required="false" variableLength="false">CreateSubKey</command:parameterValue> <command:parameterValue required="false" variableLength="false">EnumerateSubKeys</command:parameterValue> <command:parameterValue required="false" variableLength="false">Notify</command:parameterValue> <command:parameterValue required="false" variableLength="false">CreateLink</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> <command:parameterValue required="false" variableLength="false">AccessSystemSecurity</command:parameterValue> </command:parameterValueGroup> </command:parameter> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="AccessRights"> <maml:name>AccessRights</maml:name> <maml:description> <maml:para>Access rights to check for in an object's access.</maml:para> <maml:para>Possible values: QueryValue, SetValue, CreateSubKey, EnumerateSubKeys, Notify, CreateLink, GenericRead, GenericWrite, GenericExecute, GenericAll, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, MaximumAllowed, AccessSystemSecurity</maml:para> <maml:para>This is an alias of the Access parameter.</maml:para> </maml:description> <command:parameterValue required="true">KeyAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.KeyAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>0</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">QueryValue</command:parameterValue> <command:parameterValue required="false" variableLength="false">SetValue</command:parameterValue> <command:parameterValue required="false" variableLength="false">CreateSubKey</command:parameterValue> <command:parameterValue required="false" variableLength="false">EnumerateSubKeys</command:parameterValue> <command:parameterValue required="false" variableLength="false">Notify</command:parameterValue> <command:parameterValue required="false" variableLength="false">CreateLink</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> <command:parameterValue required="false" variableLength="false">AccessSystemSecurity</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: AllowPartialAccess --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>AllowPartialAccess</maml:name> <maml:description> <maml:para>If AccessRights specified require that only part of the access rights are required to match an access check.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: AllowEmptyAccess --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>AllowEmptyAccess</maml:name> <maml:description> <maml:para>If set an access entry will be generated even if granted access is 0.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: ProcessId --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ProcessIds"> <maml:name>ProcessId</maml:name> <maml:description> <maml:para>Specify a list of process IDs to open for their tokens.</maml:para> </maml:description> <command:parameterValue required="true">int[]</command:parameterValue> <dev:type> <maml:name>System.Int32[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ProcessIds"> <maml:name>ProcessIds</maml:name> <maml:description> <maml:para>Specify a list of process IDs to open for their tokens.</maml:para> <maml:para>This is an alias of the ProcessId parameter.</maml:para> </maml:description> <command:parameterValue required="true">int[]</command:parameterValue> <dev:type> <maml:name>System.Int32[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: ProcessName --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ProcessNames"> <maml:name>ProcessName</maml:name> <maml:description> <maml:para>Specify a list of process names to open for their tokens.</maml:para> </maml:description> <command:parameterValue required="true">string[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ProcessNames"> <maml:name>ProcessNames</maml:name> <maml:description> <maml:para>Specify a list of process names to open for their tokens.</maml:para> <maml:para>This is an alias of the ProcessName parameter.</maml:para> </maml:description> <command:parameterValue required="true">string[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: ProcessCommandLine --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ProcessCommandLines"> <maml:name>ProcessCommandLine</maml:name> <maml:description> <maml:para>Specify a list of command lines to filter on find for the process tokens.</maml:para> </maml:description> <command:parameterValue required="true">string[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ProcessCommandLines"> <maml:name>ProcessCommandLines</maml:name> <maml:description> <maml:para>Specify a list of command lines to filter on find for the process tokens.</maml:para> <maml:para>This is an alias of the ProcessCommandLine parameter.</maml:para> </maml:description> <command:parameterValue required="true">string[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Token --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="Tokens"> <maml:name>Token</maml:name> <maml:description> <maml:para>Specify a list token objects.</maml:para> </maml:description> <command:parameterValue required="true">NtToken[]</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtToken[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="Tokens"> <maml:name>Tokens</maml:name> <maml:description> <maml:para>Specify a list token objects.</maml:para> <maml:para>This is an alias of the Token parameter.</maml:para> </maml:description> <command:parameterValue required="true">NtToken[]</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtToken[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Process --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="Processes"> <maml:name>Process</maml:name> <maml:description> <maml:para>Specify a list of process objects to get tokens from.</maml:para> </maml:description> <command:parameterValue required="true">NtProcess[]</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtProcess[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="Processes"> <maml:name>Processes</maml:name> <maml:description> <maml:para>Specify a list of process objects to get tokens from.</maml:para> <maml:para>This is an alias of the Process parameter.</maml:para> </maml:description> <command:parameterValue required="true">NtProcess[]</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtProcess[]</maml:name> <maml:uri /> </dev:type> </command:parameter> </command:parameters> <command:inputTypes> <command:inputType> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> <maml:description> <maml:para>Specify a list of native paths to check.</maml:para> </maml:description> </command:inputType> </command:inputTypes> <command:returnValues> <!-- OutputType: CommonAccessCheckResult --> <command:returnValue> <dev:type> <maml:name>NtObjectManager.Cmdlets.Accessible.CommonAccessCheckResult</maml:name> <maml:uri /> </dev:type> <maml:description> <maml:para>General Access check result.</maml:para> </maml:description> </command:returnValue> </command:returnValues> <command:examples> <command:example> <maml:title>---------- EXAMPLE 1 ----------</maml:title> <dev:code>Get-AccessibleKey \Registry\Machine\Software</dev:code> <dev:remarks> <maml:para>Check accessible keys \Registry\Machine\Software for the current process token.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 2 ----------</maml:title> <dev:code>Get-AccessibleKey \Registry\Machine\Software -ProcessIds 1234,5678</dev:code> <dev:remarks> <maml:para>Check accessible keys \Registry\Machine\Software for the process tokens of PIDs 1234 and 5678</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 3 ----------</maml:title> <dev:code>Get-AccessibleKey \Registry\Machine\Software -Recurse</dev:code> <dev:remarks> <maml:para>Check recursively for accessible keys \Registry\Machine\Software for the current process token.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 4 ----------</maml:title> <dev:code>Get-AccessibleKey \Registry\Machine\Software -Recurse -MaxDepth 5</dev:code> <dev:remarks> <maml:para>Check recursively for accessible keys \Registry\Machine\Software for the current process token to a maximum depth of 5.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 5 ----------</maml:title> <dev:code>Get-AccessibleKey -Win32Path HKLM\Software -Recurse</dev:code> <dev:remarks> <maml:para>Check recursively for accessible keys NT path HKEY_LOCAL_MACHINE for the current process token using a Win32 path.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 6 ----------</maml:title> <dev:code>$token = Get-NtToken -Primary -Duplicate -IntegrityLevel Low Get-AccessibleKey -Win32Path HKCU -Recurse -Tokens $token -AccessRights GenericWrite</dev:code> <dev:remarks> <maml:para>Get all keys with can be written to in HKEY_CURRENT_USER by a low integrity copy of current token.</maml:para> </dev:remarks> </command:example> </command:examples> </command:command> <!-- Cmdlet: Get-AccessibleNamedPipe --> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"> <command:details> <command:name>Get-AccessibleNamedPipe</command:name> <command:verb>Get</command:verb> <command:noun>AccessibleNamedPipe</command:noun> <maml:description> <maml:para>Get a list of named pipes that can be opened by a specified token.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>This cmdlet checks for named pipes and tries to determine if one or more specified tokens can open them. If no tokens are specified the current process token is used.</maml:para> </maml:description> <command:syntax> <!-- Parameter set: __AllParameterSets --> <command:syntaxItem> <maml:name>Get-AccessibleNamedPipe</maml:name> <!-- Parameter: Access --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="AccessRights"> <maml:name>Access</maml:name> <maml:description> <maml:para>Access rights to check for in an object's access.</maml:para> <maml:para>Possible values: None, ReadData, WriteData, AppendData, ReadEa, WriteEa, Execute, DeleteChild, ReadAttributes, WriteAttributes, GenericRead, GenericWrite, GenericExecute, GenericAll, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, MaximumAllowed, AccessSystemSecurity</maml:para> </maml:description> <command:parameterValue required="true">FileAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.FileAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadData</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteData</command:parameterValue> <command:parameterValue required="false" variableLength="false">AppendData</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadEa</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteEa</command:parameterValue> <command:parameterValue required="false" variableLength="false">Execute</command:parameterValue> <command:parameterValue required="false" variableLength="false">DeleteChild</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadAttributes</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteAttributes</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> <command:parameterValue required="false" variableLength="false">AccessSystemSecurity</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: AllowEmptyAccess --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>AllowEmptyAccess</maml:name> <maml:description> <maml:para>If set an access entry will be generated even if granted access is 0.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: AllowPartialAccess --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>AllowPartialAccess</maml:name> <maml:description> <maml:para>If AccessRights specified require that only part of the access rights are required to match an access check.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: FormatWin32Path --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>FormatWin32Path</maml:name> <maml:description> <maml:para>When generating the results format path in Win32 format.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: OpenServer --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>OpenServer</maml:name> <maml:description> <maml:para>Try and open the server end rather than the client end of the pipe.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: Process --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="Processes"> <maml:name>Process</maml:name> <maml:description> <maml:para>Specify a list of process objects to get tokens from.</maml:para> </maml:description> <command:parameterValue required="true">NtProcess[]</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtProcess[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: ProcessCommandLine --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ProcessCommandLines"> <maml:name>ProcessCommandLine</maml:name> <maml:description> <maml:para>Specify a list of command lines to filter on find for the process tokens.</maml:para> </maml:description> <command:parameterValue required="true">string[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: ProcessId --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ProcessIds"> <maml:name>ProcessId</maml:name> <maml:description> <maml:para>Specify a list of process IDs to open for their tokens.</maml:para> </maml:description> <command:parameterValue required="true">int[]</command:parameterValue> <dev:type> <maml:name>System.Int32[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: ProcessName --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ProcessNames"> <maml:name>ProcessName</maml:name> <maml:description> <maml:para>Specify a list of process names to open for their tokens.</maml:para> </maml:description> <command:parameterValue required="true">string[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Token --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="Tokens"> <maml:name>Token</maml:name> <maml:description> <maml:para>Specify a list token objects.</maml:para> </maml:description> <command:parameterValue required="true">NtToken[]</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtToken[]</maml:name> <maml:uri /> </dev:type> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <!-- Parameter: FormatWin32Path --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>FormatWin32Path</maml:name> <maml:description> <maml:para>When generating the results format path in Win32 format.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: OpenServer --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>OpenServer</maml:name> <maml:description> <maml:para>Try and open the server end rather than the client end of the pipe.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: Access --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="AccessRights"> <maml:name>Access</maml:name> <maml:description> <maml:para>Access rights to check for in an object's access.</maml:para> <maml:para>Possible values: None, ReadData, WriteData, AppendData, ReadEa, WriteEa, Execute, DeleteChild, ReadAttributes, WriteAttributes, GenericRead, GenericWrite, GenericExecute, GenericAll, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, MaximumAllowed, AccessSystemSecurity</maml:para> </maml:description> <command:parameterValue required="true">FileAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.FileAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadData</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteData</command:parameterValue> <command:parameterValue required="false" variableLength="false">AppendData</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadEa</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteEa</command:parameterValue> <command:parameterValue required="false" variableLength="false">Execute</command:parameterValue> <command:parameterValue required="false" variableLength="false">DeleteChild</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadAttributes</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteAttributes</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> <command:parameterValue required="false" variableLength="false">AccessSystemSecurity</command:parameterValue> </command:parameterValueGroup> </command:parameter> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="AccessRights"> <maml:name>AccessRights</maml:name> <maml:description> <maml:para>Access rights to check for in an object's access.</maml:para> <maml:para>Possible values: None, ReadData, WriteData, AppendData, ReadEa, WriteEa, Execute, DeleteChild, ReadAttributes, WriteAttributes, GenericRead, GenericWrite, GenericExecute, GenericAll, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, MaximumAllowed, AccessSystemSecurity</maml:para> <maml:para>This is an alias of the Access parameter.</maml:para> </maml:description> <command:parameterValue required="true">FileAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.FileAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadData</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteData</command:parameterValue> <command:parameterValue required="false" variableLength="false">AppendData</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadEa</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteEa</command:parameterValue> <command:parameterValue required="false" variableLength="false">Execute</command:parameterValue> <command:parameterValue required="false" variableLength="false">DeleteChild</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadAttributes</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteAttributes</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> <command:parameterValue required="false" variableLength="false">AccessSystemSecurity</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: AllowPartialAccess --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>AllowPartialAccess</maml:name> <maml:description> <maml:para>If AccessRights specified require that only part of the access rights are required to match an access check.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: AllowEmptyAccess --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>AllowEmptyAccess</maml:name> <maml:description> <maml:para>If set an access entry will be generated even if granted access is 0.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: ProcessId --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ProcessIds"> <maml:name>ProcessId</maml:name> <maml:description> <maml:para>Specify a list of process IDs to open for their tokens.</maml:para> </maml:description> <command:parameterValue required="true">int[]</command:parameterValue> <dev:type> <maml:name>System.Int32[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ProcessIds"> <maml:name>ProcessIds</maml:name> <maml:description> <maml:para>Specify a list of process IDs to open for their tokens.</maml:para> <maml:para>This is an alias of the ProcessId parameter.</maml:para> </maml:description> <command:parameterValue required="true">int[]</command:parameterValue> <dev:type> <maml:name>System.Int32[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: ProcessName --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ProcessNames"> <maml:name>ProcessName</maml:name> <maml:description> <maml:para>Specify a list of process names to open for their tokens.</maml:para> </maml:description> <command:parameterValue required="true">string[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ProcessNames"> <maml:name>ProcessNames</maml:name> <maml:description> <maml:para>Specify a list of process names to open for their tokens.</maml:para> <maml:para>This is an alias of the ProcessName parameter.</maml:para> </maml:description> <command:parameterValue required="true">string[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: ProcessCommandLine --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ProcessCommandLines"> <maml:name>ProcessCommandLine</maml:name> <maml:description> <maml:para>Specify a list of command lines to filter on find for the process tokens.</maml:para> </maml:description> <command:parameterValue required="true">string[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ProcessCommandLines"> <maml:name>ProcessCommandLines</maml:name> <maml:description> <maml:para>Specify a list of command lines to filter on find for the process tokens.</maml:para> <maml:para>This is an alias of the ProcessCommandLine parameter.</maml:para> </maml:description> <command:parameterValue required="true">string[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Token --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="Tokens"> <maml:name>Token</maml:name> <maml:description> <maml:para>Specify a list token objects.</maml:para> </maml:description> <command:parameterValue required="true">NtToken[]</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtToken[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="Tokens"> <maml:name>Tokens</maml:name> <maml:description> <maml:para>Specify a list token objects.</maml:para> <maml:para>This is an alias of the Token parameter.</maml:para> </maml:description> <command:parameterValue required="true">NtToken[]</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtToken[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Process --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="Processes"> <maml:name>Process</maml:name> <maml:description> <maml:para>Specify a list of process objects to get tokens from.</maml:para> </maml:description> <command:parameterValue required="true">NtProcess[]</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtProcess[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="Processes"> <maml:name>Processes</maml:name> <maml:description> <maml:para>Specify a list of process objects to get tokens from.</maml:para> <maml:para>This is an alias of the Process parameter.</maml:para> </maml:description> <command:parameterValue required="true">NtProcess[]</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtProcess[]</maml:name> <maml:uri /> </dev:type> </command:parameter> </command:parameters> <command:inputTypes /> <command:returnValues> <!-- OutputType: CommonAccessCheckResult --> <command:returnValue> <dev:type> <maml:name>NtObjectManager.Cmdlets.Accessible.CommonAccessCheckResult</maml:name> <maml:uri /> </dev:type> <maml:description> <maml:para>General Access check result.</maml:para> </maml:description> </command:returnValue> </command:returnValues> <command:examples> <command:example> <maml:title>---------- EXAMPLE 1 ----------</maml:title> <dev:code>Get-AccessibleNamedPipe</dev:code> <dev:remarks> <maml:para>Check accessible named pipes for the current process token.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 2 ----------</maml:title> <dev:code>Get-AccessibleNamedPipe -OpenServer</dev:code> <dev:remarks> <maml:para>Check accessible named pipes server end points which can be opened for the current process token.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 3 ----------</maml:title> <dev:code>Get-AccessibleNamedPipe -ProcessIds 1234,5678</dev:code> <dev:remarks> <maml:para>Check accessible named pipes for the process tokens of PIDs 1234 and 5678</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 4 ----------</maml:title> <dev:code>$token = Get-NtToken -Primary -Duplicate -IntegrityLevel Low Get-AccessibleNamedPipes -Tokens $token -AccessRights GenericWrite</dev:code> <dev:remarks> <maml:para>Get all named pipes with can be written to by a low integrity copy of current token.</maml:para> </dev:remarks> </command:example> </command:examples> </command:command> <!-- Cmdlet: Get-AccessibleObject --> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"> <command:details> <command:name>Get-AccessibleObject</command:name> <command:verb>Get</command:verb> <command:noun>AccessibleObject</command:noun> <maml:description> <maml:para>Get a list of NT objects that can be opened by a specified token.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>This cmdlet checks a NT object key and optionally tries to determine if one or more specified tokens can open them. If no tokens are specified the current process token is used.</maml:para> </maml:description> <command:syntax> <!-- Parameter set: handles --> <command:syntaxItem> <maml:name>Get-AccessibleObject</maml:name> <!-- Parameter: FromHandle --> <command:parameter required="true" globbing="false" pipelineInput="false" position="named" aliases="FromHandles"> <maml:name>FromHandle</maml:name> <maml:description> <maml:para>Specify to find objects based on handles rather than enumerating named paths.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: Access --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="AccessRights"> <maml:name>Access</maml:name> <maml:description> <maml:para>Access rights to check for in an object's access.</maml:para> <maml:para>Possible values: None, Access0, Access1, Access2, Access3, Access4, Access5, Access6, Access7, Access8, Access9, Access10, Access11, Access12, Access13, Access14, Access15, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, AccessSystemSecurity, MaximumAllowed, GenericAll, GenericExecute, GenericWrite, GenericRead</maml:para> </maml:description> <command:parameterValue required="true">GenericAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.GenericAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access0</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access1</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access2</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access3</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access4</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access5</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access6</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access7</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access8</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access9</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access10</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access11</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access12</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access13</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access14</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access15</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">AccessSystemSecurity</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: AllowEmptyAccess --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>AllowEmptyAccess</maml:name> <maml:description> <maml:para>If set an access entry will be generated even if granted access is 0.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: AllowPartialAccess --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>AllowPartialAccess</maml:name> <maml:description> <maml:para>If AccessRights specified require that only part of the access rights are required to match an access check.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: CheckUnnamed --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CheckUnnamed</maml:name> <maml:description> <maml:para>Specify when enumerating handles to also check unnamed objects.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: FormatWin32Path --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>FormatWin32Path</maml:name> <maml:description> <maml:para>When generating the results format path in Win32 format.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: Process --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="Processes"> <maml:name>Process</maml:name> <maml:description> <maml:para>Specify a list of process objects to get tokens from.</maml:para> </maml:description> <command:parameterValue required="true">NtProcess[]</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtProcess[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: ProcessCommandLine --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ProcessCommandLines"> <maml:name>ProcessCommandLine</maml:name> <maml:description> <maml:para>Specify a list of command lines to filter on find for the process tokens.</maml:para> </maml:description> <command:parameterValue required="true">string[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: ProcessId --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ProcessIds"> <maml:name>ProcessId</maml:name> <maml:description> <maml:para>Specify a list of process IDs to open for their tokens.</maml:para> </maml:description> <command:parameterValue required="true">int[]</command:parameterValue> <dev:type> <maml:name>System.Int32[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: ProcessName --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ProcessNames"> <maml:name>ProcessName</maml:name> <maml:description> <maml:para>Specify a list of process names to open for their tokens.</maml:para> </maml:description> <command:parameterValue required="true">string[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: QueryAllDevicePaths --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>QueryAllDevicePaths</maml:name> <maml:description> <maml:para>Specify to query all file device paths. Doing this might cause the cmdlet to hang.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: Token --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="Tokens"> <maml:name>Token</maml:name> <maml:description> <maml:para>Specify a list token objects.</maml:para> </maml:description> <command:parameterValue required="true">NtToken[]</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtToken[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: TypeFilter --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>TypeFilter</maml:name> <maml:description> <maml:para>Specify list of NT object types to filter on.</maml:para> </maml:description> <command:parameterValue required="true">string[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> </command:parameter> </command:syntaxItem> <!-- Parameter set: path --> <command:syntaxItem> <maml:name>Get-AccessibleObject</maml:name> <!-- Parameter: Path --> <command:parameter required="false" globbing="false" pipelineInput="true (ByValue)" position="0"> <maml:name>Path</maml:name> <maml:description> <maml:para>Specify a list of native paths to check.</maml:para> </maml:description> <command:parameterValue required="true">string[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Access --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="AccessRights"> <maml:name>Access</maml:name> <maml:description> <maml:para>Access rights to check for in an object's access.</maml:para> <maml:para>Possible values: None, Access0, Access1, Access2, Access3, Access4, Access5, Access6, Access7, Access8, Access9, Access10, Access11, Access12, Access13, Access14, Access15, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, AccessSystemSecurity, MaximumAllowed, GenericAll, GenericExecute, GenericWrite, GenericRead</maml:para> </maml:description> <command:parameterValue required="true">GenericAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.GenericAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access0</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access1</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access2</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access3</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access4</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access5</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access6</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access7</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access8</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access9</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access10</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access11</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access12</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access13</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access14</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access15</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">AccessSystemSecurity</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: AllowEmptyAccess --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>AllowEmptyAccess</maml:name> <maml:description> <maml:para>If set an access entry will be generated even if granted access is 0.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: AllowPartialAccess --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>AllowPartialAccess</maml:name> <maml:description> <maml:para>If AccessRights specified require that only part of the access rights are required to match an access check.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: CaseSensitive --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CaseSensitive</maml:name> <maml:description> <maml:para>Specify the checks should be attempted case sensitively.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: Depth --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="MaxDepth"> <maml:name>Depth</maml:name> <maml:description> <maml:para>When recursing specify maximum depth.</maml:para> </maml:description> <command:parameterValue required="true">int</command:parameterValue> <dev:type> <maml:name>System.Int32</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Exclude --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Exclude</maml:name> <maml:description> <maml:para>Exclude specific path components. This happens after enumeration so it just excludes them from the output. Takes the form of a DOS style Glob.</maml:para> </maml:description> <command:parameterValue required="true">string[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Filter --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Filter</maml:name> <maml:description> <maml:para>Specify a filter when enumerating paths. This removes paths which don't match and doesn't inspect them further. Takes the form of a DOS style Glob such as *.txt.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: FollowLink --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>FollowLink</maml:name> <maml:description> <maml:para>Specify to follow links in an recursive enumeration.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: FormatWin32Path --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>FormatWin32Path</maml:name> <maml:description> <maml:para>When generating the results format path in Win32 format.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: Include --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Include</maml:name> <maml:description> <maml:para>Include specific path components. This happens after enumeration so it just excludes them from the output. Takes the form of a DOS style Glob such as *.txt.</maml:para> </maml:description> <command:parameterValue required="true">string[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Process --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="Processes"> <maml:name>Process</maml:name> <maml:description> <maml:para>Specify a list of process objects to get tokens from.</maml:para> </maml:description> <command:parameterValue required="true">NtProcess[]</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtProcess[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: ProcessCommandLine --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ProcessCommandLines"> <maml:name>ProcessCommandLine</maml:name> <maml:description> <maml:para>Specify a list of command lines to filter on find for the process tokens.</maml:para> </maml:description> <command:parameterValue required="true">string[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: ProcessId --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ProcessIds"> <maml:name>ProcessId</maml:name> <maml:description> <maml:para>Specify a list of process IDs to open for their tokens.</maml:para> </maml:description> <command:parameterValue required="true">int[]</command:parameterValue> <dev:type> <maml:name>System.Int32[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: ProcessName --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ProcessNames"> <maml:name>ProcessName</maml:name> <maml:description> <maml:para>Specify a list of process names to open for their tokens.</maml:para> </maml:description> <command:parameterValue required="true">string[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Recurse --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Recurse</maml:name> <maml:description> <maml:para>Specify whether to recursively check the path for access.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: Token --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="Tokens"> <maml:name>Token</maml:name> <maml:description> <maml:para>Specify a list token objects.</maml:para> </maml:description> <command:parameterValue required="true">NtToken[]</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtToken[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: TypeFilter --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>TypeFilter</maml:name> <maml:description> <maml:para>Specify list of NT object types to filter on.</maml:para> </maml:description> <command:parameterValue required="true">string[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Win32Path --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Win32Path</maml:name> <maml:description> <maml:para>Specify a list of paths in a Win32 format.</maml:para> </maml:description> <command:parameterValue required="true">string[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <!-- Parameter: TypeFilter --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>TypeFilter</maml:name> <maml:description> <maml:para>Specify list of NT object types to filter on.</maml:para> </maml:description> <command:parameterValue required="true">string[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: FromHandle --> <command:parameter required="true" globbing="false" pipelineInput="false" position="named" aliases="FromHandles"> <maml:name>FromHandle</maml:name> <maml:description> <maml:para>Specify to find objects based on handles rather than enumerating named paths.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <command:parameter required="true" globbing="false" pipelineInput="false" position="named" aliases="FromHandles"> <maml:name>FromHandles</maml:name> <maml:description> <maml:para>Specify to find objects based on handles rather than enumerating named paths.</maml:para> <maml:para>This is an alias of the FromHandle parameter.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: CheckUnnamed --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CheckUnnamed</maml:name> <maml:description> <maml:para>Specify when enumerating handles to also check unnamed objects.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: QueryAllDevicePaths --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>QueryAllDevicePaths</maml:name> <maml:description> <maml:para>Specify to query all file device paths. Doing this might cause the cmdlet to hang.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: Path --> <command:parameter required="false" globbing="false" pipelineInput="true (ByValue)" position="0"> <maml:name>Path</maml:name> <maml:description> <maml:para>Specify a list of native paths to check.</maml:para> </maml:description> <command:parameterValue required="true">string[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Win32Path --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Win32Path</maml:name> <maml:description> <maml:para>Specify a list of paths in a Win32 format.</maml:para> </maml:description> <command:parameterValue required="true">string[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: FormatWin32Path --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>FormatWin32Path</maml:name> <maml:description> <maml:para>When generating the results format path in Win32 format.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: Recurse --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Recurse</maml:name> <maml:description> <maml:para>Specify whether to recursively check the path for access.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: Depth --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="MaxDepth"> <maml:name>Depth</maml:name> <maml:description> <maml:para>When recursing specify maximum depth.</maml:para> </maml:description> <command:parameterValue required="true">int</command:parameterValue> <dev:type> <maml:name>System.Int32</maml:name> <maml:uri /> </dev:type> </command:parameter> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="MaxDepth"> <maml:name>MaxDepth</maml:name> <maml:description> <maml:para>When recursing specify maximum depth.</maml:para> <maml:para>This is an alias of the Depth parameter.</maml:para> </maml:description> <command:parameterValue required="true">int</command:parameterValue> <dev:type> <maml:name>System.Int32</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Filter --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Filter</maml:name> <maml:description> <maml:para>Specify a filter when enumerating paths. This removes paths which don't match and doesn't inspect them further. Takes the form of a DOS style Glob such as *.txt.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Include --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Include</maml:name> <maml:description> <maml:para>Include specific path components. This happens after enumeration so it just excludes them from the output. Takes the form of a DOS style Glob such as *.txt.</maml:para> </maml:description> <command:parameterValue required="true">string[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Exclude --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Exclude</maml:name> <maml:description> <maml:para>Exclude specific path components. This happens after enumeration so it just excludes them from the output. Takes the form of a DOS style Glob.</maml:para> </maml:description> <command:parameterValue required="true">string[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: FollowLink --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>FollowLink</maml:name> <maml:description> <maml:para>Specify to follow links in an recursive enumeration.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: CaseSensitive --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CaseSensitive</maml:name> <maml:description> <maml:para>Specify the checks should be attempted case sensitively.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: Access --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="AccessRights"> <maml:name>Access</maml:name> <maml:description> <maml:para>Access rights to check for in an object's access.</maml:para> <maml:para>Possible values: None, Access0, Access1, Access2, Access3, Access4, Access5, Access6, Access7, Access8, Access9, Access10, Access11, Access12, Access13, Access14, Access15, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, AccessSystemSecurity, MaximumAllowed, GenericAll, GenericExecute, GenericWrite, GenericRead</maml:para> </maml:description> <command:parameterValue required="true">GenericAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.GenericAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access0</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access1</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access2</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access3</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access4</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access5</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access6</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access7</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access8</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access9</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access10</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access11</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access12</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access13</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access14</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access15</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">AccessSystemSecurity</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> </command:parameterValueGroup> </command:parameter> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="AccessRights"> <maml:name>AccessRights</maml:name> <maml:description> <maml:para>Access rights to check for in an object's access.</maml:para> <maml:para>Possible values: None, Access0, Access1, Access2, Access3, Access4, Access5, Access6, Access7, Access8, Access9, Access10, Access11, Access12, Access13, Access14, Access15, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, AccessSystemSecurity, MaximumAllowed, GenericAll, GenericExecute, GenericWrite, GenericRead</maml:para> <maml:para>This is an alias of the Access parameter.</maml:para> </maml:description> <command:parameterValue required="true">GenericAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.GenericAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access0</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access1</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access2</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access3</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access4</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access5</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access6</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access7</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access8</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access9</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access10</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access11</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access12</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access13</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access14</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access15</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">AccessSystemSecurity</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: AllowPartialAccess --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>AllowPartialAccess</maml:name> <maml:description> <maml:para>If AccessRights specified require that only part of the access rights are required to match an access check.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: AllowEmptyAccess --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>AllowEmptyAccess</maml:name> <maml:description> <maml:para>If set an access entry will be generated even if granted access is 0.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: ProcessId --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ProcessIds"> <maml:name>ProcessId</maml:name> <maml:description> <maml:para>Specify a list of process IDs to open for their tokens.</maml:para> </maml:description> <command:parameterValue required="true">int[]</command:parameterValue> <dev:type> <maml:name>System.Int32[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ProcessIds"> <maml:name>ProcessIds</maml:name> <maml:description> <maml:para>Specify a list of process IDs to open for their tokens.</maml:para> <maml:para>This is an alias of the ProcessId parameter.</maml:para> </maml:description> <command:parameterValue required="true">int[]</command:parameterValue> <dev:type> <maml:name>System.Int32[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: ProcessName --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ProcessNames"> <maml:name>ProcessName</maml:name> <maml:description> <maml:para>Specify a list of process names to open for their tokens.</maml:para> </maml:description> <command:parameterValue required="true">string[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ProcessNames"> <maml:name>ProcessNames</maml:name> <maml:description> <maml:para>Specify a list of process names to open for their tokens.</maml:para> <maml:para>This is an alias of the ProcessName parameter.</maml:para> </maml:description> <command:parameterValue required="true">string[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: ProcessCommandLine --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ProcessCommandLines"> <maml:name>ProcessCommandLine</maml:name> <maml:description> <maml:para>Specify a list of command lines to filter on find for the process tokens.</maml:para> </maml:description> <command:parameterValue required="true">string[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ProcessCommandLines"> <maml:name>ProcessCommandLines</maml:name> <maml:description> <maml:para>Specify a list of command lines to filter on find for the process tokens.</maml:para> <maml:para>This is an alias of the ProcessCommandLine parameter.</maml:para> </maml:description> <command:parameterValue required="true">string[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Token --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="Tokens"> <maml:name>Token</maml:name> <maml:description> <maml:para>Specify a list token objects.</maml:para> </maml:description> <command:parameterValue required="true">NtToken[]</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtToken[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="Tokens"> <maml:name>Tokens</maml:name> <maml:description> <maml:para>Specify a list token objects.</maml:para> <maml:para>This is an alias of the Token parameter.</maml:para> </maml:description> <command:parameterValue required="true">NtToken[]</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtToken[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Process --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="Processes"> <maml:name>Process</maml:name> <maml:description> <maml:para>Specify a list of process objects to get tokens from.</maml:para> </maml:description> <command:parameterValue required="true">NtProcess[]</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtProcess[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="Processes"> <maml:name>Processes</maml:name> <maml:description> <maml:para>Specify a list of process objects to get tokens from.</maml:para> <maml:para>This is an alias of the Process parameter.</maml:para> </maml:description> <command:parameterValue required="true">NtProcess[]</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtProcess[]</maml:name> <maml:uri /> </dev:type> </command:parameter> </command:parameters> <command:inputTypes> <command:inputType> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> <maml:description> <maml:para>Specify a list of native paths to check.</maml:para> </maml:description> </command:inputType> </command:inputTypes> <command:returnValues> <!-- OutputType: CommonAccessCheckResult --> <command:returnValue> <dev:type> <maml:name>NtObjectManager.Cmdlets.Accessible.CommonAccessCheckResult</maml:name> <maml:uri /> </dev:type> <maml:description> <maml:para>General Access check result.</maml:para> </maml:description> </command:returnValue> </command:returnValues> <command:examples> <command:example> <maml:title>---------- EXAMPLE 1 ----------</maml:title> <dev:code>Get-AccessibleObject \BaseNamedObjects</dev:code> <dev:remarks> <maml:para>Check accessible objects under \ for the current process token.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 2 ----------</maml:title> <dev:code>Get-AccessibleObject \BaseNamedObjects -ProcessIds 1234,5678</dev:code> <dev:remarks> <maml:para>Check accessible objects under \BaseNamedObjects for the process tokens of PIDs 1234 and 5678</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 3 ----------</maml:title> <dev:code>Get-AccessibleObject \BaseNamedObjects -Recurse</dev:code> <dev:remarks> <maml:para>Check recursively for accessible objects under \BaseNamedObjects for the current process token.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 4 ----------</maml:title> <dev:code>Get-AccessibleObject \BaseNamedObjects -Recurse -MaxDepth 5</dev:code> <dev:remarks> <maml:para>Check recursively for accessible objects under \BaseNamedObjects for the current process token to a maximum depth of 5.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 5 ----------</maml:title> <dev:code>Get-AccessibleObject -Win32Path \ -Recurse</dev:code> <dev:remarks> <maml:para>Check recursively for accessible objects under the user's based named objects for the current process token.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 6 ----------</maml:title> <dev:code>Get-AccessibleObject \ -Recurse -AccessRights GenericWrite</dev:code> <dev:remarks> <maml:para>Check recursively for accessible objects under with write access.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 7 ----------</maml:title> <dev:code>Get-AccessibleObject \ -Recurse -AccessRights GenericWrite -AllowPartialAccess</dev:code> <dev:remarks> <maml:para>Check recursively for accessible objects under with partial write access.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 8 ----------</maml:title> <dev:code>$token = Get-NtToken -Primary -Duplicate -IntegrityLevel Low Get-AccessibleObject \BaseNamedObjects -Recurse -Tokens $token -AccessRights GenericWrite</dev:code> <dev:remarks> <maml:para>Get all object which can be written to in \BaseNamedObjects by a low integrity copy of current token.</maml:para> </dev:remarks> </command:example> </command:examples> </command:command> <!-- Cmdlet: Get-AccessibleProcess --> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"> <command:details> <command:name>Get-AccessibleProcess</command:name> <command:verb>Get</command:verb> <command:noun>AccessibleProcess</command:noun> <maml:description> <maml:para>Get a list of processes and/or threads that can be opened by a specified token.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>This cmdlet checks all processes and threads and tries to determine if one or more specified tokens can open them. If no tokens are specified then the current process token is used.</maml:para> </maml:description> <command:syntax> <!-- Parameter set: __AllParameterSets --> <command:syntaxItem> <maml:name>Get-AccessibleProcess</maml:name> <!-- Parameter: Access --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="AccessRights"> <maml:name>Access</maml:name> <maml:description> <maml:para>Access rights to check for in an object's access.</maml:para> <maml:para>Possible values: None, Terminate, CreateThread, SetSessionId, VmOperation, VmRead, VmWrite, DupHandle, CreateProcess, SetQuota, SetInformation, QueryInformation, SuspendResume, QueryLimitedInformation, SetLimitedInformation, AllAccess, GenericRead, GenericWrite, GenericExecute, GenericAll, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, MaximumAllowed, AccessSystemSecurity</maml:para> </maml:description> <command:parameterValue required="true">ProcessAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.ProcessAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">Terminate</command:parameterValue> <command:parameterValue required="false" variableLength="false">CreateThread</command:parameterValue> <command:parameterValue required="false" variableLength="false">SetSessionId</command:parameterValue> <command:parameterValue required="false" variableLength="false">VmOperation</command:parameterValue> <command:parameterValue required="false" variableLength="false">VmRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">VmWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">DupHandle</command:parameterValue> <command:parameterValue required="false" variableLength="false">CreateProcess</command:parameterValue> <command:parameterValue required="false" variableLength="false">SetQuota</command:parameterValue> <command:parameterValue required="false" variableLength="false">SetInformation</command:parameterValue> <command:parameterValue required="false" variableLength="false">QueryInformation</command:parameterValue> <command:parameterValue required="false" variableLength="false">SuspendResume</command:parameterValue> <command:parameterValue required="false" variableLength="false">QueryLimitedInformation</command:parameterValue> <command:parameterValue required="false" variableLength="false">SetLimitedInformation</command:parameterValue> <command:parameterValue required="false" variableLength="false">AllAccess</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> <command:parameterValue required="false" variableLength="false">AccessSystemSecurity</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: AllowEmptyAccess --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>AllowEmptyAccess</maml:name> <maml:description> <maml:para>If set an access entry will be generated even if granted access is 0.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: AllowPartialAccess --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>AllowPartialAccess</maml:name> <maml:description> <maml:para>If AccessRights specified require that only part of the access rights are required to match an access check.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: CheckMode --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CheckMode</maml:name> <maml:description> <maml:para>Specify what objects to check for.</maml:para> <maml:para>Possible values: ProcessOnly, ThreadOnly, ProcessAndThread</maml:para> </maml:description> <command:parameterValue required="true">ProcessCheckMode</command:parameterValue> <dev:type> <maml:name>NtObjectManager.Cmdlets.Accessible.ProcessCheckMode</maml:name> <maml:uri /> <maml:description> <maml:para>Specify what objects to query for.</maml:para> </maml:description> </dev:type> <dev:defaultValue>ProcessOnly</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">ProcessOnly</command:parameterValue> <command:parameterValue required="false" variableLength="false">ThreadOnly</command:parameterValue> <command:parameterValue required="false" variableLength="false">ProcessAndThread</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: Process --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="Processes"> <maml:name>Process</maml:name> <maml:description> <maml:para>Specify a list of process objects to get tokens from.</maml:para> </maml:description> <command:parameterValue required="true">NtProcess[]</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtProcess[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: ProcessCommandLine --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ProcessCommandLines"> <maml:name>ProcessCommandLine</maml:name> <maml:description> <maml:para>Specify a list of command lines to filter on find for the process tokens.</maml:para> </maml:description> <command:parameterValue required="true">string[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: ProcessId --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ProcessIds"> <maml:name>ProcessId</maml:name> <maml:description> <maml:para>Specify a list of process IDs to open for their tokens.</maml:para> </maml:description> <command:parameterValue required="true">int[]</command:parameterValue> <dev:type> <maml:name>System.Int32[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: ProcessName --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ProcessNames"> <maml:name>ProcessName</maml:name> <maml:description> <maml:para>Specify a list of process names to open for their tokens.</maml:para> </maml:description> <command:parameterValue required="true">string[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: ShowDeadProcesses --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ShowDeadProcesses</maml:name> <maml:description> <maml:para>Specify that dead processes should be shown.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: ThreadAccess --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ThreadAccessRights"> <maml:name>ThreadAccess</maml:name> <maml:description> <maml:para>Specify specific access rights for threads.</maml:para> <maml:para>Possible values: Terminate, SuspendResume, Alert, GetContext, SetContext, SetInformation, QueryInformation, SetThreadToken, Impersonate, DirectImpersonation, SetLimitedInformation, QueryLimitedInformation, Resume, AllAccess, GenericRead, GenericWrite, GenericExecute, GenericAll, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, MaximumAllowed, AccessSystemSecurity</maml:para> </maml:description> <command:parameterValue required="true">ThreadAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.ThreadAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>0</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">Terminate</command:parameterValue> <command:parameterValue required="false" variableLength="false">SuspendResume</command:parameterValue> <command:parameterValue required="false" variableLength="false">Alert</command:parameterValue> <command:parameterValue required="false" variableLength="false">GetContext</command:parameterValue> <command:parameterValue required="false" variableLength="false">SetContext</command:parameterValue> <command:parameterValue required="false" variableLength="false">SetInformation</command:parameterValue> <command:parameterValue required="false" variableLength="false">QueryInformation</command:parameterValue> <command:parameterValue required="false" variableLength="false">SetThreadToken</command:parameterValue> <command:parameterValue required="false" variableLength="false">Impersonate</command:parameterValue> <command:parameterValue required="false" variableLength="false">DirectImpersonation</command:parameterValue> <command:parameterValue required="false" variableLength="false">SetLimitedInformation</command:parameterValue> <command:parameterValue required="false" variableLength="false">QueryLimitedInformation</command:parameterValue> <command:parameterValue required="false" variableLength="false">Resume</command:parameterValue> <command:parameterValue required="false" variableLength="false">AllAccess</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> <command:parameterValue required="false" variableLength="false">AccessSystemSecurity</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: Token --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="Tokens"> <maml:name>Token</maml:name> <maml:description> <maml:para>Specify a list token objects.</maml:para> </maml:description> <command:parameterValue required="true">NtToken[]</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtToken[]</maml:name> <maml:uri /> </dev:type> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <!-- Parameter: CheckMode --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CheckMode</maml:name> <maml:description> <maml:para>Specify what objects to check for.</maml:para> <maml:para>Possible values: ProcessOnly, ThreadOnly, ProcessAndThread</maml:para> </maml:description> <command:parameterValue required="true">ProcessCheckMode</command:parameterValue> <dev:type> <maml:name>NtObjectManager.Cmdlets.Accessible.ProcessCheckMode</maml:name> <maml:uri /> <maml:description> <maml:para>Specify what objects to query for.</maml:para> </maml:description> </dev:type> <dev:defaultValue>ProcessOnly</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">ProcessOnly</command:parameterValue> <command:parameterValue required="false" variableLength="false">ThreadOnly</command:parameterValue> <command:parameterValue required="false" variableLength="false">ProcessAndThread</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: ThreadAccess --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ThreadAccessRights"> <maml:name>ThreadAccess</maml:name> <maml:description> <maml:para>Specify specific access rights for threads.</maml:para> <maml:para>Possible values: Terminate, SuspendResume, Alert, GetContext, SetContext, SetInformation, QueryInformation, SetThreadToken, Impersonate, DirectImpersonation, SetLimitedInformation, QueryLimitedInformation, Resume, AllAccess, GenericRead, GenericWrite, GenericExecute, GenericAll, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, MaximumAllowed, AccessSystemSecurity</maml:para> </maml:description> <command:parameterValue required="true">ThreadAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.ThreadAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>0</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">Terminate</command:parameterValue> <command:parameterValue required="false" variableLength="false">SuspendResume</command:parameterValue> <command:parameterValue required="false" variableLength="false">Alert</command:parameterValue> <command:parameterValue required="false" variableLength="false">GetContext</command:parameterValue> <command:parameterValue required="false" variableLength="false">SetContext</command:parameterValue> <command:parameterValue required="false" variableLength="false">SetInformation</command:parameterValue> <command:parameterValue required="false" variableLength="false">QueryInformation</command:parameterValue> <command:parameterValue required="false" variableLength="false">SetThreadToken</command:parameterValue> <command:parameterValue required="false" variableLength="false">Impersonate</command:parameterValue> <command:parameterValue required="false" variableLength="false">DirectImpersonation</command:parameterValue> <command:parameterValue required="false" variableLength="false">SetLimitedInformation</command:parameterValue> <command:parameterValue required="false" variableLength="false">QueryLimitedInformation</command:parameterValue> <command:parameterValue required="false" variableLength="false">Resume</command:parameterValue> <command:parameterValue required="false" variableLength="false">AllAccess</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> <command:parameterValue required="false" variableLength="false">AccessSystemSecurity</command:parameterValue> </command:parameterValueGroup> </command:parameter> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ThreadAccessRights"> <maml:name>ThreadAccessRights</maml:name> <maml:description> <maml:para>Specify specific access rights for threads.</maml:para> <maml:para>Possible values: Terminate, SuspendResume, Alert, GetContext, SetContext, SetInformation, QueryInformation, SetThreadToken, Impersonate, DirectImpersonation, SetLimitedInformation, QueryLimitedInformation, Resume, AllAccess, GenericRead, GenericWrite, GenericExecute, GenericAll, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, MaximumAllowed, AccessSystemSecurity</maml:para> <maml:para>This is an alias of the ThreadAccess parameter.</maml:para> </maml:description> <command:parameterValue required="true">ThreadAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.ThreadAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>0</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">Terminate</command:parameterValue> <command:parameterValue required="false" variableLength="false">SuspendResume</command:parameterValue> <command:parameterValue required="false" variableLength="false">Alert</command:parameterValue> <command:parameterValue required="false" variableLength="false">GetContext</command:parameterValue> <command:parameterValue required="false" variableLength="false">SetContext</command:parameterValue> <command:parameterValue required="false" variableLength="false">SetInformation</command:parameterValue> <command:parameterValue required="false" variableLength="false">QueryInformation</command:parameterValue> <command:parameterValue required="false" variableLength="false">SetThreadToken</command:parameterValue> <command:parameterValue required="false" variableLength="false">Impersonate</command:parameterValue> <command:parameterValue required="false" variableLength="false">DirectImpersonation</command:parameterValue> <command:parameterValue required="false" variableLength="false">SetLimitedInformation</command:parameterValue> <command:parameterValue required="false" variableLength="false">QueryLimitedInformation</command:parameterValue> <command:parameterValue required="false" variableLength="false">Resume</command:parameterValue> <command:parameterValue required="false" variableLength="false">AllAccess</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> <command:parameterValue required="false" variableLength="false">AccessSystemSecurity</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: ShowDeadProcesses --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ShowDeadProcesses</maml:name> <maml:description> <maml:para>Specify that dead processes should be shown.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: Access --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="AccessRights"> <maml:name>Access</maml:name> <maml:description> <maml:para>Access rights to check for in an object's access.</maml:para> <maml:para>Possible values: None, Terminate, CreateThread, SetSessionId, VmOperation, VmRead, VmWrite, DupHandle, CreateProcess, SetQuota, SetInformation, QueryInformation, SuspendResume, QueryLimitedInformation, SetLimitedInformation, AllAccess, GenericRead, GenericWrite, GenericExecute, GenericAll, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, MaximumAllowed, AccessSystemSecurity</maml:para> </maml:description> <command:parameterValue required="true">ProcessAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.ProcessAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">Terminate</command:parameterValue> <command:parameterValue required="false" variableLength="false">CreateThread</command:parameterValue> <command:parameterValue required="false" variableLength="false">SetSessionId</command:parameterValue> <command:parameterValue required="false" variableLength="false">VmOperation</command:parameterValue> <command:parameterValue required="false" variableLength="false">VmRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">VmWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">DupHandle</command:parameterValue> <command:parameterValue required="false" variableLength="false">CreateProcess</command:parameterValue> <command:parameterValue required="false" variableLength="false">SetQuota</command:parameterValue> <command:parameterValue required="false" variableLength="false">SetInformation</command:parameterValue> <command:parameterValue required="false" variableLength="false">QueryInformation</command:parameterValue> <command:parameterValue required="false" variableLength="false">SuspendResume</command:parameterValue> <command:parameterValue required="false" variableLength="false">QueryLimitedInformation</command:parameterValue> <command:parameterValue required="false" variableLength="false">SetLimitedInformation</command:parameterValue> <command:parameterValue required="false" variableLength="false">AllAccess</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> <command:parameterValue required="false" variableLength="false">AccessSystemSecurity</command:parameterValue> </command:parameterValueGroup> </command:parameter> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="AccessRights"> <maml:name>AccessRights</maml:name> <maml:description> <maml:para>Access rights to check for in an object's access.</maml:para> <maml:para>Possible values: None, Terminate, CreateThread, SetSessionId, VmOperation, VmRead, VmWrite, DupHandle, CreateProcess, SetQuota, SetInformation, QueryInformation, SuspendResume, QueryLimitedInformation, SetLimitedInformation, AllAccess, GenericRead, GenericWrite, GenericExecute, GenericAll, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, MaximumAllowed, AccessSystemSecurity</maml:para> <maml:para>This is an alias of the Access parameter.</maml:para> </maml:description> <command:parameterValue required="true">ProcessAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.ProcessAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">Terminate</command:parameterValue> <command:parameterValue required="false" variableLength="false">CreateThread</command:parameterValue> <command:parameterValue required="false" variableLength="false">SetSessionId</command:parameterValue> <command:parameterValue required="false" variableLength="false">VmOperation</command:parameterValue> <command:parameterValue required="false" variableLength="false">VmRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">VmWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">DupHandle</command:parameterValue> <command:parameterValue required="false" variableLength="false">CreateProcess</command:parameterValue> <command:parameterValue required="false" variableLength="false">SetQuota</command:parameterValue> <command:parameterValue required="false" variableLength="false">SetInformation</command:parameterValue> <command:parameterValue required="false" variableLength="false">QueryInformation</command:parameterValue> <command:parameterValue required="false" variableLength="false">SuspendResume</command:parameterValue> <command:parameterValue required="false" variableLength="false">QueryLimitedInformation</command:parameterValue> <command:parameterValue required="false" variableLength="false">SetLimitedInformation</command:parameterValue> <command:parameterValue required="false" variableLength="false">AllAccess</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> <command:parameterValue required="false" variableLength="false">AccessSystemSecurity</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: AllowPartialAccess --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>AllowPartialAccess</maml:name> <maml:description> <maml:para>If AccessRights specified require that only part of the access rights are required to match an access check.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: AllowEmptyAccess --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>AllowEmptyAccess</maml:name> <maml:description> <maml:para>If set an access entry will be generated even if granted access is 0.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: ProcessId --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ProcessIds"> <maml:name>ProcessId</maml:name> <maml:description> <maml:para>Specify a list of process IDs to open for their tokens.</maml:para> </maml:description> <command:parameterValue required="true">int[]</command:parameterValue> <dev:type> <maml:name>System.Int32[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ProcessIds"> <maml:name>ProcessIds</maml:name> <maml:description> <maml:para>Specify a list of process IDs to open for their tokens.</maml:para> <maml:para>This is an alias of the ProcessId parameter.</maml:para> </maml:description> <command:parameterValue required="true">int[]</command:parameterValue> <dev:type> <maml:name>System.Int32[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: ProcessName --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ProcessNames"> <maml:name>ProcessName</maml:name> <maml:description> <maml:para>Specify a list of process names to open for their tokens.</maml:para> </maml:description> <command:parameterValue required="true">string[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ProcessNames"> <maml:name>ProcessNames</maml:name> <maml:description> <maml:para>Specify a list of process names to open for their tokens.</maml:para> <maml:para>This is an alias of the ProcessName parameter.</maml:para> </maml:description> <command:parameterValue required="true">string[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: ProcessCommandLine --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ProcessCommandLines"> <maml:name>ProcessCommandLine</maml:name> <maml:description> <maml:para>Specify a list of command lines to filter on find for the process tokens.</maml:para> </maml:description> <command:parameterValue required="true">string[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ProcessCommandLines"> <maml:name>ProcessCommandLines</maml:name> <maml:description> <maml:para>Specify a list of command lines to filter on find for the process tokens.</maml:para> <maml:para>This is an alias of the ProcessCommandLine parameter.</maml:para> </maml:description> <command:parameterValue required="true">string[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Token --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="Tokens"> <maml:name>Token</maml:name> <maml:description> <maml:para>Specify a list token objects.</maml:para> </maml:description> <command:parameterValue required="true">NtToken[]</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtToken[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="Tokens"> <maml:name>Tokens</maml:name> <maml:description> <maml:para>Specify a list token objects.</maml:para> <maml:para>This is an alias of the Token parameter.</maml:para> </maml:description> <command:parameterValue required="true">NtToken[]</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtToken[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Process --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="Processes"> <maml:name>Process</maml:name> <maml:description> <maml:para>Specify a list of process objects to get tokens from.</maml:para> </maml:description> <command:parameterValue required="true">NtProcess[]</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtProcess[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="Processes"> <maml:name>Processes</maml:name> <maml:description> <maml:para>Specify a list of process objects to get tokens from.</maml:para> <maml:para>This is an alias of the Process parameter.</maml:para> </maml:description> <command:parameterValue required="true">NtProcess[]</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtProcess[]</maml:name> <maml:uri /> </dev:type> </command:parameter> </command:parameters> <command:inputTypes /> <command:returnValues> <!-- OutputType: ProcessAccessCheckResult --> <command:returnValue> <dev:type> <maml:name>NtObjectManager.Cmdlets.Accessible.ProcessAccessCheckResult</maml:name> <maml:uri /> </dev:type> <maml:description> <maml:para>Access check result for a process.</maml:para> </maml:description> </command:returnValue> </command:returnValues> <command:examples> <command:example> <maml:title>---------- EXAMPLE 1 ----------</maml:title> <dev:code>Get-AccessibleProcess</dev:code> <dev:remarks> <maml:para>Check all accessible processes for the current process token.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 2 ----------</maml:title> <dev:code>Get-AccessibleProcess -ProcessIds 1234,5678</dev:code> <dev:remarks> <maml:para>>Check all accessible processes for the process tokens of PIDs 1234 and 5678</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 3 ----------</maml:title> <dev:code>$token = Get-NtToken -Primary -Duplicate -IntegrityLevel Low Get-AccessibleProcess -Tokens $token -AccessRights GenericWrite</dev:code> <dev:remarks> <maml:para>Get all processes with can be written by a low integrity copy of current token.</maml:para> </dev:remarks> </command:example> </command:examples> </command:command> <!-- Cmdlet: Get-AccessibleScheduledTask --> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"> <command:details> <command:name>Get-AccessibleScheduledTask</command:name> <command:verb>Get</command:verb> <command:noun>AccessibleScheduledTask</command:noun> <maml:description> <maml:para>Get a list of scheduled tasks openable by a specified token.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>This cmdlet checks all scheduled tasks and tries to determine if one or more specified tokens can open them. If no tokens are specified then the current process token is used.</maml:para> </maml:description> <command:syntax> <!-- Parameter set: __AllParameterSets --> <command:syntaxItem> <maml:name>Get-AccessibleScheduledTask</maml:name> <!-- Parameter: Access --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="AccessRights"> <maml:name>Access</maml:name> <maml:description> <maml:para>Access rights to check for in an object's access.</maml:para> <maml:para>Possible values: None, ReadData, WriteData, AppendData, ReadEa, WriteEa, Execute, DeleteChild, ReadAttributes, WriteAttributes, GenericRead, GenericWrite, GenericExecute, GenericAll, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, MaximumAllowed, AccessSystemSecurity</maml:para> </maml:description> <command:parameterValue required="true">FileAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.FileAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadData</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteData</command:parameterValue> <command:parameterValue required="false" variableLength="false">AppendData</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadEa</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteEa</command:parameterValue> <command:parameterValue required="false" variableLength="false">Execute</command:parameterValue> <command:parameterValue required="false" variableLength="false">DeleteChild</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadAttributes</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteAttributes</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> <command:parameterValue required="false" variableLength="false">AccessSystemSecurity</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: AllowEmptyAccess --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>AllowEmptyAccess</maml:name> <maml:description> <maml:para>If set an access entry will be generated even if granted access is 0.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: AllowPartialAccess --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>AllowPartialAccess</maml:name> <maml:description> <maml:para>If AccessRights specified require that only part of the access rights are required to match an access check.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: CheckMode --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CheckMode</maml:name> <maml:description> <maml:para>Limit access check to specific types of files.</maml:para> <maml:para>Possible values: TasksOnly, FoldersOnly, All</maml:para> </maml:description> <command:parameterValue required="true">TaskCheckMode</command:parameterValue> <dev:type> <maml:name>NtObjectManager.Cmdlets.Accessible.TaskCheckMode</maml:name> <maml:uri /> <maml:description> <maml:para>Limit access check to specific types of task information.</maml:para> </maml:description> </dev:type> <dev:defaultValue>TasksOnly</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">TasksOnly</command:parameterValue> <command:parameterValue required="false" variableLength="false">FoldersOnly</command:parameterValue> <command:parameterValue required="false" variableLength="false">All</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: DirectoryAccess --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="DirectoryAccessRights"> <maml:name>DirectoryAccess</maml:name> <maml:description> <maml:para>Specify a set of directory access rights which a folder must at least be accessible for to count as an access.</maml:para> <maml:para>Possible values: None, ListDirectory, AddFile, AddSubDirectory, ReadEa, WriteEa, Traverse, DeleteChild, ReadAttributes, WriteAttributes, GenericRead, GenericWrite, GenericExecute, GenericAll, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, MaximumAllowed, AccessSystemSecurity</maml:para> </maml:description> <command:parameterValue required="true">FileDirectoryAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.FileDirectoryAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">ListDirectory</command:parameterValue> <command:parameterValue required="false" variableLength="false">AddFile</command:parameterValue> <command:parameterValue required="false" variableLength="false">AddSubDirectory</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadEa</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteEa</command:parameterValue> <command:parameterValue required="false" variableLength="false">Traverse</command:parameterValue> <command:parameterValue required="false" variableLength="false">DeleteChild</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadAttributes</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteAttributes</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> <command:parameterValue required="false" variableLength="false">AccessSystemSecurity</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: Executable --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Executable</maml:name> <maml:description> <maml:para>Shortcut to specify that we're querying for executable tasks.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: Process --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="Processes"> <maml:name>Process</maml:name> <maml:description> <maml:para>Specify a list of process objects to get tokens from.</maml:para> </maml:description> <command:parameterValue required="true">NtProcess[]</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtProcess[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: ProcessCommandLine --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ProcessCommandLines"> <maml:name>ProcessCommandLine</maml:name> <maml:description> <maml:para>Specify a list of command lines to filter on find for the process tokens.</maml:para> </maml:description> <command:parameterValue required="true">string[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: ProcessId --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ProcessIds"> <maml:name>ProcessId</maml:name> <maml:description> <maml:para>Specify a list of process IDs to open for their tokens.</maml:para> </maml:description> <command:parameterValue required="true">int[]</command:parameterValue> <dev:type> <maml:name>System.Int32[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: ProcessName --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ProcessNames"> <maml:name>ProcessName</maml:name> <maml:description> <maml:para>Specify a list of process names to open for their tokens.</maml:para> </maml:description> <command:parameterValue required="true">string[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Token --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="Tokens"> <maml:name>Token</maml:name> <maml:description> <maml:para>Specify a list token objects.</maml:para> </maml:description> <command:parameterValue required="true">NtToken[]</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtToken[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Writable --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Writable</maml:name> <maml:description> <maml:para>Shortcut to specify that we're querying for writable tasks or directories.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <!-- Parameter: CheckMode --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CheckMode</maml:name> <maml:description> <maml:para>Limit access check to specific types of files.</maml:para> <maml:para>Possible values: TasksOnly, FoldersOnly, All</maml:para> </maml:description> <command:parameterValue required="true">TaskCheckMode</command:parameterValue> <dev:type> <maml:name>NtObjectManager.Cmdlets.Accessible.TaskCheckMode</maml:name> <maml:uri /> <maml:description> <maml:para>Limit access check to specific types of task information.</maml:para> </maml:description> </dev:type> <dev:defaultValue>TasksOnly</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">TasksOnly</command:parameterValue> <command:parameterValue required="false" variableLength="false">FoldersOnly</command:parameterValue> <command:parameterValue required="false" variableLength="false">All</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: DirectoryAccess --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="DirectoryAccessRights"> <maml:name>DirectoryAccess</maml:name> <maml:description> <maml:para>Specify a set of directory access rights which a folder must at least be accessible for to count as an access.</maml:para> <maml:para>Possible values: None, ListDirectory, AddFile, AddSubDirectory, ReadEa, WriteEa, Traverse, DeleteChild, ReadAttributes, WriteAttributes, GenericRead, GenericWrite, GenericExecute, GenericAll, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, MaximumAllowed, AccessSystemSecurity</maml:para> </maml:description> <command:parameterValue required="true">FileDirectoryAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.FileDirectoryAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">ListDirectory</command:parameterValue> <command:parameterValue required="false" variableLength="false">AddFile</command:parameterValue> <command:parameterValue required="false" variableLength="false">AddSubDirectory</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadEa</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteEa</command:parameterValue> <command:parameterValue required="false" variableLength="false">Traverse</command:parameterValue> <command:parameterValue required="false" variableLength="false">DeleteChild</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadAttributes</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteAttributes</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> <command:parameterValue required="false" variableLength="false">AccessSystemSecurity</command:parameterValue> </command:parameterValueGroup> </command:parameter> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="DirectoryAccessRights"> <maml:name>DirectoryAccessRights</maml:name> <maml:description> <maml:para>Specify a set of directory access rights which a folder must at least be accessible for to count as an access.</maml:para> <maml:para>Possible values: None, ListDirectory, AddFile, AddSubDirectory, ReadEa, WriteEa, Traverse, DeleteChild, ReadAttributes, WriteAttributes, GenericRead, GenericWrite, GenericExecute, GenericAll, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, MaximumAllowed, AccessSystemSecurity</maml:para> <maml:para>This is an alias of the DirectoryAccess parameter.</maml:para> </maml:description> <command:parameterValue required="true">FileDirectoryAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.FileDirectoryAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">ListDirectory</command:parameterValue> <command:parameterValue required="false" variableLength="false">AddFile</command:parameterValue> <command:parameterValue required="false" variableLength="false">AddSubDirectory</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadEa</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteEa</command:parameterValue> <command:parameterValue required="false" variableLength="false">Traverse</command:parameterValue> <command:parameterValue required="false" variableLength="false">DeleteChild</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadAttributes</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteAttributes</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> <command:parameterValue required="false" variableLength="false">AccessSystemSecurity</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: Executable --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Executable</maml:name> <maml:description> <maml:para>Shortcut to specify that we're querying for executable tasks.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: Writable --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Writable</maml:name> <maml:description> <maml:para>Shortcut to specify that we're querying for writable tasks or directories.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: Access --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="AccessRights"> <maml:name>Access</maml:name> <maml:description> <maml:para>Access rights to check for in an object's access.</maml:para> <maml:para>Possible values: None, ReadData, WriteData, AppendData, ReadEa, WriteEa, Execute, DeleteChild, ReadAttributes, WriteAttributes, GenericRead, GenericWrite, GenericExecute, GenericAll, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, MaximumAllowed, AccessSystemSecurity</maml:para> </maml:description> <command:parameterValue required="true">FileAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.FileAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadData</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteData</command:parameterValue> <command:parameterValue required="false" variableLength="false">AppendData</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadEa</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteEa</command:parameterValue> <command:parameterValue required="false" variableLength="false">Execute</command:parameterValue> <command:parameterValue required="false" variableLength="false">DeleteChild</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadAttributes</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteAttributes</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> <command:parameterValue required="false" variableLength="false">AccessSystemSecurity</command:parameterValue> </command:parameterValueGroup> </command:parameter> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="AccessRights"> <maml:name>AccessRights</maml:name> <maml:description> <maml:para>Access rights to check for in an object's access.</maml:para> <maml:para>Possible values: None, ReadData, WriteData, AppendData, ReadEa, WriteEa, Execute, DeleteChild, ReadAttributes, WriteAttributes, GenericRead, GenericWrite, GenericExecute, GenericAll, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, MaximumAllowed, AccessSystemSecurity</maml:para> <maml:para>This is an alias of the Access parameter.</maml:para> </maml:description> <command:parameterValue required="true">FileAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.FileAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadData</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteData</command:parameterValue> <command:parameterValue required="false" variableLength="false">AppendData</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadEa</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteEa</command:parameterValue> <command:parameterValue required="false" variableLength="false">Execute</command:parameterValue> <command:parameterValue required="false" variableLength="false">DeleteChild</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadAttributes</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteAttributes</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> <command:parameterValue required="false" variableLength="false">AccessSystemSecurity</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: AllowPartialAccess --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>AllowPartialAccess</maml:name> <maml:description> <maml:para>If AccessRights specified require that only part of the access rights are required to match an access check.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: AllowEmptyAccess --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>AllowEmptyAccess</maml:name> <maml:description> <maml:para>If set an access entry will be generated even if granted access is 0.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: ProcessId --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ProcessIds"> <maml:name>ProcessId</maml:name> <maml:description> <maml:para>Specify a list of process IDs to open for their tokens.</maml:para> </maml:description> <command:parameterValue required="true">int[]</command:parameterValue> <dev:type> <maml:name>System.Int32[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ProcessIds"> <maml:name>ProcessIds</maml:name> <maml:description> <maml:para>Specify a list of process IDs to open for their tokens.</maml:para> <maml:para>This is an alias of the ProcessId parameter.</maml:para> </maml:description> <command:parameterValue required="true">int[]</command:parameterValue> <dev:type> <maml:name>System.Int32[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: ProcessName --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ProcessNames"> <maml:name>ProcessName</maml:name> <maml:description> <maml:para>Specify a list of process names to open for their tokens.</maml:para> </maml:description> <command:parameterValue required="true">string[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ProcessNames"> <maml:name>ProcessNames</maml:name> <maml:description> <maml:para>Specify a list of process names to open for their tokens.</maml:para> <maml:para>This is an alias of the ProcessName parameter.</maml:para> </maml:description> <command:parameterValue required="true">string[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: ProcessCommandLine --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ProcessCommandLines"> <maml:name>ProcessCommandLine</maml:name> <maml:description> <maml:para>Specify a list of command lines to filter on find for the process tokens.</maml:para> </maml:description> <command:parameterValue required="true">string[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ProcessCommandLines"> <maml:name>ProcessCommandLines</maml:name> <maml:description> <maml:para>Specify a list of command lines to filter on find for the process tokens.</maml:para> <maml:para>This is an alias of the ProcessCommandLine parameter.</maml:para> </maml:description> <command:parameterValue required="true">string[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Token --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="Tokens"> <maml:name>Token</maml:name> <maml:description> <maml:para>Specify a list token objects.</maml:para> </maml:description> <command:parameterValue required="true">NtToken[]</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtToken[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="Tokens"> <maml:name>Tokens</maml:name> <maml:description> <maml:para>Specify a list token objects.</maml:para> <maml:para>This is an alias of the Token parameter.</maml:para> </maml:description> <command:parameterValue required="true">NtToken[]</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtToken[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Process --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="Processes"> <maml:name>Process</maml:name> <maml:description> <maml:para>Specify a list of process objects to get tokens from.</maml:para> </maml:description> <command:parameterValue required="true">NtProcess[]</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtProcess[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="Processes"> <maml:name>Processes</maml:name> <maml:description> <maml:para>Specify a list of process objects to get tokens from.</maml:para> <maml:para>This is an alias of the Process parameter.</maml:para> </maml:description> <command:parameterValue required="true">NtProcess[]</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtProcess[]</maml:name> <maml:uri /> </dev:type> </command:parameter> </command:parameters> <command:inputTypes /> <command:returnValues> <!-- OutputType: ScheduledTaskAccessCheckResult --> <command:returnValue> <dev:type> <maml:name>NtObjectManager.Cmdlets.Accessible.ScheduledTaskAccessCheckResult</maml:name> <maml:uri /> </dev:type> <maml:description> <maml:para>Access check result for a scheduled task.</maml:para> </maml:description> </command:returnValue> </command:returnValues> <command:examples> <command:example> <maml:title>---------- EXAMPLE 1 ----------</maml:title> <dev:code>Get-AccessibleScheduledTask</dev:code> <dev:remarks> <maml:para>Check all accessible scheduled tasks for the current process token.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 2 ----------</maml:title> <dev:code>Get-AccessibleScheduledTask -Executable</dev:code> <dev:remarks> <maml:para>Check all executable scheduled tasks for the current process token.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 3 ----------</maml:title> <dev:code>Get-AccessibleScheduledTask -ProcessIds 1234,5678</dev:code> <dev:remarks> <maml:para>>Check all accessible scheduled tasks for the process tokens of PIDs 1234 and 5678</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 4 ----------</maml:title> <dev:code>$token = Get-NtToken -Primary -Duplicate -IntegrityLevel Low Get-AccessibleScheduledTask -Tokens $token -AccessRights GenericWrite</dev:code> <dev:remarks> <maml:para>Get all scheduled tasks which can be written by a low integrity copy of current token.</maml:para> </dev:remarks> </command:example> </command:examples> </command:command> <!-- Cmdlet: Get-AccessibleService --> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"> <command:details> <command:name>Get-AccessibleService</command:name> <command:verb>Get</command:verb> <command:noun>AccessibleService</command:noun> <maml:description> <maml:para>Get a list of services openable by a specified token.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>This cmdlet checks all services and tries to determine if one or more specified tokens can open them. If no tokens are specified then the current process token is used.</maml:para> </maml:description> <command:syntax> <!-- Parameter set: FromName --> <command:syntaxItem> <maml:name>Get-AccessibleService</maml:name> <!-- Parameter: Name --> <command:parameter required="false" globbing="false" pipelineInput="false" position="0"> <maml:name>Name</maml:name> <maml:description> <maml:para>Specify names of services to check.</maml:para> </maml:description> <command:parameterValue required="true">string[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Access --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="AccessRights"> <maml:name>Access</maml:name> <maml:description> <maml:para>Access rights to check for in an object's access.</maml:para> <maml:para>Possible values: QueryConfig, ChangeConfig, QueryStatus, EnumerateDependents, Start, Stop, PauseContinue, Interrogate, UserDefinedControl, SetStatus, All, GenericRead, GenericWrite, GenericExecute, GenericAll, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, MaximumAllowed, AccessSystemSecurity</maml:para> </maml:description> <command:parameterValue required="true">ServiceAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.Win32.ServiceAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>0</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">QueryConfig</command:parameterValue> <command:parameterValue required="false" variableLength="false">ChangeConfig</command:parameterValue> <command:parameterValue required="false" variableLength="false">QueryStatus</command:parameterValue> <command:parameterValue required="false" variableLength="false">EnumerateDependents</command:parameterValue> <command:parameterValue required="false" variableLength="false">Start</command:parameterValue> <command:parameterValue required="false" variableLength="false">Stop</command:parameterValue> <command:parameterValue required="false" variableLength="false">PauseContinue</command:parameterValue> <command:parameterValue required="false" variableLength="false">Interrogate</command:parameterValue> <command:parameterValue required="false" variableLength="false">UserDefinedControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">SetStatus</command:parameterValue> <command:parameterValue required="false" variableLength="false">All</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> <command:parameterValue required="false" variableLength="false">AccessSystemSecurity</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: AllowEmptyAccess --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>AllowEmptyAccess</maml:name> <maml:description> <maml:para>If set an access entry will be generated even if granted access is 0.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: AllowPartialAccess --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>AllowPartialAccess</maml:name> <maml:description> <maml:para>If AccessRights specified require that only part of the access rights are required to match an access check.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: CheckFiles --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CheckFiles</maml:name> <maml:description> <maml:para>Check for writable service files and directories.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: IgnoreTrigger --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>IgnoreTrigger</maml:name> <maml:description> <maml:para>Ignore triggers when checking maximum access.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: Process --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="Processes"> <maml:name>Process</maml:name> <maml:description> <maml:para>Specify a list of process objects to get tokens from.</maml:para> </maml:description> <command:parameterValue required="true">NtProcess[]</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtProcess[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: ProcessCommandLine --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ProcessCommandLines"> <maml:name>ProcessCommandLine</maml:name> <maml:description> <maml:para>Specify a list of command lines to filter on find for the process tokens.</maml:para> </maml:description> <command:parameterValue required="true">string[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: ProcessId --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ProcessIds"> <maml:name>ProcessId</maml:name> <maml:description> <maml:para>Specify a list of process IDs to open for their tokens.</maml:para> </maml:description> <command:parameterValue required="true">int[]</command:parameterValue> <dev:type> <maml:name>System.Int32[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: ProcessName --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ProcessNames"> <maml:name>ProcessName</maml:name> <maml:description> <maml:para>Specify a list of process names to open for their tokens.</maml:para> </maml:description> <command:parameterValue required="true">string[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Token --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="Tokens"> <maml:name>Token</maml:name> <maml:description> <maml:para>Specify a list token objects.</maml:para> </maml:description> <command:parameterValue required="true">NtToken[]</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtToken[]</maml:name> <maml:uri /> </dev:type> </command:parameter> </command:syntaxItem> <!-- Parameter set: CheckScm --> <command:syntaxItem> <maml:name>Get-AccessibleService</maml:name> <!-- Parameter: Access --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="AccessRights"> <maml:name>Access</maml:name> <maml:description> <maml:para>Access rights to check for in an object's access.</maml:para> <maml:para>Possible values: QueryConfig, ChangeConfig, QueryStatus, EnumerateDependents, Start, Stop, PauseContinue, Interrogate, UserDefinedControl, SetStatus, All, GenericRead, GenericWrite, GenericExecute, GenericAll, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, MaximumAllowed, AccessSystemSecurity</maml:para> </maml:description> <command:parameterValue required="true">ServiceAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.Win32.ServiceAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>0</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">QueryConfig</command:parameterValue> <command:parameterValue required="false" variableLength="false">ChangeConfig</command:parameterValue> <command:parameterValue required="false" variableLength="false">QueryStatus</command:parameterValue> <command:parameterValue required="false" variableLength="false">EnumerateDependents</command:parameterValue> <command:parameterValue required="false" variableLength="false">Start</command:parameterValue> <command:parameterValue required="false" variableLength="false">Stop</command:parameterValue> <command:parameterValue required="false" variableLength="false">PauseContinue</command:parameterValue> <command:parameterValue required="false" variableLength="false">Interrogate</command:parameterValue> <command:parameterValue required="false" variableLength="false">UserDefinedControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">SetStatus</command:parameterValue> <command:parameterValue required="false" variableLength="false">All</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> <command:parameterValue required="false" variableLength="false">AccessSystemSecurity</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: AllowEmptyAccess --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>AllowEmptyAccess</maml:name> <maml:description> <maml:para>If set an access entry will be generated even if granted access is 0.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: AllowPartialAccess --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>AllowPartialAccess</maml:name> <maml:description> <maml:para>If AccessRights specified require that only part of the access rights are required to match an access check.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: CheckScmAccess --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CheckScmAccess</maml:name> <maml:description> <maml:para>Check access to the SCM.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: Process --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="Processes"> <maml:name>Process</maml:name> <maml:description> <maml:para>Specify a list of process objects to get tokens from.</maml:para> </maml:description> <command:parameterValue required="true">NtProcess[]</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtProcess[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: ProcessCommandLine --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ProcessCommandLines"> <maml:name>ProcessCommandLine</maml:name> <maml:description> <maml:para>Specify a list of command lines to filter on find for the process tokens.</maml:para> </maml:description> <command:parameterValue required="true">string[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: ProcessId --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ProcessIds"> <maml:name>ProcessId</maml:name> <maml:description> <maml:para>Specify a list of process IDs to open for their tokens.</maml:para> </maml:description> <command:parameterValue required="true">int[]</command:parameterValue> <dev:type> <maml:name>System.Int32[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: ProcessName --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ProcessNames"> <maml:name>ProcessName</maml:name> <maml:description> <maml:para>Specify a list of process names to open for their tokens.</maml:para> </maml:description> <command:parameterValue required="true">string[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: ScmAccess --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ScmAccess</maml:name> <maml:description> <maml:para>Specify access mask for access to the SCM.</maml:para> <maml:para>Possible values: Connect, CreateService, EnumerateService, Lock, QueryLockStatus, ModifyBootConfig, All, GenericRead, GenericWrite, GenericExecute, GenericAll, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, MaximumAllowed, AccessSystemSecurity</maml:para> </maml:description> <command:parameterValue required="true">ServiceControlManagerAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.Win32.ServiceControlManagerAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>0</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">Connect</command:parameterValue> <command:parameterValue required="false" variableLength="false">CreateService</command:parameterValue> <command:parameterValue required="false" variableLength="false">EnumerateService</command:parameterValue> <command:parameterValue required="false" variableLength="false">Lock</command:parameterValue> <command:parameterValue required="false" variableLength="false">QueryLockStatus</command:parameterValue> <command:parameterValue required="false" variableLength="false">ModifyBootConfig</command:parameterValue> <command:parameterValue required="false" variableLength="false">All</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> <command:parameterValue required="false" variableLength="false">AccessSystemSecurity</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: Token --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="Tokens"> <maml:name>Token</maml:name> <maml:description> <maml:para>Specify a list token objects.</maml:para> </maml:description> <command:parameterValue required="true">NtToken[]</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtToken[]</maml:name> <maml:uri /> </dev:type> </command:parameter> </command:syntaxItem> <!-- Parameter set: All --> <command:syntaxItem> <maml:name>Get-AccessibleService</maml:name> <!-- Parameter: Access --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="AccessRights"> <maml:name>Access</maml:name> <maml:description> <maml:para>Access rights to check for in an object's access.</maml:para> <maml:para>Possible values: QueryConfig, ChangeConfig, QueryStatus, EnumerateDependents, Start, Stop, PauseContinue, Interrogate, UserDefinedControl, SetStatus, All, GenericRead, GenericWrite, GenericExecute, GenericAll, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, MaximumAllowed, AccessSystemSecurity</maml:para> </maml:description> <command:parameterValue required="true">ServiceAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.Win32.ServiceAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>0</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">QueryConfig</command:parameterValue> <command:parameterValue required="false" variableLength="false">ChangeConfig</command:parameterValue> <command:parameterValue required="false" variableLength="false">QueryStatus</command:parameterValue> <command:parameterValue required="false" variableLength="false">EnumerateDependents</command:parameterValue> <command:parameterValue required="false" variableLength="false">Start</command:parameterValue> <command:parameterValue required="false" variableLength="false">Stop</command:parameterValue> <command:parameterValue required="false" variableLength="false">PauseContinue</command:parameterValue> <command:parameterValue required="false" variableLength="false">Interrogate</command:parameterValue> <command:parameterValue required="false" variableLength="false">UserDefinedControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">SetStatus</command:parameterValue> <command:parameterValue required="false" variableLength="false">All</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> <command:parameterValue required="false" variableLength="false">AccessSystemSecurity</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: AllowEmptyAccess --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>AllowEmptyAccess</maml:name> <maml:description> <maml:para>If set an access entry will be generated even if granted access is 0.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: AllowPartialAccess --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>AllowPartialAccess</maml:name> <maml:description> <maml:para>If AccessRights specified require that only part of the access rights are required to match an access check.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: CheckFiles --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CheckFiles</maml:name> <maml:description> <maml:para>Check for writable service files and directories.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: CheckMode --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CheckMode</maml:name> <maml:description> <maml:para>Check mode for accessible services.</maml:para> <maml:para>Possible values: ServiceOnly, DriverOnly, ServiceAndDriver</maml:para> </maml:description> <command:parameterValue required="true">ServiceCheckMode</command:parameterValue> <dev:type> <maml:name>NtObjectManager.Cmdlets.Accessible.ServiceCheckMode</maml:name> <maml:uri /> <maml:description> <maml:para>Check mode for accessible services.</maml:para> </maml:description> </dev:type> <dev:defaultValue>ServiceOnly</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">ServiceOnly</command:parameterValue> <command:parameterValue required="false" variableLength="false">DriverOnly</command:parameterValue> <command:parameterValue required="false" variableLength="false">ServiceAndDriver</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: IgnoreTrigger --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>IgnoreTrigger</maml:name> <maml:description> <maml:para>Ignore triggers when checking maximum access.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: Process --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="Processes"> <maml:name>Process</maml:name> <maml:description> <maml:para>Specify a list of process objects to get tokens from.</maml:para> </maml:description> <command:parameterValue required="true">NtProcess[]</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtProcess[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: ProcessCommandLine --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ProcessCommandLines"> <maml:name>ProcessCommandLine</maml:name> <maml:description> <maml:para>Specify a list of command lines to filter on find for the process tokens.</maml:para> </maml:description> <command:parameterValue required="true">string[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: ProcessId --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ProcessIds"> <maml:name>ProcessId</maml:name> <maml:description> <maml:para>Specify a list of process IDs to open for their tokens.</maml:para> </maml:description> <command:parameterValue required="true">int[]</command:parameterValue> <dev:type> <maml:name>System.Int32[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: ProcessName --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ProcessNames"> <maml:name>ProcessName</maml:name> <maml:description> <maml:para>Specify a list of process names to open for their tokens.</maml:para> </maml:description> <command:parameterValue required="true">string[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Token --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="Tokens"> <maml:name>Token</maml:name> <maml:description> <maml:para>Specify a list token objects.</maml:para> </maml:description> <command:parameterValue required="true">NtToken[]</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtToken[]</maml:name> <maml:uri /> </dev:type> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <!-- Parameter: Name --> <command:parameter required="false" globbing="false" pipelineInput="false" position="0"> <maml:name>Name</maml:name> <maml:description> <maml:para>Specify names of services to check.</maml:para> </maml:description> <command:parameterValue required="true">string[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: CheckScmAccess --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CheckScmAccess</maml:name> <maml:description> <maml:para>Check access to the SCM.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: ScmAccess --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ScmAccess</maml:name> <maml:description> <maml:para>Specify access mask for access to the SCM.</maml:para> <maml:para>Possible values: Connect, CreateService, EnumerateService, Lock, QueryLockStatus, ModifyBootConfig, All, GenericRead, GenericWrite, GenericExecute, GenericAll, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, MaximumAllowed, AccessSystemSecurity</maml:para> </maml:description> <command:parameterValue required="true">ServiceControlManagerAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.Win32.ServiceControlManagerAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>0</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">Connect</command:parameterValue> <command:parameterValue required="false" variableLength="false">CreateService</command:parameterValue> <command:parameterValue required="false" variableLength="false">EnumerateService</command:parameterValue> <command:parameterValue required="false" variableLength="false">Lock</command:parameterValue> <command:parameterValue required="false" variableLength="false">QueryLockStatus</command:parameterValue> <command:parameterValue required="false" variableLength="false">ModifyBootConfig</command:parameterValue> <command:parameterValue required="false" variableLength="false">All</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> <command:parameterValue required="false" variableLength="false">AccessSystemSecurity</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: CheckMode --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CheckMode</maml:name> <maml:description> <maml:para>Check mode for accessible services.</maml:para> <maml:para>Possible values: ServiceOnly, DriverOnly, ServiceAndDriver</maml:para> </maml:description> <command:parameterValue required="true">ServiceCheckMode</command:parameterValue> <dev:type> <maml:name>NtObjectManager.Cmdlets.Accessible.ServiceCheckMode</maml:name> <maml:uri /> <maml:description> <maml:para>Check mode for accessible services.</maml:para> </maml:description> </dev:type> <dev:defaultValue>ServiceOnly</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">ServiceOnly</command:parameterValue> <command:parameterValue required="false" variableLength="false">DriverOnly</command:parameterValue> <command:parameterValue required="false" variableLength="false">ServiceAndDriver</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: IgnoreTrigger --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>IgnoreTrigger</maml:name> <maml:description> <maml:para>Ignore triggers when checking maximum access.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: CheckFiles --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CheckFiles</maml:name> <maml:description> <maml:para>Check for writable service files and directories.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: Access --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="AccessRights"> <maml:name>Access</maml:name> <maml:description> <maml:para>Access rights to check for in an object's access.</maml:para> <maml:para>Possible values: QueryConfig, ChangeConfig, QueryStatus, EnumerateDependents, Start, Stop, PauseContinue, Interrogate, UserDefinedControl, SetStatus, All, GenericRead, GenericWrite, GenericExecute, GenericAll, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, MaximumAllowed, AccessSystemSecurity</maml:para> </maml:description> <command:parameterValue required="true">ServiceAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.Win32.ServiceAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>0</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">QueryConfig</command:parameterValue> <command:parameterValue required="false" variableLength="false">ChangeConfig</command:parameterValue> <command:parameterValue required="false" variableLength="false">QueryStatus</command:parameterValue> <command:parameterValue required="false" variableLength="false">EnumerateDependents</command:parameterValue> <command:parameterValue required="false" variableLength="false">Start</command:parameterValue> <command:parameterValue required="false" variableLength="false">Stop</command:parameterValue> <command:parameterValue required="false" variableLength="false">PauseContinue</command:parameterValue> <command:parameterValue required="false" variableLength="false">Interrogate</command:parameterValue> <command:parameterValue required="false" variableLength="false">UserDefinedControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">SetStatus</command:parameterValue> <command:parameterValue required="false" variableLength="false">All</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> <command:parameterValue required="false" variableLength="false">AccessSystemSecurity</command:parameterValue> </command:parameterValueGroup> </command:parameter> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="AccessRights"> <maml:name>AccessRights</maml:name> <maml:description> <maml:para>Access rights to check for in an object's access.</maml:para> <maml:para>Possible values: QueryConfig, ChangeConfig, QueryStatus, EnumerateDependents, Start, Stop, PauseContinue, Interrogate, UserDefinedControl, SetStatus, All, GenericRead, GenericWrite, GenericExecute, GenericAll, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, MaximumAllowed, AccessSystemSecurity</maml:para> <maml:para>This is an alias of the Access parameter.</maml:para> </maml:description> <command:parameterValue required="true">ServiceAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.Win32.ServiceAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>0</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">QueryConfig</command:parameterValue> <command:parameterValue required="false" variableLength="false">ChangeConfig</command:parameterValue> <command:parameterValue required="false" variableLength="false">QueryStatus</command:parameterValue> <command:parameterValue required="false" variableLength="false">EnumerateDependents</command:parameterValue> <command:parameterValue required="false" variableLength="false">Start</command:parameterValue> <command:parameterValue required="false" variableLength="false">Stop</command:parameterValue> <command:parameterValue required="false" variableLength="false">PauseContinue</command:parameterValue> <command:parameterValue required="false" variableLength="false">Interrogate</command:parameterValue> <command:parameterValue required="false" variableLength="false">UserDefinedControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">SetStatus</command:parameterValue> <command:parameterValue required="false" variableLength="false">All</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> <command:parameterValue required="false" variableLength="false">AccessSystemSecurity</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: AllowPartialAccess --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>AllowPartialAccess</maml:name> <maml:description> <maml:para>If AccessRights specified require that only part of the access rights are required to match an access check.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: AllowEmptyAccess --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>AllowEmptyAccess</maml:name> <maml:description> <maml:para>If set an access entry will be generated even if granted access is 0.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: ProcessId --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ProcessIds"> <maml:name>ProcessId</maml:name> <maml:description> <maml:para>Specify a list of process IDs to open for their tokens.</maml:para> </maml:description> <command:parameterValue required="true">int[]</command:parameterValue> <dev:type> <maml:name>System.Int32[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ProcessIds"> <maml:name>ProcessIds</maml:name> <maml:description> <maml:para>Specify a list of process IDs to open for their tokens.</maml:para> <maml:para>This is an alias of the ProcessId parameter.</maml:para> </maml:description> <command:parameterValue required="true">int[]</command:parameterValue> <dev:type> <maml:name>System.Int32[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: ProcessName --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ProcessNames"> <maml:name>ProcessName</maml:name> <maml:description> <maml:para>Specify a list of process names to open for their tokens.</maml:para> </maml:description> <command:parameterValue required="true">string[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ProcessNames"> <maml:name>ProcessNames</maml:name> <maml:description> <maml:para>Specify a list of process names to open for their tokens.</maml:para> <maml:para>This is an alias of the ProcessName parameter.</maml:para> </maml:description> <command:parameterValue required="true">string[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: ProcessCommandLine --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ProcessCommandLines"> <maml:name>ProcessCommandLine</maml:name> <maml:description> <maml:para>Specify a list of command lines to filter on find for the process tokens.</maml:para> </maml:description> <command:parameterValue required="true">string[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ProcessCommandLines"> <maml:name>ProcessCommandLines</maml:name> <maml:description> <maml:para>Specify a list of command lines to filter on find for the process tokens.</maml:para> <maml:para>This is an alias of the ProcessCommandLine parameter.</maml:para> </maml:description> <command:parameterValue required="true">string[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Token --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="Tokens"> <maml:name>Token</maml:name> <maml:description> <maml:para>Specify a list token objects.</maml:para> </maml:description> <command:parameterValue required="true">NtToken[]</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtToken[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="Tokens"> <maml:name>Tokens</maml:name> <maml:description> <maml:para>Specify a list token objects.</maml:para> <maml:para>This is an alias of the Token parameter.</maml:para> </maml:description> <command:parameterValue required="true">NtToken[]</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtToken[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Process --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="Processes"> <maml:name>Process</maml:name> <maml:description> <maml:para>Specify a list of process objects to get tokens from.</maml:para> </maml:description> <command:parameterValue required="true">NtProcess[]</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtProcess[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="Processes"> <maml:name>Processes</maml:name> <maml:description> <maml:para>Specify a list of process objects to get tokens from.</maml:para> <maml:para>This is an alias of the Process parameter.</maml:para> </maml:description> <command:parameterValue required="true">NtProcess[]</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtProcess[]</maml:name> <maml:uri /> </dev:type> </command:parameter> </command:parameters> <command:inputTypes /> <command:returnValues> <!-- OutputType: CommonAccessCheckResult --> <command:returnValue> <dev:type> <maml:name>NtObjectManager.Cmdlets.Accessible.CommonAccessCheckResult</maml:name> <maml:uri /> </dev:type> <maml:description> <maml:para>General Access check result.</maml:para> </maml:description> </command:returnValue> </command:returnValues> <command:examples> <command:example> <maml:title>---------- EXAMPLE 1 ----------</maml:title> <dev:code>Get-AccessibleService</dev:code> <dev:remarks> <maml:para>Check all accessible services for the current process token.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 2 ----------</maml:title> <dev:code>Get-AccessibleService -CheckScmAccess</dev:code> <dev:remarks> <maml:para>Check access to the SCM for the current process token.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 3 ----------</maml:title> <dev:code>Get-AccessibleService -CheckFiles</dev:code> <dev:remarks> <maml:para>Check all accessible services for the current process token as well as generating access checks for the services files.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 4 ----------</maml:title> <dev:code>Get-AccessibleService -ProcessIds 1234,5678</dev:code> <dev:remarks> <maml:para>>Check all accessible services for the process tokens of PIDs 1234 and 5678</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 5 ----------</maml:title> <dev:code>$token = Get-NtToken -Primary -Duplicate -IntegrityLevel Low Get-AccessibleService -Tokens $token -AccessRights GenericWrite</dev:code> <dev:remarks> <maml:para>Get all services which can be written by a low integrity copy of current token.</maml:para> </dev:remarks> </command:example> </command:examples> </command:command> <!-- Cmdlet: Get-AccessibleToken --> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"> <command:details> <command:name>Get-AccessibleToken</command:name> <command:verb>Get</command:verb> <command:noun>AccessibleToken</command:noun> <maml:description> <maml:para>Get a list of tokens that can be opened by a specified token.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>This cmdlet checks all processes for primary tokens tries to determine if one or more specified tokens can open them. If no tokens are specified then the current process token is used.</maml:para> </maml:description> <command:syntax> <!-- Parameter set: __AllParameterSets --> <command:syntaxItem> <maml:name>Get-AccessibleToken</maml:name> <!-- Parameter: Access --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="AccessRights"> <maml:name>Access</maml:name> <maml:description> <maml:para>Access rights to check for in an object's access.</maml:para> <maml:para>Possible values: AssignPrimary, Duplicate, Impersonate, Query, QuerySource, AdjustPrivileges, AdjustGroups, AdjustDefault, AdjustSessionId, GenericRead, GenericWrite, GenericExecute, GenericAll, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, MaximumAllowed, AccessSystemSecurity</maml:para> </maml:description> <command:parameterValue required="true">TokenAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.TokenAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>0</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">AssignPrimary</command:parameterValue> <command:parameterValue required="false" variableLength="false">Duplicate</command:parameterValue> <command:parameterValue required="false" variableLength="false">Impersonate</command:parameterValue> <command:parameterValue required="false" variableLength="false">Query</command:parameterValue> <command:parameterValue required="false" variableLength="false">QuerySource</command:parameterValue> <command:parameterValue required="false" variableLength="false">AdjustPrivileges</command:parameterValue> <command:parameterValue required="false" variableLength="false">AdjustGroups</command:parameterValue> <command:parameterValue required="false" variableLength="false">AdjustDefault</command:parameterValue> <command:parameterValue required="false" variableLength="false">AdjustSessionId</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> <command:parameterValue required="false" variableLength="false">AccessSystemSecurity</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: AllowEmptyAccess --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>AllowEmptyAccess</maml:name> <maml:description> <maml:para>If set an access entry will be generated even if granted access is 0.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: AllowPartialAccess --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>AllowPartialAccess</maml:name> <maml:description> <maml:para>If AccessRights specified require that only part of the access rights are required to match an access check.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: CurrentSession --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CurrentSession</maml:name> <maml:description> <maml:para>Specify to only look for processes in the current session.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: Process --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="Processes"> <maml:name>Process</maml:name> <maml:description> <maml:para>Specify a list of process objects to get tokens from.</maml:para> </maml:description> <command:parameterValue required="true">NtProcess[]</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtProcess[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: ProcessCommandLine --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ProcessCommandLines"> <maml:name>ProcessCommandLine</maml:name> <maml:description> <maml:para>Specify a list of command lines to filter on find for the process tokens.</maml:para> </maml:description> <command:parameterValue required="true">string[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: ProcessId --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ProcessIds"> <maml:name>ProcessId</maml:name> <maml:description> <maml:para>Specify a list of process IDs to open for their tokens.</maml:para> </maml:description> <command:parameterValue required="true">int[]</command:parameterValue> <dev:type> <maml:name>System.Int32[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: ProcessName --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ProcessNames"> <maml:name>ProcessName</maml:name> <maml:description> <maml:para>Specify a list of process names to open for their tokens.</maml:para> </maml:description> <command:parameterValue required="true">string[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: ShowDeadProcesses --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ShowDeadProcesses</maml:name> <maml:description> <maml:para>Specify that dead process tokens should be shown.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: Token --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="Tokens"> <maml:name>Token</maml:name> <maml:description> <maml:para>Specify a list token objects.</maml:para> </maml:description> <command:parameterValue required="true">NtToken[]</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtToken[]</maml:name> <maml:uri /> </dev:type> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <!-- Parameter: ShowDeadProcesses --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ShowDeadProcesses</maml:name> <maml:description> <maml:para>Specify that dead process tokens should be shown.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: CurrentSession --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CurrentSession</maml:name> <maml:description> <maml:para>Specify to only look for processes in the current session.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: Access --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="AccessRights"> <maml:name>Access</maml:name> <maml:description> <maml:para>Access rights to check for in an object's access.</maml:para> <maml:para>Possible values: AssignPrimary, Duplicate, Impersonate, Query, QuerySource, AdjustPrivileges, AdjustGroups, AdjustDefault, AdjustSessionId, GenericRead, GenericWrite, GenericExecute, GenericAll, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, MaximumAllowed, AccessSystemSecurity</maml:para> </maml:description> <command:parameterValue required="true">TokenAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.TokenAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>0</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">AssignPrimary</command:parameterValue> <command:parameterValue required="false" variableLength="false">Duplicate</command:parameterValue> <command:parameterValue required="false" variableLength="false">Impersonate</command:parameterValue> <command:parameterValue required="false" variableLength="false">Query</command:parameterValue> <command:parameterValue required="false" variableLength="false">QuerySource</command:parameterValue> <command:parameterValue required="false" variableLength="false">AdjustPrivileges</command:parameterValue> <command:parameterValue required="false" variableLength="false">AdjustGroups</command:parameterValue> <command:parameterValue required="false" variableLength="false">AdjustDefault</command:parameterValue> <command:parameterValue required="false" variableLength="false">AdjustSessionId</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> <command:parameterValue required="false" variableLength="false">AccessSystemSecurity</command:parameterValue> </command:parameterValueGroup> </command:parameter> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="AccessRights"> <maml:name>AccessRights</maml:name> <maml:description> <maml:para>Access rights to check for in an object's access.</maml:para> <maml:para>Possible values: AssignPrimary, Duplicate, Impersonate, Query, QuerySource, AdjustPrivileges, AdjustGroups, AdjustDefault, AdjustSessionId, GenericRead, GenericWrite, GenericExecute, GenericAll, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, MaximumAllowed, AccessSystemSecurity</maml:para> <maml:para>This is an alias of the Access parameter.</maml:para> </maml:description> <command:parameterValue required="true">TokenAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.TokenAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>0</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">AssignPrimary</command:parameterValue> <command:parameterValue required="false" variableLength="false">Duplicate</command:parameterValue> <command:parameterValue required="false" variableLength="false">Impersonate</command:parameterValue> <command:parameterValue required="false" variableLength="false">Query</command:parameterValue> <command:parameterValue required="false" variableLength="false">QuerySource</command:parameterValue> <command:parameterValue required="false" variableLength="false">AdjustPrivileges</command:parameterValue> <command:parameterValue required="false" variableLength="false">AdjustGroups</command:parameterValue> <command:parameterValue required="false" variableLength="false">AdjustDefault</command:parameterValue> <command:parameterValue required="false" variableLength="false">AdjustSessionId</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> <command:parameterValue required="false" variableLength="false">AccessSystemSecurity</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: AllowPartialAccess --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>AllowPartialAccess</maml:name> <maml:description> <maml:para>If AccessRights specified require that only part of the access rights are required to match an access check.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: AllowEmptyAccess --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>AllowEmptyAccess</maml:name> <maml:description> <maml:para>If set an access entry will be generated even if granted access is 0.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: ProcessId --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ProcessIds"> <maml:name>ProcessId</maml:name> <maml:description> <maml:para>Specify a list of process IDs to open for their tokens.</maml:para> </maml:description> <command:parameterValue required="true">int[]</command:parameterValue> <dev:type> <maml:name>System.Int32[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ProcessIds"> <maml:name>ProcessIds</maml:name> <maml:description> <maml:para>Specify a list of process IDs to open for their tokens.</maml:para> <maml:para>This is an alias of the ProcessId parameter.</maml:para> </maml:description> <command:parameterValue required="true">int[]</command:parameterValue> <dev:type> <maml:name>System.Int32[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: ProcessName --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ProcessNames"> <maml:name>ProcessName</maml:name> <maml:description> <maml:para>Specify a list of process names to open for their tokens.</maml:para> </maml:description> <command:parameterValue required="true">string[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ProcessNames"> <maml:name>ProcessNames</maml:name> <maml:description> <maml:para>Specify a list of process names to open for their tokens.</maml:para> <maml:para>This is an alias of the ProcessName parameter.</maml:para> </maml:description> <command:parameterValue required="true">string[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: ProcessCommandLine --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ProcessCommandLines"> <maml:name>ProcessCommandLine</maml:name> <maml:description> <maml:para>Specify a list of command lines to filter on find for the process tokens.</maml:para> </maml:description> <command:parameterValue required="true">string[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ProcessCommandLines"> <maml:name>ProcessCommandLines</maml:name> <maml:description> <maml:para>Specify a list of command lines to filter on find for the process tokens.</maml:para> <maml:para>This is an alias of the ProcessCommandLine parameter.</maml:para> </maml:description> <command:parameterValue required="true">string[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Token --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="Tokens"> <maml:name>Token</maml:name> <maml:description> <maml:para>Specify a list token objects.</maml:para> </maml:description> <command:parameterValue required="true">NtToken[]</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtToken[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="Tokens"> <maml:name>Tokens</maml:name> <maml:description> <maml:para>Specify a list token objects.</maml:para> <maml:para>This is an alias of the Token parameter.</maml:para> </maml:description> <command:parameterValue required="true">NtToken[]</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtToken[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Process --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="Processes"> <maml:name>Process</maml:name> <maml:description> <maml:para>Specify a list of process objects to get tokens from.</maml:para> </maml:description> <command:parameterValue required="true">NtProcess[]</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtProcess[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="Processes"> <maml:name>Processes</maml:name> <maml:description> <maml:para>Specify a list of process objects to get tokens from.</maml:para> <maml:para>This is an alias of the Process parameter.</maml:para> </maml:description> <command:parameterValue required="true">NtProcess[]</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtProcess[]</maml:name> <maml:uri /> </dev:type> </command:parameter> </command:parameters> <command:inputTypes /> <command:returnValues> <!-- OutputType: TokenAccessCheckResult --> <command:returnValue> <dev:type> <maml:name>NtObjectManager.Cmdlets.Accessible.TokenAccessCheckResult</maml:name> <maml:uri /> </dev:type> <maml:description> <maml:para>Access check result for a token.</maml:para> </maml:description> </command:returnValue> </command:returnValues> <command:examples> <command:example> <maml:title>---------- EXAMPLE 1 ----------</maml:title> <dev:code>Get-AccessibleToken</dev:code> <dev:remarks> <maml:para>Check all accessible tokens for the current process token.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 2 ----------</maml:title> <dev:code>Get-AccessibleToken -ProcessIds 1234,5678</dev:code> <dev:remarks> <maml:para>>Check all accessible tokens for the process tokens of PIDs 1234 and 5678</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 3 ----------</maml:title> <dev:code>$token = Get-NtToken -Primary -Duplicate -IntegrityLevel Low Get-AccessibleToken -Tokens $token -AccessRights GenericWrite</dev:code> <dev:remarks> <maml:para>Get all tokens with can be written by a low integrity copy of current token.</maml:para> </dev:remarks> </command:example> </command:examples> </command:command> <!-- Cmdlet: Get-AccessibleWindowStation --> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"> <command:details> <command:name>Get-AccessibleWindowStation</command:name> <command:verb>Get</command:verb> <command:noun>AccessibleWindowStation</command:noun> <maml:description> <maml:para>Get a list of Window Station an/or Desktops accessible by a specified token.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>This cmdlet checks all Window Stations/Desktops and tries to determine if one or more specified tokens can access them. If no tokens are specified then the current process token is used. Note, this will only check the current session.</maml:para> </maml:description> <command:syntax> <!-- Parameter set: __AllParameterSets --> <command:syntaxItem> <maml:name>Get-AccessibleWindowStation</maml:name> <!-- Parameter: Access --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="AccessRights"> <maml:name>Access</maml:name> <maml:description> <maml:para>Access rights to check for in an object's access.</maml:para> <maml:para>Possible values: EnumDesktops, ReadAttributes, AccessClipboard, CreateDesktop, WriteAttributes, AccessGlobalAtoms, ExitWindows, Enumerate, ReadScreen, GenericRead, GenericWrite, GenericExecute, GenericAll, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, MaximumAllowed, AccessSystemSecurity</maml:para> </maml:description> <command:parameterValue required="true">WindowStationAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.WindowStationAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>0</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">EnumDesktops</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadAttributes</command:parameterValue> <command:parameterValue required="false" variableLength="false">AccessClipboard</command:parameterValue> <command:parameterValue required="false" variableLength="false">CreateDesktop</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteAttributes</command:parameterValue> <command:parameterValue required="false" variableLength="false">AccessGlobalAtoms</command:parameterValue> <command:parameterValue required="false" variableLength="false">ExitWindows</command:parameterValue> <command:parameterValue required="false" variableLength="false">Enumerate</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadScreen</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> <command:parameterValue required="false" variableLength="false">AccessSystemSecurity</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: AllowEmptyAccess --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>AllowEmptyAccess</maml:name> <maml:description> <maml:para>If set an access entry will be generated even if granted access is 0.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: AllowPartialAccess --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>AllowPartialAccess</maml:name> <maml:description> <maml:para>If AccessRights specified require that only part of the access rights are required to match an access check.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: CheckMode --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CheckMode</maml:name> <maml:description> <maml:para>Specify check mode.</maml:para> <maml:para>Possible values: WindowStationOnly, DesktopOnly, WindowStationAndDesktop</maml:para> </maml:description> <command:parameterValue required="true">WindowStationCheckMode</command:parameterValue> <dev:type> <maml:name>NtObjectManager.Cmdlets.Accessible.WindowStationCheckMode</maml:name> <maml:uri /> <maml:description> <maml:para>Specify check mode.</maml:para> </maml:description> </dev:type> <dev:defaultValue>WindowStationOnly</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">WindowStationOnly</command:parameterValue> <command:parameterValue required="false" variableLength="false">DesktopOnly</command:parameterValue> <command:parameterValue required="false" variableLength="false">WindowStationAndDesktop</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: DesktopAccess --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="DesktopAccessRights"> <maml:name>DesktopAccess</maml:name> <maml:description> <maml:para>Specify desktop access rights when checking Desktops.</maml:para> <maml:para>Possible values: ReadObjects, CreateWindow, CreateMenu, HookControl, JournalRecord, JournalPlayback, Enumerate, WriteObjects, SwitchDesktop, GenericRead, GenericWrite, GenericExecute, GenericAll, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, MaximumAllowed, AccessSystemSecurity</maml:para> </maml:description> <command:parameterValue required="true">DesktopAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.DesktopAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>0</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">ReadObjects</command:parameterValue> <command:parameterValue required="false" variableLength="false">CreateWindow</command:parameterValue> <command:parameterValue required="false" variableLength="false">CreateMenu</command:parameterValue> <command:parameterValue required="false" variableLength="false">HookControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">JournalRecord</command:parameterValue> <command:parameterValue required="false" variableLength="false">JournalPlayback</command:parameterValue> <command:parameterValue required="false" variableLength="false">Enumerate</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteObjects</command:parameterValue> <command:parameterValue required="false" variableLength="false">SwitchDesktop</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> <command:parameterValue required="false" variableLength="false">AccessSystemSecurity</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: Process --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="Processes"> <maml:name>Process</maml:name> <maml:description> <maml:para>Specify a list of process objects to get tokens from.</maml:para> </maml:description> <command:parameterValue required="true">NtProcess[]</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtProcess[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: ProcessCommandLine --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ProcessCommandLines"> <maml:name>ProcessCommandLine</maml:name> <maml:description> <maml:para>Specify a list of command lines to filter on find for the process tokens.</maml:para> </maml:description> <command:parameterValue required="true">string[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: ProcessId --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ProcessIds"> <maml:name>ProcessId</maml:name> <maml:description> <maml:para>Specify a list of process IDs to open for their tokens.</maml:para> </maml:description> <command:parameterValue required="true">int[]</command:parameterValue> <dev:type> <maml:name>System.Int32[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: ProcessName --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ProcessNames"> <maml:name>ProcessName</maml:name> <maml:description> <maml:para>Specify a list of process names to open for their tokens.</maml:para> </maml:description> <command:parameterValue required="true">string[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Token --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="Tokens"> <maml:name>Token</maml:name> <maml:description> <maml:para>Specify a list token objects.</maml:para> </maml:description> <command:parameterValue required="true">NtToken[]</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtToken[]</maml:name> <maml:uri /> </dev:type> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <!-- Parameter: CheckMode --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CheckMode</maml:name> <maml:description> <maml:para>Specify check mode.</maml:para> <maml:para>Possible values: WindowStationOnly, DesktopOnly, WindowStationAndDesktop</maml:para> </maml:description> <command:parameterValue required="true">WindowStationCheckMode</command:parameterValue> <dev:type> <maml:name>NtObjectManager.Cmdlets.Accessible.WindowStationCheckMode</maml:name> <maml:uri /> <maml:description> <maml:para>Specify check mode.</maml:para> </maml:description> </dev:type> <dev:defaultValue>WindowStationOnly</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">WindowStationOnly</command:parameterValue> <command:parameterValue required="false" variableLength="false">DesktopOnly</command:parameterValue> <command:parameterValue required="false" variableLength="false">WindowStationAndDesktop</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: DesktopAccess --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="DesktopAccessRights"> <maml:name>DesktopAccess</maml:name> <maml:description> <maml:para>Specify desktop access rights when checking Desktops.</maml:para> <maml:para>Possible values: ReadObjects, CreateWindow, CreateMenu, HookControl, JournalRecord, JournalPlayback, Enumerate, WriteObjects, SwitchDesktop, GenericRead, GenericWrite, GenericExecute, GenericAll, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, MaximumAllowed, AccessSystemSecurity</maml:para> </maml:description> <command:parameterValue required="true">DesktopAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.DesktopAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>0</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">ReadObjects</command:parameterValue> <command:parameterValue required="false" variableLength="false">CreateWindow</command:parameterValue> <command:parameterValue required="false" variableLength="false">CreateMenu</command:parameterValue> <command:parameterValue required="false" variableLength="false">HookControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">JournalRecord</command:parameterValue> <command:parameterValue required="false" variableLength="false">JournalPlayback</command:parameterValue> <command:parameterValue required="false" variableLength="false">Enumerate</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteObjects</command:parameterValue> <command:parameterValue required="false" variableLength="false">SwitchDesktop</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> <command:parameterValue required="false" variableLength="false">AccessSystemSecurity</command:parameterValue> </command:parameterValueGroup> </command:parameter> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="DesktopAccessRights"> <maml:name>DesktopAccessRights</maml:name> <maml:description> <maml:para>Specify desktop access rights when checking Desktops.</maml:para> <maml:para>Possible values: ReadObjects, CreateWindow, CreateMenu, HookControl, JournalRecord, JournalPlayback, Enumerate, WriteObjects, SwitchDesktop, GenericRead, GenericWrite, GenericExecute, GenericAll, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, MaximumAllowed, AccessSystemSecurity</maml:para> <maml:para>This is an alias of the DesktopAccess parameter.</maml:para> </maml:description> <command:parameterValue required="true">DesktopAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.DesktopAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>0</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">ReadObjects</command:parameterValue> <command:parameterValue required="false" variableLength="false">CreateWindow</command:parameterValue> <command:parameterValue required="false" variableLength="false">CreateMenu</command:parameterValue> <command:parameterValue required="false" variableLength="false">HookControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">JournalRecord</command:parameterValue> <command:parameterValue required="false" variableLength="false">JournalPlayback</command:parameterValue> <command:parameterValue required="false" variableLength="false">Enumerate</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteObjects</command:parameterValue> <command:parameterValue required="false" variableLength="false">SwitchDesktop</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> <command:parameterValue required="false" variableLength="false">AccessSystemSecurity</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: Access --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="AccessRights"> <maml:name>Access</maml:name> <maml:description> <maml:para>Access rights to check for in an object's access.</maml:para> <maml:para>Possible values: EnumDesktops, ReadAttributes, AccessClipboard, CreateDesktop, WriteAttributes, AccessGlobalAtoms, ExitWindows, Enumerate, ReadScreen, GenericRead, GenericWrite, GenericExecute, GenericAll, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, MaximumAllowed, AccessSystemSecurity</maml:para> </maml:description> <command:parameterValue required="true">WindowStationAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.WindowStationAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>0</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">EnumDesktops</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadAttributes</command:parameterValue> <command:parameterValue required="false" variableLength="false">AccessClipboard</command:parameterValue> <command:parameterValue required="false" variableLength="false">CreateDesktop</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteAttributes</command:parameterValue> <command:parameterValue required="false" variableLength="false">AccessGlobalAtoms</command:parameterValue> <command:parameterValue required="false" variableLength="false">ExitWindows</command:parameterValue> <command:parameterValue required="false" variableLength="false">Enumerate</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadScreen</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> <command:parameterValue required="false" variableLength="false">AccessSystemSecurity</command:parameterValue> </command:parameterValueGroup> </command:parameter> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="AccessRights"> <maml:name>AccessRights</maml:name> <maml:description> <maml:para>Access rights to check for in an object's access.</maml:para> <maml:para>Possible values: EnumDesktops, ReadAttributes, AccessClipboard, CreateDesktop, WriteAttributes, AccessGlobalAtoms, ExitWindows, Enumerate, ReadScreen, GenericRead, GenericWrite, GenericExecute, GenericAll, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, MaximumAllowed, AccessSystemSecurity</maml:para> <maml:para>This is an alias of the Access parameter.</maml:para> </maml:description> <command:parameterValue required="true">WindowStationAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.WindowStationAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>0</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">EnumDesktops</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadAttributes</command:parameterValue> <command:parameterValue required="false" variableLength="false">AccessClipboard</command:parameterValue> <command:parameterValue required="false" variableLength="false">CreateDesktop</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteAttributes</command:parameterValue> <command:parameterValue required="false" variableLength="false">AccessGlobalAtoms</command:parameterValue> <command:parameterValue required="false" variableLength="false">ExitWindows</command:parameterValue> <command:parameterValue required="false" variableLength="false">Enumerate</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadScreen</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> <command:parameterValue required="false" variableLength="false">AccessSystemSecurity</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: AllowPartialAccess --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>AllowPartialAccess</maml:name> <maml:description> <maml:para>If AccessRights specified require that only part of the access rights are required to match an access check.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: AllowEmptyAccess --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>AllowEmptyAccess</maml:name> <maml:description> <maml:para>If set an access entry will be generated even if granted access is 0.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: ProcessId --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ProcessIds"> <maml:name>ProcessId</maml:name> <maml:description> <maml:para>Specify a list of process IDs to open for their tokens.</maml:para> </maml:description> <command:parameterValue required="true">int[]</command:parameterValue> <dev:type> <maml:name>System.Int32[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ProcessIds"> <maml:name>ProcessIds</maml:name> <maml:description> <maml:para>Specify a list of process IDs to open for their tokens.</maml:para> <maml:para>This is an alias of the ProcessId parameter.</maml:para> </maml:description> <command:parameterValue required="true">int[]</command:parameterValue> <dev:type> <maml:name>System.Int32[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: ProcessName --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ProcessNames"> <maml:name>ProcessName</maml:name> <maml:description> <maml:para>Specify a list of process names to open for their tokens.</maml:para> </maml:description> <command:parameterValue required="true">string[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ProcessNames"> <maml:name>ProcessNames</maml:name> <maml:description> <maml:para>Specify a list of process names to open for their tokens.</maml:para> <maml:para>This is an alias of the ProcessName parameter.</maml:para> </maml:description> <command:parameterValue required="true">string[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: ProcessCommandLine --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ProcessCommandLines"> <maml:name>ProcessCommandLine</maml:name> <maml:description> <maml:para>Specify a list of command lines to filter on find for the process tokens.</maml:para> </maml:description> <command:parameterValue required="true">string[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ProcessCommandLines"> <maml:name>ProcessCommandLines</maml:name> <maml:description> <maml:para>Specify a list of command lines to filter on find for the process tokens.</maml:para> <maml:para>This is an alias of the ProcessCommandLine parameter.</maml:para> </maml:description> <command:parameterValue required="true">string[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Token --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="Tokens"> <maml:name>Token</maml:name> <maml:description> <maml:para>Specify a list token objects.</maml:para> </maml:description> <command:parameterValue required="true">NtToken[]</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtToken[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="Tokens"> <maml:name>Tokens</maml:name> <maml:description> <maml:para>Specify a list token objects.</maml:para> <maml:para>This is an alias of the Token parameter.</maml:para> </maml:description> <command:parameterValue required="true">NtToken[]</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtToken[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Process --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="Processes"> <maml:name>Process</maml:name> <maml:description> <maml:para>Specify a list of process objects to get tokens from.</maml:para> </maml:description> <command:parameterValue required="true">NtProcess[]</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtProcess[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="Processes"> <maml:name>Processes</maml:name> <maml:description> <maml:para>Specify a list of process objects to get tokens from.</maml:para> <maml:para>This is an alias of the Process parameter.</maml:para> </maml:description> <command:parameterValue required="true">NtProcess[]</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtProcess[]</maml:name> <maml:uri /> </dev:type> </command:parameter> </command:parameters> <command:inputTypes /> <command:returnValues> <!-- OutputType: CommonAccessCheckResult --> <command:returnValue> <dev:type> <maml:name>NtObjectManager.Cmdlets.Accessible.CommonAccessCheckResult</maml:name> <maml:uri /> </dev:type> <maml:description> <maml:para>General Access check result.</maml:para> </maml:description> </command:returnValue> </command:returnValues> <command:examples> <command:example> <maml:title>---------- EXAMPLE 1 ----------</maml:title> <dev:code>Get-AccessibleWindowStation</dev:code> <dev:remarks> <maml:para>Check all accessible Window Stations for the current process token.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 2 ----------</maml:title> <dev:code>Get-AccessibleWindowStation -CheckMode WindowStationAndDesktop</dev:code> <dev:remarks> <maml:para>Check all accessible Window Stations and Desktops for the current process token.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 3 ----------</maml:title> <dev:code>Get-AccessibleWindowStation -ProcessIds 1234,5678</dev:code> <dev:remarks> <maml:para>>Check all accessible Window Stations for the process tokens of PIDs 1234 and 5678</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 4 ----------</maml:title> <dev:code>$token = Get-NtToken -Primary -Duplicate -IntegrityLevel Low Get-AccessibleWindowStation -Tokens $token</dev:code> <dev:remarks> <maml:para>Get all Window Stations which can be accessed by a low integrity copy of current token.</maml:para> </dev:remarks> </command:example> </command:examples> </command:command> <!-- Cmdlet: Get-AccessibleWnf --> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"> <command:details> <command:name>Get-AccessibleWnf</command:name> <command:verb>Get</command:verb> <command:noun>AccessibleWnf</command:noun> <maml:description> <maml:para>Get a list of WNF notifications accessible by a specified token.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>This cmdlet checks all WNF providers and tries to determine if one or more specified tokens can access them. If no tokens are specified then the current process token is used.</maml:para> </maml:description> <command:syntax> <!-- Parameter set: __AllParameterSets --> <command:syntaxItem> <maml:name>Get-AccessibleWnf</maml:name> <!-- Parameter: Access --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="AccessRights"> <maml:name>Access</maml:name> <maml:description> <maml:para>Access rights to check for in an object's access.</maml:para> <maml:para>Possible values: ReadData, WriteData, Unknown10, GenericRead, GenericWrite, GenericExecute, GenericAll, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, MaximumAllowed, AccessSystemSecurity</maml:para> </maml:description> <command:parameterValue required="true">WnfAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.WnfAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>0</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">ReadData</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteData</command:parameterValue> <command:parameterValue required="false" variableLength="false">Unknown10</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> <command:parameterValue required="false" variableLength="false">AccessSystemSecurity</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: AllowEmptyAccess --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>AllowEmptyAccess</maml:name> <maml:description> <maml:para>If set an access entry will be generated even if granted access is 0.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: AllowPartialAccess --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>AllowPartialAccess</maml:name> <maml:description> <maml:para>If AccessRights specified require that only part of the access rights are required to match an access check.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: Process --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="Processes"> <maml:name>Process</maml:name> <maml:description> <maml:para>Specify a list of process objects to get tokens from.</maml:para> </maml:description> <command:parameterValue required="true">NtProcess[]</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtProcess[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: ProcessCommandLine --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ProcessCommandLines"> <maml:name>ProcessCommandLine</maml:name> <maml:description> <maml:para>Specify a list of command lines to filter on find for the process tokens.</maml:para> </maml:description> <command:parameterValue required="true">string[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: ProcessId --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ProcessIds"> <maml:name>ProcessId</maml:name> <maml:description> <maml:para>Specify a list of process IDs to open for their tokens.</maml:para> </maml:description> <command:parameterValue required="true">int[]</command:parameterValue> <dev:type> <maml:name>System.Int32[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: ProcessName --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ProcessNames"> <maml:name>ProcessName</maml:name> <maml:description> <maml:para>Specify a list of process names to open for their tokens.</maml:para> </maml:description> <command:parameterValue required="true">string[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Token --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="Tokens"> <maml:name>Token</maml:name> <maml:description> <maml:para>Specify a list token objects.</maml:para> </maml:description> <command:parameterValue required="true">NtToken[]</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtToken[]</maml:name> <maml:uri /> </dev:type> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <!-- Parameter: Access --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="AccessRights"> <maml:name>Access</maml:name> <maml:description> <maml:para>Access rights to check for in an object's access.</maml:para> <maml:para>Possible values: ReadData, WriteData, Unknown10, GenericRead, GenericWrite, GenericExecute, GenericAll, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, MaximumAllowed, AccessSystemSecurity</maml:para> </maml:description> <command:parameterValue required="true">WnfAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.WnfAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>0</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">ReadData</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteData</command:parameterValue> <command:parameterValue required="false" variableLength="false">Unknown10</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> <command:parameterValue required="false" variableLength="false">AccessSystemSecurity</command:parameterValue> </command:parameterValueGroup> </command:parameter> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="AccessRights"> <maml:name>AccessRights</maml:name> <maml:description> <maml:para>Access rights to check for in an object's access.</maml:para> <maml:para>Possible values: ReadData, WriteData, Unknown10, GenericRead, GenericWrite, GenericExecute, GenericAll, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, MaximumAllowed, AccessSystemSecurity</maml:para> <maml:para>This is an alias of the Access parameter.</maml:para> </maml:description> <command:parameterValue required="true">WnfAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.WnfAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>0</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">ReadData</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteData</command:parameterValue> <command:parameterValue required="false" variableLength="false">Unknown10</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> <command:parameterValue required="false" variableLength="false">AccessSystemSecurity</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: AllowPartialAccess --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>AllowPartialAccess</maml:name> <maml:description> <maml:para>If AccessRights specified require that only part of the access rights are required to match an access check.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: AllowEmptyAccess --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>AllowEmptyAccess</maml:name> <maml:description> <maml:para>If set an access entry will be generated even if granted access is 0.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: ProcessId --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ProcessIds"> <maml:name>ProcessId</maml:name> <maml:description> <maml:para>Specify a list of process IDs to open for their tokens.</maml:para> </maml:description> <command:parameterValue required="true">int[]</command:parameterValue> <dev:type> <maml:name>System.Int32[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ProcessIds"> <maml:name>ProcessIds</maml:name> <maml:description> <maml:para>Specify a list of process IDs to open for their tokens.</maml:para> <maml:para>This is an alias of the ProcessId parameter.</maml:para> </maml:description> <command:parameterValue required="true">int[]</command:parameterValue> <dev:type> <maml:name>System.Int32[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: ProcessName --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ProcessNames"> <maml:name>ProcessName</maml:name> <maml:description> <maml:para>Specify a list of process names to open for their tokens.</maml:para> </maml:description> <command:parameterValue required="true">string[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ProcessNames"> <maml:name>ProcessNames</maml:name> <maml:description> <maml:para>Specify a list of process names to open for their tokens.</maml:para> <maml:para>This is an alias of the ProcessName parameter.</maml:para> </maml:description> <command:parameterValue required="true">string[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: ProcessCommandLine --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ProcessCommandLines"> <maml:name>ProcessCommandLine</maml:name> <maml:description> <maml:para>Specify a list of command lines to filter on find for the process tokens.</maml:para> </maml:description> <command:parameterValue required="true">string[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ProcessCommandLines"> <maml:name>ProcessCommandLines</maml:name> <maml:description> <maml:para>Specify a list of command lines to filter on find for the process tokens.</maml:para> <maml:para>This is an alias of the ProcessCommandLine parameter.</maml:para> </maml:description> <command:parameterValue required="true">string[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Token --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="Tokens"> <maml:name>Token</maml:name> <maml:description> <maml:para>Specify a list token objects.</maml:para> </maml:description> <command:parameterValue required="true">NtToken[]</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtToken[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="Tokens"> <maml:name>Tokens</maml:name> <maml:description> <maml:para>Specify a list token objects.</maml:para> <maml:para>This is an alias of the Token parameter.</maml:para> </maml:description> <command:parameterValue required="true">NtToken[]</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtToken[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Process --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="Processes"> <maml:name>Process</maml:name> <maml:description> <maml:para>Specify a list of process objects to get tokens from.</maml:para> </maml:description> <command:parameterValue required="true">NtProcess[]</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtProcess[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="Processes"> <maml:name>Processes</maml:name> <maml:description> <maml:para>Specify a list of process objects to get tokens from.</maml:para> <maml:para>This is an alias of the Process parameter.</maml:para> </maml:description> <command:parameterValue required="true">NtProcess[]</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtProcess[]</maml:name> <maml:uri /> </dev:type> </command:parameter> </command:parameters> <command:inputTypes /> <command:returnValues> <!-- OutputType: CommonAccessCheckResult --> <command:returnValue> <dev:type> <maml:name>NtObjectManager.Cmdlets.Accessible.CommonAccessCheckResult</maml:name> <maml:uri /> </dev:type> <maml:description> <maml:para>General Access check result.</maml:para> </maml:description> </command:returnValue> </command:returnValues> <command:examples> <command:example> <maml:title>---------- EXAMPLE 1 ----------</maml:title> <dev:code>Get-AccessibleWnf</dev:code> <dev:remarks> <maml:para>Check all accessible WNF notifications for the current process token.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 2 ----------</maml:title> <dev:code>Get-AccessibleWnf -ProcessIds 1234,5678</dev:code> <dev:remarks> <maml:para>>Check all accessible WNF notifications for the process tokens of PIDs 1234 and 5678</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 3 ----------</maml:title> <dev:code>$token = Get-NtToken -Primary -Duplicate -IntegrityLevel Low Get-AccessibleWnf -Tokens $token</dev:code> <dev:remarks> <maml:para>Get all WNF notifications which can be accessed by a low integrity copy of current token.</maml:para> </dev:remarks> </command:example> </command:examples> </command:command> <!-- Cmdlet: New-AuthZContext --> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"> <command:details> <command:name>New-AuthZContext</command:name> <command:verb>New</command:verb> <command:noun>AuthZContext</command:noun> <maml:description> <maml:para>Create a new AuthZ Client Context..</maml:para> </maml:description> </command:details> <maml:description> <maml:para>This cmdlet creates a new AuthZ Client Context.</maml:para> </maml:description> <command:syntax> <!-- Parameter set: FromToken --> <command:syntaxItem> <maml:name>New-AuthZContext</maml:name> <!-- Parameter: ResourceManager --> <command:parameter required="true" globbing="false" pipelineInput="false" position="0"> <maml:name>ResourceManager</maml:name> <maml:description> <maml:para>Specify the Resource Manager.</maml:para> </maml:description> <command:parameterValue required="true">AuthZResourceManager</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.Win32.Security.Authorization.AuthZResourceManager</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Token --> <command:parameter required="false" globbing="false" pipelineInput="false" position="1"> <maml:name>Token</maml:name> <maml:description> <maml:para>Specify the Token to base the Client Context.</maml:para> </maml:description> <command:parameterValue required="true">NtToken</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtToken</maml:name> <maml:uri /> </dev:type> </command:parameter> </command:syntaxItem> <!-- Parameter set: FromSid --> <command:syntaxItem> <maml:name>New-AuthZContext</maml:name> <!-- Parameter: ResourceManager --> <command:parameter required="true" globbing="false" pipelineInput="false" position="0"> <maml:name>ResourceManager</maml:name> <maml:description> <maml:para>Specify the Resource Manager.</maml:para> </maml:description> <command:parameterValue required="true">AuthZResourceManager</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.Win32.Security.Authorization.AuthZResourceManager</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Sid --> <command:parameter required="true" globbing="false" pipelineInput="false" position="named"> <maml:name>Sid</maml:name> <maml:description> <maml:para>Specify the SID to base the Client Context.</maml:para> </maml:description> <command:parameterValue required="true">Sid</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.Sid</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Flags --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Flags</maml:name> <maml:description> <maml:para>Specify the flags for the Client Context.</maml:para> <maml:para>Possible values: None, SkipTokenGroups, RequireS4ULogon, ComputePrivileges</maml:para> </maml:description> <command:parameterValue required="true">AuthZContextInitializeSidFlags</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.Win32.Security.Authorization.AuthZContextInitializeSidFlags</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">SkipTokenGroups</command:parameterValue> <command:parameterValue required="false" variableLength="false">RequireS4ULogon</command:parameterValue> <command:parameterValue required="false" variableLength="false">ComputePrivileges</command:parameterValue> </command:parameterValueGroup> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <!-- Parameter: ResourceManager --> <command:parameter required="true" globbing="false" pipelineInput="false" position="0"> <maml:name>ResourceManager</maml:name> <maml:description> <maml:para>Specify the Resource Manager.</maml:para> </maml:description> <command:parameterValue required="true">AuthZResourceManager</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.Win32.Security.Authorization.AuthZResourceManager</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Token --> <command:parameter required="false" globbing="false" pipelineInput="false" position="1"> <maml:name>Token</maml:name> <maml:description> <maml:para>Specify the Token to base the Client Context.</maml:para> </maml:description> <command:parameterValue required="true">NtToken</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtToken</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Sid --> <command:parameter required="true" globbing="false" pipelineInput="false" position="named"> <maml:name>Sid</maml:name> <maml:description> <maml:para>Specify the SID to base the Client Context.</maml:para> </maml:description> <command:parameterValue required="true">Sid</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.Sid</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Flags --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Flags</maml:name> <maml:description> <maml:para>Specify the flags for the Client Context.</maml:para> <maml:para>Possible values: None, SkipTokenGroups, RequireS4ULogon, ComputePrivileges</maml:para> </maml:description> <command:parameterValue required="true">AuthZContextInitializeSidFlags</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.Win32.Security.Authorization.AuthZContextInitializeSidFlags</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">SkipTokenGroups</command:parameterValue> <command:parameterValue required="false" variableLength="false">RequireS4ULogon</command:parameterValue> <command:parameterValue required="false" variableLength="false">ComputePrivileges</command:parameterValue> </command:parameterValueGroup> </command:parameter> </command:parameters> <command:inputTypes /> <command:returnValues> <!-- OutputType: AuthZContext --> <command:returnValue> <dev:type> <maml:name>NtApiDotNet.Win32.Security.Authorization.AuthZContext</maml:name> <maml:uri /> </dev:type> </command:returnValue> </command:returnValues> <command:examples> <command:example> <maml:title>---------- EXAMPLE 1 ----------</maml:title> <dev:code>New-AuthZContext -ResourceManager $rm</dev:code> <dev:remarks> <maml:para>Create a new AuthZ Client Context from a Resource Manager using the current effective Token.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 2 ----------</maml:title> <dev:code>New-AuthZContext -ResourceManager $rm -Token $token</dev:code> <dev:remarks> <maml:para>Create a new AuthZ Client Context from a Resource Manager and Token.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 3 ----------</maml:title> <dev:code>New-AuthZContext -ResourceManager $rm -Sid $user</dev:code> <dev:remarks> <maml:para>Create a new AuthZ Client Context from a Resource Manager and user SID.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 4 ----------</maml:title> <dev:code>New-AuthZContext -ResourceManager $rm -Sid $user</dev:code> <dev:remarks> <maml:para>Create a new AuthZ Client Context from a Resource Manager and user SID.</maml:para> </dev:remarks> </command:example> </command:examples> </command:command> <!-- Cmdlet: Get-AuthZGrantedAccess --> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"> <command:details> <command:name>Get-AuthZGrantedAccess</command:name> <command:verb>Get</command:verb> <command:noun>AuthZGrantedAccess</command:noun> <maml:description> <maml:para>Gets the granted access to a security descriptor or object.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>This cmdlet allows you to determine the granted access to a particular resource through a security descriptor using the AuthZ APIs.</maml:para> </maml:description> <command:syntax> <!-- Parameter set: __AllParameterSets --> <command:syntaxItem> <maml:name>Get-AuthZGrantedAccess</maml:name> <!-- Parameter: Context --> <command:parameter required="true" globbing="false" pipelineInput="false" position="0"> <maml:name>Context</maml:name> <maml:description> <maml:para>Specify the AuthZ Client Context.</maml:para> </maml:description> <command:parameterValue required="true">AuthZContext</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.Win32.Security.Authorization.AuthZContext</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: SecurityDescriptor --> <command:parameter required="true" globbing="false" pipelineInput="false" position="1"> <maml:name>SecurityDescriptor</maml:name> <maml:description> <maml:para>Specify a security descriptor.</maml:para> </maml:description> <command:parameterValue required="true">SecurityDescriptor</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SecurityDescriptor</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Access --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Access</maml:name> <maml:description> <maml:para>Possible values: None, Access0, Access1, Access2, Access3, Access4, Access5, Access6, Access7, Access8, Access9, Access10, Access11, Access12, Access13, Access14, Access15, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, AccessSystemSecurity, MaximumAllowed, GenericAll, GenericExecute, GenericWrite, GenericRead</maml:para> </maml:description> <command:parameterValue required="true">GenericAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.GenericAccessRights</maml:name> <maml:uri /> </dev:type> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access0</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access1</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access2</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access3</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access4</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access5</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access6</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access7</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access8</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access9</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access10</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access11</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access12</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access13</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access14</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access15</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">AccessSystemSecurity</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: AdditionalSecurityDescriptor --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>AdditionalSecurityDescriptor</maml:name> <maml:description> <maml:para>Specify list of additional SDs to merge in.</maml:para> </maml:description> <command:parameterValue required="true">SecurityDescriptor[]</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SecurityDescriptor[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: ObjectType --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ObjectType</maml:name> <maml:description> <maml:para>Specify object types for access check.</maml:para> </maml:description> <command:parameterValue required="true">ObjectTypeTree</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.Utilities.Security.ObjectTypeTree</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Principal --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Principal</maml:name> <maml:description> <maml:para>Specify a principal SID to user when checking security descriptors with SELF SID.</maml:para> </maml:description> <command:parameterValue required="true">Sid</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.Sid</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: RawAccess --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>RawAccess</maml:name> <maml:description> <maml:para>Specify an access mask to check against. Overrides GenericAccess.</maml:para> </maml:description> <command:parameterValue required="true">AccessMask</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.AccessMask</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Type --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Type</maml:name> <maml:description> <maml:para>Specify the NT type for the access check.</maml:para> </maml:description> <command:parameterValue required="true">NtType</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtType</maml:name> <maml:uri /> </dev:type> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <!-- Parameter: Context --> <command:parameter required="true" globbing="false" pipelineInput="false" position="0"> <maml:name>Context</maml:name> <maml:description> <maml:para>Specify the AuthZ Client Context.</maml:para> </maml:description> <command:parameterValue required="true">AuthZContext</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.Win32.Security.Authorization.AuthZContext</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: SecurityDescriptor --> <command:parameter required="true" globbing="false" pipelineInput="false" position="1"> <maml:name>SecurityDescriptor</maml:name> <maml:description> <maml:para>Specify a security descriptor.</maml:para> </maml:description> <command:parameterValue required="true">SecurityDescriptor</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SecurityDescriptor</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: AdditionalSecurityDescriptor --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>AdditionalSecurityDescriptor</maml:name> <maml:description> <maml:para>Specify list of additional SDs to merge in.</maml:para> </maml:description> <command:parameterValue required="true">SecurityDescriptor[]</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SecurityDescriptor[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: RawAccess --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>RawAccess</maml:name> <maml:description> <maml:para>Specify an access mask to check against. Overrides GenericAccess.</maml:para> </maml:description> <command:parameterValue required="true">AccessMask</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.AccessMask</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Principal --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Principal</maml:name> <maml:description> <maml:para>Specify a principal SID to user when checking security descriptors with SELF SID.</maml:para> </maml:description> <command:parameterValue required="true">Sid</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.Sid</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: ObjectType --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ObjectType</maml:name> <maml:description> <maml:para>Specify object types for access check.</maml:para> </maml:description> <command:parameterValue required="true">ObjectTypeTree</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.Utilities.Security.ObjectTypeTree</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Type --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Type</maml:name> <maml:description> <maml:para>Specify the NT type for the access check.</maml:para> </maml:description> <command:parameterValue required="true">NtType</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtType</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Access --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Access</maml:name> <maml:description> <maml:para>Possible values: None, Access0, Access1, Access2, Access3, Access4, Access5, Access6, Access7, Access8, Access9, Access10, Access11, Access12, Access13, Access14, Access15, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, AccessSystemSecurity, MaximumAllowed, GenericAll, GenericExecute, GenericWrite, GenericRead</maml:para> </maml:description> <command:parameterValue required="true">GenericAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.GenericAccessRights</maml:name> <maml:uri /> </dev:type> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access0</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access1</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access2</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access3</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access4</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access5</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access6</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access7</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access8</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access9</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access10</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access11</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access12</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access13</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access14</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access15</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">AccessSystemSecurity</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> </command:parameterValueGroup> </command:parameter> </command:parameters> <command:inputTypes /> <command:returnValues> <!-- OutputType: AuthZAccessCheckResult --> <command:returnValue> <dev:type> <maml:name>NtApiDotNet.Win32.Security.Authorization.AuthZAccessCheckResult</maml:name> <maml:uri /> </dev:type> </command:returnValue> </command:returnValues> <command:examples> <command:example> <maml:title>---------- EXAMPLE 1 ----------</maml:title> <dev:code>Get-AuthZGrantedAccess $ctx $sd</dev:code> <dev:remarks> <maml:para>Get the maximum access for a security descriptor.</maml:para> </dev:remarks> </command:example> </command:examples> </command:command> <!-- Cmdlet: New-AuthZResourceManager --> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"> <command:details> <command:name>New-AuthZResourceManager</command:name> <command:verb>New</command:verb> <command:noun>AuthZResourceManager</command:noun> <maml:description> <maml:para>Create a new AuthZ Resource Manager..</maml:para> </maml:description> </command:details> <maml:description> <maml:para>This cmdlet creates a new AuthZ Resource Manager.</maml:para> </maml:description> <command:syntax> <!-- Parameter set: __AllParameterSets --> <command:syntaxItem> <maml:name>New-AuthZResourceManager</maml:name> <!-- Parameter: CallbackAceScriptBlock --> <command:parameter required="false" globbing="false" pipelineInput="false" position="0"> <maml:name>CallbackAceScriptBlock</maml:name> <maml:description> <maml:para>Optional script block for callback ACE handling.</maml:para> </maml:description> <command:parameterValue required="true">ScriptBlock</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.ScriptBlock</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Flags --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Flags</maml:name> <maml:description> <maml:para>Flags for initialization. Defaults to NoAudit.</maml:para> <maml:para>Possible values: None, NoAudit, InitializeUnderImpersonation, NoCentralAccessPolicies</maml:para> </maml:description> <command:parameterValue required="true">AuthZResourceManagerInitializeFlags</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.Win32.Security.Authorization.AuthZResourceManagerInitializeFlags</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>NoAudit</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">NoAudit</command:parameterValue> <command:parameterValue required="false" variableLength="false">InitializeUnderImpersonation</command:parameterValue> <command:parameterValue required="false" variableLength="false">NoCentralAccessPolicies</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: Name --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Name</maml:name> <maml:description> <maml:para>Optional name for the Resource Manager.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <!-- Parameter: Flags --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Flags</maml:name> <maml:description> <maml:para>Flags for initialization. Defaults to NoAudit.</maml:para> <maml:para>Possible values: None, NoAudit, InitializeUnderImpersonation, NoCentralAccessPolicies</maml:para> </maml:description> <command:parameterValue required="true">AuthZResourceManagerInitializeFlags</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.Win32.Security.Authorization.AuthZResourceManagerInitializeFlags</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>NoAudit</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">NoAudit</command:parameterValue> <command:parameterValue required="false" variableLength="false">InitializeUnderImpersonation</command:parameterValue> <command:parameterValue required="false" variableLength="false">NoCentralAccessPolicies</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: Name --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Name</maml:name> <maml:description> <maml:para>Optional name for the Resource Manager.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: CallbackAceScriptBlock --> <command:parameter required="false" globbing="false" pipelineInput="false" position="0"> <maml:name>CallbackAceScriptBlock</maml:name> <maml:description> <maml:para>Optional script block for callback ACE handling.</maml:para> </maml:description> <command:parameterValue required="true">ScriptBlock</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.ScriptBlock</maml:name> <maml:uri /> </dev:type> </command:parameter> </command:parameters> <command:inputTypes /> <command:returnValues> <!-- OutputType: AuthZResourceManager --> <command:returnValue> <dev:type> <maml:name>NtApiDotNet.Win32.Security.Authorization.AuthZResourceManager</maml:name> <maml:uri /> </dev:type> </command:returnValue> </command:returnValues> <command:examples> <command:example> <maml:title>---------- EXAMPLE 1 ----------</maml:title> <dev:code>New-AuthZResourceManager</dev:code> <dev:remarks> <maml:para>Create a default AuthZ Resource Manager.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 2 ----------</maml:title> <dev:code>New-AuthZResourceManager -Name "TestRM"</dev:code> <dev:remarks> <maml:para>Create a AuthZ Resource Manager with a name.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 3 ----------</maml:title> <dev:code>New-AuthZResourceManager -Flags InitializeUnderImpersonation, NoAudit</dev:code> <dev:remarks> <maml:para>Create a AuthZ Resource Manager flags.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 4 ----------</maml:title> <dev:code>New-AuthZResourceManager { $_.Type -EQ "DeniedCallback" }</dev:code> <dev:remarks> <maml:para>Create a AuthZ Resource Manager with a Callback ACE script block.</maml:para> </dev:remarks> </command:example> </command:examples> </command:command> <!-- Cmdlet: Add-AuthZSid --> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"> <command:details> <command:name>Add-AuthZSid</command:name> <command:verb>Add</command:verb> <command:noun>AuthZSid</command:noun> <maml:description> <maml:para>Adds a SID to the AuthZ context..</maml:para> </maml:description> </command:details> <maml:description> <maml:para>This cmdlet allows you to add SIDs to an AuthZ context. You can specify normal, restricted or device SIDs.</maml:para> </maml:description> <command:syntax> <!-- Parameter set: __AllParameterSets --> <command:syntaxItem> <maml:name>Add-AuthZSid</maml:name> <!-- Parameter: Context --> <command:parameter required="true" globbing="false" pipelineInput="false" position="0"> <maml:name>Context</maml:name> <maml:description> <maml:para>Specify the AuthZ Client Context.</maml:para> </maml:description> <command:parameterValue required="true">AuthZContext</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.Win32.Security.Authorization.AuthZContext</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Sid --> <command:parameter required="true" globbing="false" pipelineInput="false" position="1"> <maml:name>Sid</maml:name> <maml:description> <maml:para>Specify the Sids to Add.</maml:para> </maml:description> <command:parameterValue required="true">Sid[]</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.Sid[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: SidType --> <command:parameter required="false" globbing="false" pipelineInput="false" position="2"> <maml:name>SidType</maml:name> <maml:description> <maml:para>Specify the the type of SIDs to add.</maml:para> <maml:para>Possible values: Normal, Restricted, Device, Capability</maml:para> </maml:description> <command:parameterValue required="true">AuthZGroupSidType</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.Win32.Security.Authorization.AuthZGroupSidType</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>Normal</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">Normal</command:parameterValue> <command:parameterValue required="false" variableLength="false">Restricted</command:parameterValue> <command:parameterValue required="false" variableLength="false">Device</command:parameterValue> <command:parameterValue required="false" variableLength="false">Capability</command:parameterValue> </command:parameterValueGroup> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <!-- Parameter: Context --> <command:parameter required="true" globbing="false" pipelineInput="false" position="0"> <maml:name>Context</maml:name> <maml:description> <maml:para>Specify the AuthZ Client Context.</maml:para> </maml:description> <command:parameterValue required="true">AuthZContext</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.Win32.Security.Authorization.AuthZContext</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Sid --> <command:parameter required="true" globbing="false" pipelineInput="false" position="1"> <maml:name>Sid</maml:name> <maml:description> <maml:para>Specify the Sids to Add.</maml:para> </maml:description> <command:parameterValue required="true">Sid[]</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.Sid[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: SidType --> <command:parameter required="false" globbing="false" pipelineInput="false" position="2"> <maml:name>SidType</maml:name> <maml:description> <maml:para>Specify the the type of SIDs to add.</maml:para> <maml:para>Possible values: Normal, Restricted, Device, Capability</maml:para> </maml:description> <command:parameterValue required="true">AuthZGroupSidType</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.Win32.Security.Authorization.AuthZGroupSidType</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>Normal</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">Normal</command:parameterValue> <command:parameterValue required="false" variableLength="false">Restricted</command:parameterValue> <command:parameterValue required="false" variableLength="false">Device</command:parameterValue> <command:parameterValue required="false" variableLength="false">Capability</command:parameterValue> </command:parameterValueGroup> </command:parameter> </command:parameters> <command:inputTypes /> <command:returnValues /> <command:examples> <command:example> <maml:title>---------- EXAMPLE 1 ----------</maml:title> <dev:code>Add-AuthZSid $ctx -Sid "WD"</dev:code> <dev:remarks> <maml:para>Add the World SID to the normal groups in the context.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 2 ----------</maml:title> <dev:code>Add-AuthZSid $ctx -Sid "WD" -SidType Restricted</dev:code> <dev:remarks> <maml:para>Add the World SID to the restricted SID groups in the context.</maml:para> </dev:remarks> </command:example> </command:examples> </command:command> <!-- Cmdlet: Remove-AuthZSid --> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"> <command:details> <command:name>Remove-AuthZSid</command:name> <command:verb>Remove</command:verb> <command:noun>AuthZSid</command:noun> <maml:description> <maml:para>Removes a SID from the AuthZ context..</maml:para> </maml:description> </command:details> <maml:description> <maml:para>This cmdlet allows you to removes SIDs from an AuthZ context. You can specify normal, restricted or device SIDs.</maml:para> </maml:description> <command:syntax> <!-- Parameter set: __AllParameterSets --> <command:syntaxItem> <maml:name>Remove-AuthZSid</maml:name> <!-- Parameter: Context --> <command:parameter required="true" globbing="false" pipelineInput="false" position="0"> <maml:name>Context</maml:name> <maml:description> <maml:para>Specify the AuthZ Client Context.</maml:para> </maml:description> <command:parameterValue required="true">AuthZContext</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.Win32.Security.Authorization.AuthZContext</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Sid --> <command:parameter required="true" globbing="false" pipelineInput="false" position="1"> <maml:name>Sid</maml:name> <maml:description> <maml:para>Specify the Sids to Remove.</maml:para> </maml:description> <command:parameterValue required="true">Sid[]</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.Sid[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: SidType --> <command:parameter required="false" globbing="false" pipelineInput="false" position="2"> <maml:name>SidType</maml:name> <maml:description> <maml:para>Specify the the type of SIDs to remove.</maml:para> <maml:para>Possible values: Normal, Restricted, Device, Capability</maml:para> </maml:description> <command:parameterValue required="true">AuthZGroupSidType</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.Win32.Security.Authorization.AuthZGroupSidType</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>Normal</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">Normal</command:parameterValue> <command:parameterValue required="false" variableLength="false">Restricted</command:parameterValue> <command:parameterValue required="false" variableLength="false">Device</command:parameterValue> <command:parameterValue required="false" variableLength="false">Capability</command:parameterValue> </command:parameterValueGroup> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <!-- Parameter: Context --> <command:parameter required="true" globbing="false" pipelineInput="false" position="0"> <maml:name>Context</maml:name> <maml:description> <maml:para>Specify the AuthZ Client Context.</maml:para> </maml:description> <command:parameterValue required="true">AuthZContext</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.Win32.Security.Authorization.AuthZContext</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Sid --> <command:parameter required="true" globbing="false" pipelineInput="false" position="1"> <maml:name>Sid</maml:name> <maml:description> <maml:para>Specify the Sids to Remove.</maml:para> </maml:description> <command:parameterValue required="true">Sid[]</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.Sid[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: SidType --> <command:parameter required="false" globbing="false" pipelineInput="false" position="2"> <maml:name>SidType</maml:name> <maml:description> <maml:para>Specify the the type of SIDs to remove.</maml:para> <maml:para>Possible values: Normal, Restricted, Device, Capability</maml:para> </maml:description> <command:parameterValue required="true">AuthZGroupSidType</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.Win32.Security.Authorization.AuthZGroupSidType</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>Normal</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">Normal</command:parameterValue> <command:parameterValue required="false" variableLength="false">Restricted</command:parameterValue> <command:parameterValue required="false" variableLength="false">Device</command:parameterValue> <command:parameterValue required="false" variableLength="false">Capability</command:parameterValue> </command:parameterValueGroup> </command:parameter> </command:parameters> <command:inputTypes /> <command:returnValues /> <command:examples> <command:example> <maml:title>---------- EXAMPLE 1 ----------</maml:title> <dev:code>Remove-AuthZSid $ctx -Sid "WD"</dev:code> <dev:remarks> <maml:para>Removes the World SID from the normal groups in the context.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 2 ----------</maml:title> <dev:code>Remove-AuthZSid $ctx -Sid "WD" -SidType Restricted</dev:code> <dev:remarks> <maml:para>Removes the World SID from the restricted SID groups in the context.</maml:para> </dev:remarks> </command:example> </command:examples> </command:command> <!-- Cmdlet: Add-DosDevice --> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"> <command:details> <command:name>Add-DosDevice</command:name> <command:verb>Add</command:verb> <command:noun>DosDevice</command:noun> <maml:description> <maml:para>Create a DOS device symlink.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>This cmdlet creates or redefines a DOS device symlink. This symlink will be permanent, until it's deleted rather than requiring a handle to be maintained.</maml:para> </maml:description> <command:syntax> <!-- Parameter set: __AllParameterSets --> <command:syntaxItem> <maml:name>Add-DosDevice</maml:name> <!-- Parameter: DeviceName --> <command:parameter required="true" globbing="false" pipelineInput="false" position="0"> <maml:name>DeviceName</maml:name> <maml:description> <maml:para>The device name to create. If this string starts with a \ then the symlink will be created relative to the root of the object manager.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: TargetPath --> <command:parameter required="true" globbing="false" pipelineInput="false" position="1"> <maml:name>TargetPath</maml:name> <maml:description> <maml:para>Specify the target path. This should be a DOS path, unless RawTargetPath is set then it can be arbitrary object manager path.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: NoBroadcastSystem --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>NoBroadcastSystem</maml:name> <maml:description> <maml:para>Don't broadcast the change to the desktop using WM_SETTINGCHANGE.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: RawTargetPath --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>RawTargetPath</maml:name> <maml:description> <maml:para>Specify the TargetPath as a raw object manager path.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <!-- Parameter: DeviceName --> <command:parameter required="true" globbing="false" pipelineInput="false" position="0"> <maml:name>DeviceName</maml:name> <maml:description> <maml:para>The device name to create. If this string starts with a \ then the symlink will be created relative to the root of the object manager.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: TargetPath --> <command:parameter required="true" globbing="false" pipelineInput="false" position="1"> <maml:name>TargetPath</maml:name> <maml:description> <maml:para>Specify the target path. This should be a DOS path, unless RawTargetPath is set then it can be arbitrary object manager path.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: NoBroadcastSystem --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>NoBroadcastSystem</maml:name> <maml:description> <maml:para>Don't broadcast the change to the desktop using WM_SETTINGCHANGE.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: RawTargetPath --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>RawTargetPath</maml:name> <maml:description> <maml:para>Specify the TargetPath as a raw object manager path.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes /> <command:returnValues /> <command:examples> <command:example> <maml:title>---------- EXAMPLE 1 ----------</maml:title> <dev:code>Add-DosDevice Z: C:\Windows</dev:code> <dev:remarks> <maml:para>Define a Z: drive which points to C:\Windows.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 2 ----------</maml:title> <dev:code>Add-DosDevice Z: \Device\HarddiskVolume1\windows -RawTargetPath</dev:code> <dev:remarks> <maml:para>Define a Z: drive which points to Windows using a raw target path.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 3 ----------</maml:title> <dev:code>Add-DosDevice "\RPC Control\ABC" c:\Windows</dev:code> <dev:remarks> <maml:para>Define the symlink '\RPC Control\ABC' drive which points to c:\Windows.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 4 ----------</maml:title> <dev:code>Add-DosDevice Z: C:\Windows -NoBroadcastSystem</dev:code> <dev:remarks> <maml:para>Define a Z: drive which points to C:\Windows but don't broadcast the changes to applications on the desktop.</maml:para> </dev:remarks> </command:example> </command:examples> </command:command> <!-- Cmdlet: Remove-DosDevice --> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"> <command:details> <command:name>Remove-DosDevice</command:name> <command:verb>Remove</command:verb> <command:noun>DosDevice</command:noun> <maml:description> <maml:para>Remove a DOS device symlink.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>This cmdlet removes a DOS device symlink.</maml:para> </maml:description> <command:syntax> <!-- Parameter set: __AllParameterSets --> <command:syntaxItem> <maml:name>Remove-DosDevice</maml:name> <!-- Parameter: DeviceName --> <command:parameter required="true" globbing="false" pipelineInput="false" position="0"> <maml:name>DeviceName</maml:name> <maml:description> <maml:para>The device name to create. If this string starts with a \ then the symlink will be created relative to the root of the object manager.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: ExactMatchTargetPath --> <command:parameter required="false" globbing="false" pipelineInput="false" position="1"> <maml:name>ExactMatchTargetPath</maml:name> <maml:description> <maml:para>Specify an exact target path to remove. If the symlink doesn't match this target then it will not be removed.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: NoBroadcastSystem --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>NoBroadcastSystem</maml:name> <maml:description> <maml:para>Don't broadcast the change to the desktop using WM_SETTINGCHANGE.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: RawTargetPath --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>RawTargetPath</maml:name> <maml:description> <maml:para>Specify the TargetPath as a raw object manager path.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <!-- Parameter: DeviceName --> <command:parameter required="true" globbing="false" pipelineInput="false" position="0"> <maml:name>DeviceName</maml:name> <maml:description> <maml:para>The device name to create. If this string starts with a \ then the symlink will be created relative to the root of the object manager.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: ExactMatchTargetPath --> <command:parameter required="false" globbing="false" pipelineInput="false" position="1"> <maml:name>ExactMatchTargetPath</maml:name> <maml:description> <maml:para>Specify an exact target path to remove. If the symlink doesn't match this target then it will not be removed.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: NoBroadcastSystem --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>NoBroadcastSystem</maml:name> <maml:description> <maml:para>Don't broadcast the change to the desktop using WM_SETTINGCHANGE.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: RawTargetPath --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>RawTargetPath</maml:name> <maml:description> <maml:para>Specify the TargetPath as a raw object manager path.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes /> <command:returnValues /> <command:examples> <command:example> <maml:title>---------- EXAMPLE 1 ----------</maml:title> <dev:code>Remove-DosDevice Z:</dev:code> <dev:remarks> <maml:para>Remove the Z: drive.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 2 ----------</maml:title> <dev:code>Remove-DosDevice Z: \Device\HarddiskVolume1\windows -RawTargetPath</dev:code> <dev:remarks> <maml:para>Remove the Z: drive, which must point to \Device\HarddiskVolume1\Windows.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 3 ----------</maml:title> <dev:code>Remove-DosDevice Z: c:\windows</dev:code> <dev:remarks> <maml:para>Remove the Z: drive, which must point to c:\Windows.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 4 ----------</maml:title> <dev:code>Remove-DosDevice "\RPC Control\ABC"</dev:code> <dev:remarks> <maml:para>Remove '\RPC Control\ABC' symlink.</maml:para> </dev:remarks> </command:example> </command:examples> </command:command> <!-- Cmdlet: Test-NetworkAccess --> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"> <command:details> <command:name>Test-NetworkAccess</command:name> <command:verb>Test</command:verb> <command:noun>NetworkAccess</command:noun> <maml:description> <maml:para>Test whether network access is allowed based on a specific token.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>This cmdlet tests network access for a particular token. This can either be network client access or network server access.</maml:para> </maml:description> <command:syntax> <!-- Parameter set: ForListen --> <command:syntaxItem> <maml:name>Test-NetworkAccess</maml:name> <!-- Parameter: Port --> <command:parameter required="true" globbing="false" pipelineInput="false" position="0"> <maml:name>Port</maml:name> <maml:description> <maml:para>Specify to the host for connecting or listening.</maml:para> </maml:description> <command:parameterValue required="true">int</command:parameterValue> <dev:type> <maml:name>System.Int32</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>0</dev:defaultValue> </command:parameter> <!-- Parameter: Listen --> <command:parameter required="true" globbing="false" pipelineInput="false" position="named"> <maml:name>Listen</maml:name> <maml:description> <maml:para>Specify to test listening on a port.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: HostName --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>HostName</maml:name> <maml:description> <maml:para>Specify to the host for connecting or listening.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: IPv6 --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>IPv6</maml:name> <maml:description> <maml:para>Specify to use IPv6 instead of IPv4.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: Process --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Process</maml:name> <maml:description> <maml:para>Specify a process to get the token from.</maml:para> </maml:description> <command:parameterValue required="true">NtProcess</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtProcess</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: ProcessId --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ProcessId</maml:name> <maml:description> <maml:para>Specify a process ID to get the token from.</maml:para> </maml:description> <command:parameterValue required="true">int</command:parameterValue> <dev:type> <maml:name>System.Int32</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>0</dev:defaultValue> </command:parameter> <!-- Parameter: Token --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Token</maml:name> <maml:description> <maml:para>Specify the token to use for the test.</maml:para> </maml:description> <command:parameterValue required="true">NtToken</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtToken</maml:name> <maml:uri /> </dev:type> </command:parameter> </command:syntaxItem> <!-- Parameter set: ForConnect --> <command:syntaxItem> <maml:name>Test-NetworkAccess</maml:name> <!-- Parameter: HostName --> <command:parameter required="true" globbing="false" pipelineInput="false" position="0"> <maml:name>HostName</maml:name> <maml:description> <maml:para>Specify to the host for connecting or listening.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Port --> <command:parameter required="true" globbing="false" pipelineInput="false" position="1"> <maml:name>Port</maml:name> <maml:description> <maml:para>Specify to the host for connecting or listening.</maml:para> </maml:description> <command:parameterValue required="true">int</command:parameterValue> <dev:type> <maml:name>System.Int32</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>0</dev:defaultValue> </command:parameter> <!-- Parameter: IPv6 --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>IPv6</maml:name> <maml:description> <maml:para>Specify to use IPv6 instead of IPv4.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: Process --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Process</maml:name> <maml:description> <maml:para>Specify a process to get the token from.</maml:para> </maml:description> <command:parameterValue required="true">NtProcess</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtProcess</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: ProcessId --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ProcessId</maml:name> <maml:description> <maml:para>Specify a process ID to get the token from.</maml:para> </maml:description> <command:parameterValue required="true">int</command:parameterValue> <dev:type> <maml:name>System.Int32</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>0</dev:defaultValue> </command:parameter> <!-- Parameter: Token --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Token</maml:name> <maml:description> <maml:para>Specify the token to use for the test.</maml:para> </maml:description> <command:parameterValue required="true">NtToken</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtToken</maml:name> <maml:uri /> </dev:type> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <!-- Parameter: Listen --> <command:parameter required="true" globbing="false" pipelineInput="false" position="named"> <maml:name>Listen</maml:name> <maml:description> <maml:para>Specify to test listening on a port.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: HostName --> <command:parameter required="true" globbing="false" pipelineInput="false" position="0"> <maml:name>HostName</maml:name> <maml:description> <maml:para>Specify to the host for connecting or listening.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Port --> <command:parameter required="true" globbing="false" pipelineInput="false" position="1"> <maml:name>Port</maml:name> <maml:description> <maml:para>Specify to the host for connecting or listening.</maml:para> </maml:description> <command:parameterValue required="true">int</command:parameterValue> <dev:type> <maml:name>System.Int32</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>0</dev:defaultValue> </command:parameter> <!-- Parameter: Process --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Process</maml:name> <maml:description> <maml:para>Specify a process to get the token from.</maml:para> </maml:description> <command:parameterValue required="true">NtProcess</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtProcess</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: ProcessId --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ProcessId</maml:name> <maml:description> <maml:para>Specify a process ID to get the token from.</maml:para> </maml:description> <command:parameterValue required="true">int</command:parameterValue> <dev:type> <maml:name>System.Int32</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>0</dev:defaultValue> </command:parameter> <!-- Parameter: Token --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Token</maml:name> <maml:description> <maml:para>Specify the token to use for the test.</maml:para> </maml:description> <command:parameterValue required="true">NtToken</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtToken</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: IPv6 --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>IPv6</maml:name> <maml:description> <maml:para>Specify to use IPv6 instead of IPv4.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes /> <command:returnValues /> <command:examples> <command:example> <maml:title>---------- EXAMPLE 1 ----------</maml:title> <dev:code>Test-NetworkAccess -HostName www.google.com -Port 80</dev:code> <dev:remarks> <maml:para>Test network access for the current user to www.google.com:80.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 2 ----------</maml:title> <dev:code>Test-NetworkAccess -Listen 1234</dev:code> <dev:remarks> <maml:para>Test network access for the current user by listening on port 1234.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 3 ----------</maml:title> <dev:code>Test-NetworkAccess -HostName www.google.com -Port 80 -ProcessId 1234</dev:code> <dev:remarks> <maml:para>Test network access for the process 1234 to www.google.com:80.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 4 ----------</maml:title> <dev:code>Test-NetworkAccess -HostName www.google.com -Port 80 -Token $token</dev:code> <dev:remarks> <maml:para>Test network access for a specified token to www.google.com:80.</maml:para> </dev:remarks> </command:example> </command:examples> </command:command> <!-- Cmdlet: Get-NtAccessMask --> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"> <command:details> <command:name>Get-NtAccessMask</command:name> <command:verb>Get</command:verb> <command:noun>NtAccessMask</command:noun> <maml:description> <maml:para>Convert a specific object access to an AccessMask or GenericAccess.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>This cmdlet allows you to convert a specific object access to an AccessMask or GenericAccess for use in general functions.</maml:para> </maml:description> <command:syntax> <!-- Parameter set: FromMask --> <command:syntaxItem> <maml:name>Get-NtAccessMask</maml:name> <!-- Parameter: AccessMask --> <command:parameter required="true" globbing="false" pipelineInput="false" position="0"> <maml:name>AccessMask</maml:name> <maml:description> <maml:para>Specify a raw access mask.</maml:para> </maml:description> <command:parameterValue required="true">AccessMask</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.AccessMask</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>00000000</dev:defaultValue> </command:parameter> <!-- Parameter: AsGenericAccess --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ToGenericAccess"> <maml:name>AsGenericAccess</maml:name> <maml:description> <maml:para>Return access as GenericAccess.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: AsMandatoryLabelPolicy --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ToMandatoryLabelPolicy"> <maml:name>AsMandatoryLabelPolicy</maml:name> <maml:description> <maml:para>Return access as ManadatoryLabelPolicy.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: AsSDKString --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>AsSDKString</maml:name> <maml:description> <maml:para>Specify to output the access mask a string, using SDK names if available.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: AsSpecificAccess --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ToSpecificAccess"> <maml:name>AsSpecificAccess</maml:name> <maml:description> <maml:para>Return access as specific access type based on the type enumeration.</maml:para> <maml:para>Possible values: None, ALPCPort, DebugObject, Desktop, Directory, Event, File, Device, IoCompletion, Job, Key, Mutant, Partition, Process, RegistryTransaction, Section, Semaphore, Session, SymbolicLink, Thread, Token, TmTx, WindowStation, TmRm, TmEn, TmTm, Transaction, ResourceManager, Enlistment, TransactionManager, Service, SCM, DirectoryService, Audit</maml:para> </maml:description> <command:parameterValue required="true">SpecificAccessType</command:parameterValue> <dev:type> <maml:name>NtObjectManager.Cmdlets.Object.SpecificAccessType</maml:name> <maml:uri /> <maml:description> <maml:para>Enumeration for specific access type mapping.</maml:para> </maml:description> </dev:type> <dev:defaultValue>None</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">ALPCPort</command:parameterValue> <command:parameterValue required="false" variableLength="false">DebugObject</command:parameterValue> <command:parameterValue required="false" variableLength="false">Desktop</command:parameterValue> <command:parameterValue required="false" variableLength="false">Directory</command:parameterValue> <command:parameterValue required="false" variableLength="false">Event</command:parameterValue> <command:parameterValue required="false" variableLength="false">File</command:parameterValue> <command:parameterValue required="false" variableLength="false">Device</command:parameterValue> <command:parameterValue required="false" variableLength="false">IoCompletion</command:parameterValue> <command:parameterValue required="false" variableLength="false">Job</command:parameterValue> <command:parameterValue required="false" variableLength="false">Key</command:parameterValue> <command:parameterValue required="false" variableLength="false">Mutant</command:parameterValue> <command:parameterValue required="false" variableLength="false">Partition</command:parameterValue> <command:parameterValue required="false" variableLength="false">Process</command:parameterValue> <command:parameterValue required="false" variableLength="false">RegistryTransaction</command:parameterValue> <command:parameterValue required="false" variableLength="false">Section</command:parameterValue> <command:parameterValue required="false" variableLength="false">Semaphore</command:parameterValue> <command:parameterValue required="false" variableLength="false">Session</command:parameterValue> <command:parameterValue required="false" variableLength="false">SymbolicLink</command:parameterValue> <command:parameterValue required="false" variableLength="false">Thread</command:parameterValue> <command:parameterValue required="false" variableLength="false">Token</command:parameterValue> <command:parameterValue required="false" variableLength="false">TmTx</command:parameterValue> <command:parameterValue required="false" variableLength="false">WindowStation</command:parameterValue> <command:parameterValue required="false" variableLength="false">TmRm</command:parameterValue> <command:parameterValue required="false" variableLength="false">TmEn</command:parameterValue> <command:parameterValue required="false" variableLength="false">TmTm</command:parameterValue> <command:parameterValue required="false" variableLength="false">Transaction</command:parameterValue> <command:parameterValue required="false" variableLength="false">ResourceManager</command:parameterValue> <command:parameterValue required="false" variableLength="false">Enlistment</command:parameterValue> <command:parameterValue required="false" variableLength="false">TransactionManager</command:parameterValue> <command:parameterValue required="false" variableLength="false">Service</command:parameterValue> <command:parameterValue required="false" variableLength="false">SCM</command:parameterValue> <command:parameterValue required="false" variableLength="false">DirectoryService</command:parameterValue> <command:parameterValue required="false" variableLength="false">Audit</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: AsString --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>AsString</maml:name> <maml:description> <maml:para>Specify to output the access mask a string.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: AsTypeAccess --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ToTypeAccess"> <maml:name>AsTypeAccess</maml:name> <maml:description> <maml:para>Return access as specific access type based on the NtType object.</maml:para> </maml:description> <command:parameterValue required="true">NtType</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtType</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: GenericMapping --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>GenericMapping</maml:name> <maml:description> <maml:para>When specifying a Mandatory Label Policy specify GenericMapping to get the mandatory access.</maml:para> </maml:description> <command:parameterValue required="true">GenericMapping</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.GenericMapping</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: MapGenericRights --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>MapGenericRights</maml:name> <maml:description> <maml:para>Specify that any generic rights should be mapped to type specific rights.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> </command:syntaxItem> <!-- Parameter set: FromFile --> <command:syntaxItem> <maml:name>Get-NtAccessMask</maml:name> <!-- Parameter: FileAccess --> <command:parameter required="true" globbing="false" pipelineInput="false" position="named"> <maml:name>FileAccess</maml:name> <maml:description> <maml:para>Specify File access rights.</maml:para> <maml:para>Possible values: None, ReadData, WriteData, AppendData, ReadEa, WriteEa, Execute, DeleteChild, ReadAttributes, WriteAttributes, GenericRead, GenericWrite, GenericExecute, GenericAll, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, MaximumAllowed, AccessSystemSecurity</maml:para> </maml:description> <command:parameterValue required="true">FileAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.FileAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadData</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteData</command:parameterValue> <command:parameterValue required="false" variableLength="false">AppendData</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadEa</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteEa</command:parameterValue> <command:parameterValue required="false" variableLength="false">Execute</command:parameterValue> <command:parameterValue required="false" variableLength="false">DeleteChild</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadAttributes</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteAttributes</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> <command:parameterValue required="false" variableLength="false">AccessSystemSecurity</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: AsGenericAccess --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ToGenericAccess"> <maml:name>AsGenericAccess</maml:name> <maml:description> <maml:para>Return access as GenericAccess.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: AsMandatoryLabelPolicy --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ToMandatoryLabelPolicy"> <maml:name>AsMandatoryLabelPolicy</maml:name> <maml:description> <maml:para>Return access as ManadatoryLabelPolicy.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: AsSDKString --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>AsSDKString</maml:name> <maml:description> <maml:para>Specify to output the access mask a string, using SDK names if available.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: AsSpecificAccess --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ToSpecificAccess"> <maml:name>AsSpecificAccess</maml:name> <maml:description> <maml:para>Return access as specific access type based on the type enumeration.</maml:para> <maml:para>Possible values: None, ALPCPort, DebugObject, Desktop, Directory, Event, File, Device, IoCompletion, Job, Key, Mutant, Partition, Process, RegistryTransaction, Section, Semaphore, Session, SymbolicLink, Thread, Token, TmTx, WindowStation, TmRm, TmEn, TmTm, Transaction, ResourceManager, Enlistment, TransactionManager, Service, SCM, DirectoryService, Audit</maml:para> </maml:description> <command:parameterValue required="true">SpecificAccessType</command:parameterValue> <dev:type> <maml:name>NtObjectManager.Cmdlets.Object.SpecificAccessType</maml:name> <maml:uri /> <maml:description> <maml:para>Enumeration for specific access type mapping.</maml:para> </maml:description> </dev:type> <dev:defaultValue>None</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">ALPCPort</command:parameterValue> <command:parameterValue required="false" variableLength="false">DebugObject</command:parameterValue> <command:parameterValue required="false" variableLength="false">Desktop</command:parameterValue> <command:parameterValue required="false" variableLength="false">Directory</command:parameterValue> <command:parameterValue required="false" variableLength="false">Event</command:parameterValue> <command:parameterValue required="false" variableLength="false">File</command:parameterValue> <command:parameterValue required="false" variableLength="false">Device</command:parameterValue> <command:parameterValue required="false" variableLength="false">IoCompletion</command:parameterValue> <command:parameterValue required="false" variableLength="false">Job</command:parameterValue> <command:parameterValue required="false" variableLength="false">Key</command:parameterValue> <command:parameterValue required="false" variableLength="false">Mutant</command:parameterValue> <command:parameterValue required="false" variableLength="false">Partition</command:parameterValue> <command:parameterValue required="false" variableLength="false">Process</command:parameterValue> <command:parameterValue required="false" variableLength="false">RegistryTransaction</command:parameterValue> <command:parameterValue required="false" variableLength="false">Section</command:parameterValue> <command:parameterValue required="false" variableLength="false">Semaphore</command:parameterValue> <command:parameterValue required="false" variableLength="false">Session</command:parameterValue> <command:parameterValue required="false" variableLength="false">SymbolicLink</command:parameterValue> <command:parameterValue required="false" variableLength="false">Thread</command:parameterValue> <command:parameterValue required="false" variableLength="false">Token</command:parameterValue> <command:parameterValue required="false" variableLength="false">TmTx</command:parameterValue> <command:parameterValue required="false" variableLength="false">WindowStation</command:parameterValue> <command:parameterValue required="false" variableLength="false">TmRm</command:parameterValue> <command:parameterValue required="false" variableLength="false">TmEn</command:parameterValue> <command:parameterValue required="false" variableLength="false">TmTm</command:parameterValue> <command:parameterValue required="false" variableLength="false">Transaction</command:parameterValue> <command:parameterValue required="false" variableLength="false">ResourceManager</command:parameterValue> <command:parameterValue required="false" variableLength="false">Enlistment</command:parameterValue> <command:parameterValue required="false" variableLength="false">TransactionManager</command:parameterValue> <command:parameterValue required="false" variableLength="false">Service</command:parameterValue> <command:parameterValue required="false" variableLength="false">SCM</command:parameterValue> <command:parameterValue required="false" variableLength="false">DirectoryService</command:parameterValue> <command:parameterValue required="false" variableLength="false">Audit</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: AsString --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>AsString</maml:name> <maml:description> <maml:para>Specify to output the access mask a string.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: AsTypeAccess --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ToTypeAccess"> <maml:name>AsTypeAccess</maml:name> <maml:description> <maml:para>Return access as specific access type based on the NtType object.</maml:para> </maml:description> <command:parameterValue required="true">NtType</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtType</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: GenericMapping --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>GenericMapping</maml:name> <maml:description> <maml:para>When specifying a Mandatory Label Policy specify GenericMapping to get the mandatory access.</maml:para> </maml:description> <command:parameterValue required="true">GenericMapping</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.GenericMapping</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: MapGenericRights --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>MapGenericRights</maml:name> <maml:description> <maml:para>Specify that any generic rights should be mapped to type specific rights.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> </command:syntaxItem> <!-- Parameter set: FromFileDir --> <command:syntaxItem> <maml:name>Get-NtAccessMask</maml:name> <!-- Parameter: FileDirectoryAccess --> <command:parameter required="true" globbing="false" pipelineInput="false" position="named"> <maml:name>FileDirectoryAccess</maml:name> <maml:description> <maml:para>Specify File Directory access rights.</maml:para> <maml:para>Possible values: None, ListDirectory, AddFile, AddSubDirectory, ReadEa, WriteEa, Traverse, DeleteChild, ReadAttributes, WriteAttributes, GenericRead, GenericWrite, GenericExecute, GenericAll, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, MaximumAllowed, AccessSystemSecurity</maml:para> </maml:description> <command:parameterValue required="true">FileDirectoryAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.FileDirectoryAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">ListDirectory</command:parameterValue> <command:parameterValue required="false" variableLength="false">AddFile</command:parameterValue> <command:parameterValue required="false" variableLength="false">AddSubDirectory</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadEa</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteEa</command:parameterValue> <command:parameterValue required="false" variableLength="false">Traverse</command:parameterValue> <command:parameterValue required="false" variableLength="false">DeleteChild</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadAttributes</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteAttributes</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> <command:parameterValue required="false" variableLength="false">AccessSystemSecurity</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: AsGenericAccess --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ToGenericAccess"> <maml:name>AsGenericAccess</maml:name> <maml:description> <maml:para>Return access as GenericAccess.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: AsMandatoryLabelPolicy --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ToMandatoryLabelPolicy"> <maml:name>AsMandatoryLabelPolicy</maml:name> <maml:description> <maml:para>Return access as ManadatoryLabelPolicy.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: AsSDKString --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>AsSDKString</maml:name> <maml:description> <maml:para>Specify to output the access mask a string, using SDK names if available.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: AsSpecificAccess --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ToSpecificAccess"> <maml:name>AsSpecificAccess</maml:name> <maml:description> <maml:para>Return access as specific access type based on the type enumeration.</maml:para> <maml:para>Possible values: None, ALPCPort, DebugObject, Desktop, Directory, Event, File, Device, IoCompletion, Job, Key, Mutant, Partition, Process, RegistryTransaction, Section, Semaphore, Session, SymbolicLink, Thread, Token, TmTx, WindowStation, TmRm, TmEn, TmTm, Transaction, ResourceManager, Enlistment, TransactionManager, Service, SCM, DirectoryService, Audit</maml:para> </maml:description> <command:parameterValue required="true">SpecificAccessType</command:parameterValue> <dev:type> <maml:name>NtObjectManager.Cmdlets.Object.SpecificAccessType</maml:name> <maml:uri /> <maml:description> <maml:para>Enumeration for specific access type mapping.</maml:para> </maml:description> </dev:type> <dev:defaultValue>None</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">ALPCPort</command:parameterValue> <command:parameterValue required="false" variableLength="false">DebugObject</command:parameterValue> <command:parameterValue required="false" variableLength="false">Desktop</command:parameterValue> <command:parameterValue required="false" variableLength="false">Directory</command:parameterValue> <command:parameterValue required="false" variableLength="false">Event</command:parameterValue> <command:parameterValue required="false" variableLength="false">File</command:parameterValue> <command:parameterValue required="false" variableLength="false">Device</command:parameterValue> <command:parameterValue required="false" variableLength="false">IoCompletion</command:parameterValue> <command:parameterValue required="false" variableLength="false">Job</command:parameterValue> <command:parameterValue required="false" variableLength="false">Key</command:parameterValue> <command:parameterValue required="false" variableLength="false">Mutant</command:parameterValue> <command:parameterValue required="false" variableLength="false">Partition</command:parameterValue> <command:parameterValue required="false" variableLength="false">Process</command:parameterValue> <command:parameterValue required="false" variableLength="false">RegistryTransaction</command:parameterValue> <command:parameterValue required="false" variableLength="false">Section</command:parameterValue> <command:parameterValue required="false" variableLength="false">Semaphore</command:parameterValue> <command:parameterValue required="false" variableLength="false">Session</command:parameterValue> <command:parameterValue required="false" variableLength="false">SymbolicLink</command:parameterValue> <command:parameterValue required="false" variableLength="false">Thread</command:parameterValue> <command:parameterValue required="false" variableLength="false">Token</command:parameterValue> <command:parameterValue required="false" variableLength="false">TmTx</command:parameterValue> <command:parameterValue required="false" variableLength="false">WindowStation</command:parameterValue> <command:parameterValue required="false" variableLength="false">TmRm</command:parameterValue> <command:parameterValue required="false" variableLength="false">TmEn</command:parameterValue> <command:parameterValue required="false" variableLength="false">TmTm</command:parameterValue> <command:parameterValue required="false" variableLength="false">Transaction</command:parameterValue> <command:parameterValue required="false" variableLength="false">ResourceManager</command:parameterValue> <command:parameterValue required="false" variableLength="false">Enlistment</command:parameterValue> <command:parameterValue required="false" variableLength="false">TransactionManager</command:parameterValue> <command:parameterValue required="false" variableLength="false">Service</command:parameterValue> <command:parameterValue required="false" variableLength="false">SCM</command:parameterValue> <command:parameterValue required="false" variableLength="false">DirectoryService</command:parameterValue> <command:parameterValue required="false" variableLength="false">Audit</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: AsString --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>AsString</maml:name> <maml:description> <maml:para>Specify to output the access mask a string.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: AsTypeAccess --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ToTypeAccess"> <maml:name>AsTypeAccess</maml:name> <maml:description> <maml:para>Return access as specific access type based on the NtType object.</maml:para> </maml:description> <command:parameterValue required="true">NtType</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtType</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: GenericMapping --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>GenericMapping</maml:name> <maml:description> <maml:para>When specifying a Mandatory Label Policy specify GenericMapping to get the mandatory access.</maml:para> </maml:description> <command:parameterValue required="true">GenericMapping</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.GenericMapping</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: MapGenericRights --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>MapGenericRights</maml:name> <maml:description> <maml:para>Specify that any generic rights should be mapped to type specific rights.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> </command:syntaxItem> <!-- Parameter set: FromIoCompletion --> <command:syntaxItem> <maml:name>Get-NtAccessMask</maml:name> <!-- Parameter: IoCompletionAccess --> <command:parameter required="true" globbing="false" pipelineInput="false" position="named"> <maml:name>IoCompletionAccess</maml:name> <maml:description> <maml:para>Specify IO Completion access rights.</maml:para> <maml:para>Possible values: QueryState, SetCompletion, GenericRead, GenericWrite, GenericExecute, GenericAll, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, MaximumAllowed, AccessSystemSecurity</maml:para> </maml:description> <command:parameterValue required="true">IoCompletionAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.IoCompletionAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>0</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">QueryState</command:parameterValue> <command:parameterValue required="false" variableLength="false">SetCompletion</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> <command:parameterValue required="false" variableLength="false">AccessSystemSecurity</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: AsGenericAccess --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ToGenericAccess"> <maml:name>AsGenericAccess</maml:name> <maml:description> <maml:para>Return access as GenericAccess.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: AsMandatoryLabelPolicy --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ToMandatoryLabelPolicy"> <maml:name>AsMandatoryLabelPolicy</maml:name> <maml:description> <maml:para>Return access as ManadatoryLabelPolicy.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: AsSDKString --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>AsSDKString</maml:name> <maml:description> <maml:para>Specify to output the access mask a string, using SDK names if available.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: AsSpecificAccess --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ToSpecificAccess"> <maml:name>AsSpecificAccess</maml:name> <maml:description> <maml:para>Return access as specific access type based on the type enumeration.</maml:para> <maml:para>Possible values: None, ALPCPort, DebugObject, Desktop, Directory, Event, File, Device, IoCompletion, Job, Key, Mutant, Partition, Process, RegistryTransaction, Section, Semaphore, Session, SymbolicLink, Thread, Token, TmTx, WindowStation, TmRm, TmEn, TmTm, Transaction, ResourceManager, Enlistment, TransactionManager, Service, SCM, DirectoryService, Audit</maml:para> </maml:description> <command:parameterValue required="true">SpecificAccessType</command:parameterValue> <dev:type> <maml:name>NtObjectManager.Cmdlets.Object.SpecificAccessType</maml:name> <maml:uri /> <maml:description> <maml:para>Enumeration for specific access type mapping.</maml:para> </maml:description> </dev:type> <dev:defaultValue>None</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">ALPCPort</command:parameterValue> <command:parameterValue required="false" variableLength="false">DebugObject</command:parameterValue> <command:parameterValue required="false" variableLength="false">Desktop</command:parameterValue> <command:parameterValue required="false" variableLength="false">Directory</command:parameterValue> <command:parameterValue required="false" variableLength="false">Event</command:parameterValue> <command:parameterValue required="false" variableLength="false">File</command:parameterValue> <command:parameterValue required="false" variableLength="false">Device</command:parameterValue> <command:parameterValue required="false" variableLength="false">IoCompletion</command:parameterValue> <command:parameterValue required="false" variableLength="false">Job</command:parameterValue> <command:parameterValue required="false" variableLength="false">Key</command:parameterValue> <command:parameterValue required="false" variableLength="false">Mutant</command:parameterValue> <command:parameterValue required="false" variableLength="false">Partition</command:parameterValue> <command:parameterValue required="false" variableLength="false">Process</command:parameterValue> <command:parameterValue required="false" variableLength="false">RegistryTransaction</command:parameterValue> <command:parameterValue required="false" variableLength="false">Section</command:parameterValue> <command:parameterValue required="false" variableLength="false">Semaphore</command:parameterValue> <command:parameterValue required="false" variableLength="false">Session</command:parameterValue> <command:parameterValue required="false" variableLength="false">SymbolicLink</command:parameterValue> <command:parameterValue required="false" variableLength="false">Thread</command:parameterValue> <command:parameterValue required="false" variableLength="false">Token</command:parameterValue> <command:parameterValue required="false" variableLength="false">TmTx</command:parameterValue> <command:parameterValue required="false" variableLength="false">WindowStation</command:parameterValue> <command:parameterValue required="false" variableLength="false">TmRm</command:parameterValue> <command:parameterValue required="false" variableLength="false">TmEn</command:parameterValue> <command:parameterValue required="false" variableLength="false">TmTm</command:parameterValue> <command:parameterValue required="false" variableLength="false">Transaction</command:parameterValue> <command:parameterValue required="false" variableLength="false">ResourceManager</command:parameterValue> <command:parameterValue required="false" variableLength="false">Enlistment</command:parameterValue> <command:parameterValue required="false" variableLength="false">TransactionManager</command:parameterValue> <command:parameterValue required="false" variableLength="false">Service</command:parameterValue> <command:parameterValue required="false" variableLength="false">SCM</command:parameterValue> <command:parameterValue required="false" variableLength="false">DirectoryService</command:parameterValue> <command:parameterValue required="false" variableLength="false">Audit</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: AsString --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>AsString</maml:name> <maml:description> <maml:para>Specify to output the access mask a string.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: AsTypeAccess --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ToTypeAccess"> <maml:name>AsTypeAccess</maml:name> <maml:description> <maml:para>Return access as specific access type based on the NtType object.</maml:para> </maml:description> <command:parameterValue required="true">NtType</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtType</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: GenericMapping --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>GenericMapping</maml:name> <maml:description> <maml:para>When specifying a Mandatory Label Policy specify GenericMapping to get the mandatory access.</maml:para> </maml:description> <command:parameterValue required="true">GenericMapping</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.GenericMapping</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: MapGenericRights --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>MapGenericRights</maml:name> <maml:description> <maml:para>Specify that any generic rights should be mapped to type specific rights.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> </command:syntaxItem> <!-- Parameter set: FromMutant --> <command:syntaxItem> <maml:name>Get-NtAccessMask</maml:name> <!-- Parameter: MutantAccess --> <command:parameter required="true" globbing="false" pipelineInput="false" position="named"> <maml:name>MutantAccess</maml:name> <maml:description> <maml:para>Specify Mutant access rights.</maml:para> <maml:para>Possible values: None, ModifyState, GenericRead, GenericWrite, GenericExecute, GenericAll, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, MaximumAllowed, AccessSystemSecurity</maml:para> </maml:description> <command:parameterValue required="true">MutantAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.MutantAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">ModifyState</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> <command:parameterValue required="false" variableLength="false">AccessSystemSecurity</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: AsGenericAccess --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ToGenericAccess"> <maml:name>AsGenericAccess</maml:name> <maml:description> <maml:para>Return access as GenericAccess.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: AsMandatoryLabelPolicy --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ToMandatoryLabelPolicy"> <maml:name>AsMandatoryLabelPolicy</maml:name> <maml:description> <maml:para>Return access as ManadatoryLabelPolicy.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: AsSDKString --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>AsSDKString</maml:name> <maml:description> <maml:para>Specify to output the access mask a string, using SDK names if available.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: AsSpecificAccess --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ToSpecificAccess"> <maml:name>AsSpecificAccess</maml:name> <maml:description> <maml:para>Return access as specific access type based on the type enumeration.</maml:para> <maml:para>Possible values: None, ALPCPort, DebugObject, Desktop, Directory, Event, File, Device, IoCompletion, Job, Key, Mutant, Partition, Process, RegistryTransaction, Section, Semaphore, Session, SymbolicLink, Thread, Token, TmTx, WindowStation, TmRm, TmEn, TmTm, Transaction, ResourceManager, Enlistment, TransactionManager, Service, SCM, DirectoryService, Audit</maml:para> </maml:description> <command:parameterValue required="true">SpecificAccessType</command:parameterValue> <dev:type> <maml:name>NtObjectManager.Cmdlets.Object.SpecificAccessType</maml:name> <maml:uri /> <maml:description> <maml:para>Enumeration for specific access type mapping.</maml:para> </maml:description> </dev:type> <dev:defaultValue>None</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">ALPCPort</command:parameterValue> <command:parameterValue required="false" variableLength="false">DebugObject</command:parameterValue> <command:parameterValue required="false" variableLength="false">Desktop</command:parameterValue> <command:parameterValue required="false" variableLength="false">Directory</command:parameterValue> <command:parameterValue required="false" variableLength="false">Event</command:parameterValue> <command:parameterValue required="false" variableLength="false">File</command:parameterValue> <command:parameterValue required="false" variableLength="false">Device</command:parameterValue> <command:parameterValue required="false" variableLength="false">IoCompletion</command:parameterValue> <command:parameterValue required="false" variableLength="false">Job</command:parameterValue> <command:parameterValue required="false" variableLength="false">Key</command:parameterValue> <command:parameterValue required="false" variableLength="false">Mutant</command:parameterValue> <command:parameterValue required="false" variableLength="false">Partition</command:parameterValue> <command:parameterValue required="false" variableLength="false">Process</command:parameterValue> <command:parameterValue required="false" variableLength="false">RegistryTransaction</command:parameterValue> <command:parameterValue required="false" variableLength="false">Section</command:parameterValue> <command:parameterValue required="false" variableLength="false">Semaphore</command:parameterValue> <command:parameterValue required="false" variableLength="false">Session</command:parameterValue> <command:parameterValue required="false" variableLength="false">SymbolicLink</command:parameterValue> <command:parameterValue required="false" variableLength="false">Thread</command:parameterValue> <command:parameterValue required="false" variableLength="false">Token</command:parameterValue> <command:parameterValue required="false" variableLength="false">TmTx</command:parameterValue> <command:parameterValue required="false" variableLength="false">WindowStation</command:parameterValue> <command:parameterValue required="false" variableLength="false">TmRm</command:parameterValue> <command:parameterValue required="false" variableLength="false">TmEn</command:parameterValue> <command:parameterValue required="false" variableLength="false">TmTm</command:parameterValue> <command:parameterValue required="false" variableLength="false">Transaction</command:parameterValue> <command:parameterValue required="false" variableLength="false">ResourceManager</command:parameterValue> <command:parameterValue required="false" variableLength="false">Enlistment</command:parameterValue> <command:parameterValue required="false" variableLength="false">TransactionManager</command:parameterValue> <command:parameterValue required="false" variableLength="false">Service</command:parameterValue> <command:parameterValue required="false" variableLength="false">SCM</command:parameterValue> <command:parameterValue required="false" variableLength="false">DirectoryService</command:parameterValue> <command:parameterValue required="false" variableLength="false">Audit</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: AsString --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>AsString</maml:name> <maml:description> <maml:para>Specify to output the access mask a string.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: AsTypeAccess --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ToTypeAccess"> <maml:name>AsTypeAccess</maml:name> <maml:description> <maml:para>Return access as specific access type based on the NtType object.</maml:para> </maml:description> <command:parameterValue required="true">NtType</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtType</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: GenericMapping --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>GenericMapping</maml:name> <maml:description> <maml:para>When specifying a Mandatory Label Policy specify GenericMapping to get the mandatory access.</maml:para> </maml:description> <command:parameterValue required="true">GenericMapping</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.GenericMapping</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: MapGenericRights --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>MapGenericRights</maml:name> <maml:description> <maml:para>Specify that any generic rights should be mapped to type specific rights.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> </command:syntaxItem> <!-- Parameter set: FromSemaphore --> <command:syntaxItem> <maml:name>Get-NtAccessMask</maml:name> <!-- Parameter: SemaphoreAccess --> <command:parameter required="true" globbing="false" pipelineInput="false" position="named"> <maml:name>SemaphoreAccess</maml:name> <maml:description> <maml:para>Specify Semaphore access rights.</maml:para> <maml:para>Possible values: None, QueryState, ModifyState, GenericRead, GenericWrite, GenericExecute, GenericAll, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, MaximumAllowed, AccessSystemSecurity</maml:para> </maml:description> <command:parameterValue required="true">SemaphoreAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SemaphoreAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">QueryState</command:parameterValue> <command:parameterValue required="false" variableLength="false">ModifyState</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> <command:parameterValue required="false" variableLength="false">AccessSystemSecurity</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: AsGenericAccess --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ToGenericAccess"> <maml:name>AsGenericAccess</maml:name> <maml:description> <maml:para>Return access as GenericAccess.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: AsMandatoryLabelPolicy --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ToMandatoryLabelPolicy"> <maml:name>AsMandatoryLabelPolicy</maml:name> <maml:description> <maml:para>Return access as ManadatoryLabelPolicy.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: AsSDKString --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>AsSDKString</maml:name> <maml:description> <maml:para>Specify to output the access mask a string, using SDK names if available.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: AsSpecificAccess --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ToSpecificAccess"> <maml:name>AsSpecificAccess</maml:name> <maml:description> <maml:para>Return access as specific access type based on the type enumeration.</maml:para> <maml:para>Possible values: None, ALPCPort, DebugObject, Desktop, Directory, Event, File, Device, IoCompletion, Job, Key, Mutant, Partition, Process, RegistryTransaction, Section, Semaphore, Session, SymbolicLink, Thread, Token, TmTx, WindowStation, TmRm, TmEn, TmTm, Transaction, ResourceManager, Enlistment, TransactionManager, Service, SCM, DirectoryService, Audit</maml:para> </maml:description> <command:parameterValue required="true">SpecificAccessType</command:parameterValue> <dev:type> <maml:name>NtObjectManager.Cmdlets.Object.SpecificAccessType</maml:name> <maml:uri /> <maml:description> <maml:para>Enumeration for specific access type mapping.</maml:para> </maml:description> </dev:type> <dev:defaultValue>None</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">ALPCPort</command:parameterValue> <command:parameterValue required="false" variableLength="false">DebugObject</command:parameterValue> <command:parameterValue required="false" variableLength="false">Desktop</command:parameterValue> <command:parameterValue required="false" variableLength="false">Directory</command:parameterValue> <command:parameterValue required="false" variableLength="false">Event</command:parameterValue> <command:parameterValue required="false" variableLength="false">File</command:parameterValue> <command:parameterValue required="false" variableLength="false">Device</command:parameterValue> <command:parameterValue required="false" variableLength="false">IoCompletion</command:parameterValue> <command:parameterValue required="false" variableLength="false">Job</command:parameterValue> <command:parameterValue required="false" variableLength="false">Key</command:parameterValue> <command:parameterValue required="false" variableLength="false">Mutant</command:parameterValue> <command:parameterValue required="false" variableLength="false">Partition</command:parameterValue> <command:parameterValue required="false" variableLength="false">Process</command:parameterValue> <command:parameterValue required="false" variableLength="false">RegistryTransaction</command:parameterValue> <command:parameterValue required="false" variableLength="false">Section</command:parameterValue> <command:parameterValue required="false" variableLength="false">Semaphore</command:parameterValue> <command:parameterValue required="false" variableLength="false">Session</command:parameterValue> <command:parameterValue required="false" variableLength="false">SymbolicLink</command:parameterValue> <command:parameterValue required="false" variableLength="false">Thread</command:parameterValue> <command:parameterValue required="false" variableLength="false">Token</command:parameterValue> <command:parameterValue required="false" variableLength="false">TmTx</command:parameterValue> <command:parameterValue required="false" variableLength="false">WindowStation</command:parameterValue> <command:parameterValue required="false" variableLength="false">TmRm</command:parameterValue> <command:parameterValue required="false" variableLength="false">TmEn</command:parameterValue> <command:parameterValue required="false" variableLength="false">TmTm</command:parameterValue> <command:parameterValue required="false" variableLength="false">Transaction</command:parameterValue> <command:parameterValue required="false" variableLength="false">ResourceManager</command:parameterValue> <command:parameterValue required="false" variableLength="false">Enlistment</command:parameterValue> <command:parameterValue required="false" variableLength="false">TransactionManager</command:parameterValue> <command:parameterValue required="false" variableLength="false">Service</command:parameterValue> <command:parameterValue required="false" variableLength="false">SCM</command:parameterValue> <command:parameterValue required="false" variableLength="false">DirectoryService</command:parameterValue> <command:parameterValue required="false" variableLength="false">Audit</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: AsString --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>AsString</maml:name> <maml:description> <maml:para>Specify to output the access mask a string.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: AsTypeAccess --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ToTypeAccess"> <maml:name>AsTypeAccess</maml:name> <maml:description> <maml:para>Return access as specific access type based on the NtType object.</maml:para> </maml:description> <command:parameterValue required="true">NtType</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtType</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: GenericMapping --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>GenericMapping</maml:name> <maml:description> <maml:para>When specifying a Mandatory Label Policy specify GenericMapping to get the mandatory access.</maml:para> </maml:description> <command:parameterValue required="true">GenericMapping</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.GenericMapping</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: MapGenericRights --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>MapGenericRights</maml:name> <maml:description> <maml:para>Specify that any generic rights should be mapped to type specific rights.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> </command:syntaxItem> <!-- Parameter set: FromRegTrans --> <command:syntaxItem> <maml:name>Get-NtAccessMask</maml:name> <!-- Parameter: RegistryTransactionAccess --> <command:parameter required="true" globbing="false" pipelineInput="false" position="named"> <maml:name>RegistryTransactionAccess</maml:name> <maml:description> <maml:para>Specify Registry Transaction access rights.</maml:para> <maml:para>Possible values: QueryInformation, SetInformation, Enlist, Commit, Rollback, Propagate, GenericRead, GenericWrite, GenericExecute, GenericAll, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, MaximumAllowed, AccessSystemSecurity</maml:para> </maml:description> <command:parameterValue required="true">RegistryTransactionAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.RegistryTransactionAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>0</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">QueryInformation</command:parameterValue> <command:parameterValue required="false" variableLength="false">SetInformation</command:parameterValue> <command:parameterValue required="false" variableLength="false">Enlist</command:parameterValue> <command:parameterValue required="false" variableLength="false">Commit</command:parameterValue> <command:parameterValue required="false" variableLength="false">Rollback</command:parameterValue> <command:parameterValue required="false" variableLength="false">Propagate</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> <command:parameterValue required="false" variableLength="false">AccessSystemSecurity</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: AsGenericAccess --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ToGenericAccess"> <maml:name>AsGenericAccess</maml:name> <maml:description> <maml:para>Return access as GenericAccess.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: AsMandatoryLabelPolicy --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ToMandatoryLabelPolicy"> <maml:name>AsMandatoryLabelPolicy</maml:name> <maml:description> <maml:para>Return access as ManadatoryLabelPolicy.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: AsSDKString --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>AsSDKString</maml:name> <maml:description> <maml:para>Specify to output the access mask a string, using SDK names if available.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: AsSpecificAccess --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ToSpecificAccess"> <maml:name>AsSpecificAccess</maml:name> <maml:description> <maml:para>Return access as specific access type based on the type enumeration.</maml:para> <maml:para>Possible values: None, ALPCPort, DebugObject, Desktop, Directory, Event, File, Device, IoCompletion, Job, Key, Mutant, Partition, Process, RegistryTransaction, Section, Semaphore, Session, SymbolicLink, Thread, Token, TmTx, WindowStation, TmRm, TmEn, TmTm, Transaction, ResourceManager, Enlistment, TransactionManager, Service, SCM, DirectoryService, Audit</maml:para> </maml:description> <command:parameterValue required="true">SpecificAccessType</command:parameterValue> <dev:type> <maml:name>NtObjectManager.Cmdlets.Object.SpecificAccessType</maml:name> <maml:uri /> <maml:description> <maml:para>Enumeration for specific access type mapping.</maml:para> </maml:description> </dev:type> <dev:defaultValue>None</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">ALPCPort</command:parameterValue> <command:parameterValue required="false" variableLength="false">DebugObject</command:parameterValue> <command:parameterValue required="false" variableLength="false">Desktop</command:parameterValue> <command:parameterValue required="false" variableLength="false">Directory</command:parameterValue> <command:parameterValue required="false" variableLength="false">Event</command:parameterValue> <command:parameterValue required="false" variableLength="false">File</command:parameterValue> <command:parameterValue required="false" variableLength="false">Device</command:parameterValue> <command:parameterValue required="false" variableLength="false">IoCompletion</command:parameterValue> <command:parameterValue required="false" variableLength="false">Job</command:parameterValue> <command:parameterValue required="false" variableLength="false">Key</command:parameterValue> <command:parameterValue required="false" variableLength="false">Mutant</command:parameterValue> <command:parameterValue required="false" variableLength="false">Partition</command:parameterValue> <command:parameterValue required="false" variableLength="false">Process</command:parameterValue> <command:parameterValue required="false" variableLength="false">RegistryTransaction</command:parameterValue> <command:parameterValue required="false" variableLength="false">Section</command:parameterValue> <command:parameterValue required="false" variableLength="false">Semaphore</command:parameterValue> <command:parameterValue required="false" variableLength="false">Session</command:parameterValue> <command:parameterValue required="false" variableLength="false">SymbolicLink</command:parameterValue> <command:parameterValue required="false" variableLength="false">Thread</command:parameterValue> <command:parameterValue required="false" variableLength="false">Token</command:parameterValue> <command:parameterValue required="false" variableLength="false">TmTx</command:parameterValue> <command:parameterValue required="false" variableLength="false">WindowStation</command:parameterValue> <command:parameterValue required="false" variableLength="false">TmRm</command:parameterValue> <command:parameterValue required="false" variableLength="false">TmEn</command:parameterValue> <command:parameterValue required="false" variableLength="false">TmTm</command:parameterValue> <command:parameterValue required="false" variableLength="false">Transaction</command:parameterValue> <command:parameterValue required="false" variableLength="false">ResourceManager</command:parameterValue> <command:parameterValue required="false" variableLength="false">Enlistment</command:parameterValue> <command:parameterValue required="false" variableLength="false">TransactionManager</command:parameterValue> <command:parameterValue required="false" variableLength="false">Service</command:parameterValue> <command:parameterValue required="false" variableLength="false">SCM</command:parameterValue> <command:parameterValue required="false" variableLength="false">DirectoryService</command:parameterValue> <command:parameterValue required="false" variableLength="false">Audit</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: AsString --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>AsString</maml:name> <maml:description> <maml:para>Specify to output the access mask a string.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: AsTypeAccess --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ToTypeAccess"> <maml:name>AsTypeAccess</maml:name> <maml:description> <maml:para>Return access as specific access type based on the NtType object.</maml:para> </maml:description> <command:parameterValue required="true">NtType</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtType</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: GenericMapping --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>GenericMapping</maml:name> <maml:description> <maml:para>When specifying a Mandatory Label Policy specify GenericMapping to get the mandatory access.</maml:para> </maml:description> <command:parameterValue required="true">GenericMapping</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.GenericMapping</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: MapGenericRights --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>MapGenericRights</maml:name> <maml:description> <maml:para>Specify that any generic rights should be mapped to type specific rights.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> </command:syntaxItem> <!-- Parameter set: FromAlpc --> <command:syntaxItem> <maml:name>Get-NtAccessMask</maml:name> <!-- Parameter: AlpcPortAccess --> <command:parameter required="true" globbing="false" pipelineInput="false" position="named"> <maml:name>AlpcPortAccess</maml:name> <maml:description> <maml:para>Specify ALPC Port access rights.</maml:para> <maml:para>Possible values: Connect, GenericRead, GenericWrite, GenericExecute, GenericAll, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, MaximumAllowed, AccessSystemSecurity</maml:para> </maml:description> <command:parameterValue required="true">AlpcAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.AlpcAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>0</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">Connect</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> <command:parameterValue required="false" variableLength="false">AccessSystemSecurity</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: AsGenericAccess --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ToGenericAccess"> <maml:name>AsGenericAccess</maml:name> <maml:description> <maml:para>Return access as GenericAccess.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: AsMandatoryLabelPolicy --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ToMandatoryLabelPolicy"> <maml:name>AsMandatoryLabelPolicy</maml:name> <maml:description> <maml:para>Return access as ManadatoryLabelPolicy.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: AsSDKString --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>AsSDKString</maml:name> <maml:description> <maml:para>Specify to output the access mask a string, using SDK names if available.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: AsSpecificAccess --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ToSpecificAccess"> <maml:name>AsSpecificAccess</maml:name> <maml:description> <maml:para>Return access as specific access type based on the type enumeration.</maml:para> <maml:para>Possible values: None, ALPCPort, DebugObject, Desktop, Directory, Event, File, Device, IoCompletion, Job, Key, Mutant, Partition, Process, RegistryTransaction, Section, Semaphore, Session, SymbolicLink, Thread, Token, TmTx, WindowStation, TmRm, TmEn, TmTm, Transaction, ResourceManager, Enlistment, TransactionManager, Service, SCM, DirectoryService, Audit</maml:para> </maml:description> <command:parameterValue required="true">SpecificAccessType</command:parameterValue> <dev:type> <maml:name>NtObjectManager.Cmdlets.Object.SpecificAccessType</maml:name> <maml:uri /> <maml:description> <maml:para>Enumeration for specific access type mapping.</maml:para> </maml:description> </dev:type> <dev:defaultValue>None</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">ALPCPort</command:parameterValue> <command:parameterValue required="false" variableLength="false">DebugObject</command:parameterValue> <command:parameterValue required="false" variableLength="false">Desktop</command:parameterValue> <command:parameterValue required="false" variableLength="false">Directory</command:parameterValue> <command:parameterValue required="false" variableLength="false">Event</command:parameterValue> <command:parameterValue required="false" variableLength="false">File</command:parameterValue> <command:parameterValue required="false" variableLength="false">Device</command:parameterValue> <command:parameterValue required="false" variableLength="false">IoCompletion</command:parameterValue> <command:parameterValue required="false" variableLength="false">Job</command:parameterValue> <command:parameterValue required="false" variableLength="false">Key</command:parameterValue> <command:parameterValue required="false" variableLength="false">Mutant</command:parameterValue> <command:parameterValue required="false" variableLength="false">Partition</command:parameterValue> <command:parameterValue required="false" variableLength="false">Process</command:parameterValue> <command:parameterValue required="false" variableLength="false">RegistryTransaction</command:parameterValue> <command:parameterValue required="false" variableLength="false">Section</command:parameterValue> <command:parameterValue required="false" variableLength="false">Semaphore</command:parameterValue> <command:parameterValue required="false" variableLength="false">Session</command:parameterValue> <command:parameterValue required="false" variableLength="false">SymbolicLink</command:parameterValue> <command:parameterValue required="false" variableLength="false">Thread</command:parameterValue> <command:parameterValue required="false" variableLength="false">Token</command:parameterValue> <command:parameterValue required="false" variableLength="false">TmTx</command:parameterValue> <command:parameterValue required="false" variableLength="false">WindowStation</command:parameterValue> <command:parameterValue required="false" variableLength="false">TmRm</command:parameterValue> <command:parameterValue required="false" variableLength="false">TmEn</command:parameterValue> <command:parameterValue required="false" variableLength="false">TmTm</command:parameterValue> <command:parameterValue required="false" variableLength="false">Transaction</command:parameterValue> <command:parameterValue required="false" variableLength="false">ResourceManager</command:parameterValue> <command:parameterValue required="false" variableLength="false">Enlistment</command:parameterValue> <command:parameterValue required="false" variableLength="false">TransactionManager</command:parameterValue> <command:parameterValue required="false" variableLength="false">Service</command:parameterValue> <command:parameterValue required="false" variableLength="false">SCM</command:parameterValue> <command:parameterValue required="false" variableLength="false">DirectoryService</command:parameterValue> <command:parameterValue required="false" variableLength="false">Audit</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: AsString --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>AsString</maml:name> <maml:description> <maml:para>Specify to output the access mask a string.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: AsTypeAccess --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ToTypeAccess"> <maml:name>AsTypeAccess</maml:name> <maml:description> <maml:para>Return access as specific access type based on the NtType object.</maml:para> </maml:description> <command:parameterValue required="true">NtType</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtType</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: GenericMapping --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>GenericMapping</maml:name> <maml:description> <maml:para>When specifying a Mandatory Label Policy specify GenericMapping to get the mandatory access.</maml:para> </maml:description> <command:parameterValue required="true">GenericMapping</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.GenericMapping</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: MapGenericRights --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>MapGenericRights</maml:name> <maml:description> <maml:para>Specify that any generic rights should be mapped to type specific rights.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> </command:syntaxItem> <!-- Parameter set: FromSection --> <command:syntaxItem> <maml:name>Get-NtAccessMask</maml:name> <!-- Parameter: SectionAccess --> <command:parameter required="true" globbing="false" pipelineInput="false" position="named"> <maml:name>SectionAccess</maml:name> <maml:description> <maml:para>Specify Section access rights.</maml:para> <maml:para>Possible values: Query, MapWrite, MapRead, MapExecute, ExtendSize, MapExecuteExplicit, GenericRead, GenericWrite, GenericExecute, GenericAll, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, MaximumAllowed, AccessSystemSecurity</maml:para> </maml:description> <command:parameterValue required="true">SectionAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SectionAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>0</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">Query</command:parameterValue> <command:parameterValue required="false" variableLength="false">MapWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">MapRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">MapExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">ExtendSize</command:parameterValue> <command:parameterValue required="false" variableLength="false">MapExecuteExplicit</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> <command:parameterValue required="false" variableLength="false">AccessSystemSecurity</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: AsGenericAccess --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ToGenericAccess"> <maml:name>AsGenericAccess</maml:name> <maml:description> <maml:para>Return access as GenericAccess.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: AsMandatoryLabelPolicy --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ToMandatoryLabelPolicy"> <maml:name>AsMandatoryLabelPolicy</maml:name> <maml:description> <maml:para>Return access as ManadatoryLabelPolicy.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: AsSDKString --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>AsSDKString</maml:name> <maml:description> <maml:para>Specify to output the access mask a string, using SDK names if available.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: AsSpecificAccess --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ToSpecificAccess"> <maml:name>AsSpecificAccess</maml:name> <maml:description> <maml:para>Return access as specific access type based on the type enumeration.</maml:para> <maml:para>Possible values: None, ALPCPort, DebugObject, Desktop, Directory, Event, File, Device, IoCompletion, Job, Key, Mutant, Partition, Process, RegistryTransaction, Section, Semaphore, Session, SymbolicLink, Thread, Token, TmTx, WindowStation, TmRm, TmEn, TmTm, Transaction, ResourceManager, Enlistment, TransactionManager, Service, SCM, DirectoryService, Audit</maml:para> </maml:description> <command:parameterValue required="true">SpecificAccessType</command:parameterValue> <dev:type> <maml:name>NtObjectManager.Cmdlets.Object.SpecificAccessType</maml:name> <maml:uri /> <maml:description> <maml:para>Enumeration for specific access type mapping.</maml:para> </maml:description> </dev:type> <dev:defaultValue>None</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">ALPCPort</command:parameterValue> <command:parameterValue required="false" variableLength="false">DebugObject</command:parameterValue> <command:parameterValue required="false" variableLength="false">Desktop</command:parameterValue> <command:parameterValue required="false" variableLength="false">Directory</command:parameterValue> <command:parameterValue required="false" variableLength="false">Event</command:parameterValue> <command:parameterValue required="false" variableLength="false">File</command:parameterValue> <command:parameterValue required="false" variableLength="false">Device</command:parameterValue> <command:parameterValue required="false" variableLength="false">IoCompletion</command:parameterValue> <command:parameterValue required="false" variableLength="false">Job</command:parameterValue> <command:parameterValue required="false" variableLength="false">Key</command:parameterValue> <command:parameterValue required="false" variableLength="false">Mutant</command:parameterValue> <command:parameterValue required="false" variableLength="false">Partition</command:parameterValue> <command:parameterValue required="false" variableLength="false">Process</command:parameterValue> <command:parameterValue required="false" variableLength="false">RegistryTransaction</command:parameterValue> <command:parameterValue required="false" variableLength="false">Section</command:parameterValue> <command:parameterValue required="false" variableLength="false">Semaphore</command:parameterValue> <command:parameterValue required="false" variableLength="false">Session</command:parameterValue> <command:parameterValue required="false" variableLength="false">SymbolicLink</command:parameterValue> <command:parameterValue required="false" variableLength="false">Thread</command:parameterValue> <command:parameterValue required="false" variableLength="false">Token</command:parameterValue> <command:parameterValue required="false" variableLength="false">TmTx</command:parameterValue> <command:parameterValue required="false" variableLength="false">WindowStation</command:parameterValue> <command:parameterValue required="false" variableLength="false">TmRm</command:parameterValue> <command:parameterValue required="false" variableLength="false">TmEn</command:parameterValue> <command:parameterValue required="false" variableLength="false">TmTm</command:parameterValue> <command:parameterValue required="false" variableLength="false">Transaction</command:parameterValue> <command:parameterValue required="false" variableLength="false">ResourceManager</command:parameterValue> <command:parameterValue required="false" variableLength="false">Enlistment</command:parameterValue> <command:parameterValue required="false" variableLength="false">TransactionManager</command:parameterValue> <command:parameterValue required="false" variableLength="false">Service</command:parameterValue> <command:parameterValue required="false" variableLength="false">SCM</command:parameterValue> <command:parameterValue required="false" variableLength="false">DirectoryService</command:parameterValue> <command:parameterValue required="false" variableLength="false">Audit</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: AsString --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>AsString</maml:name> <maml:description> <maml:para>Specify to output the access mask a string.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: AsTypeAccess --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ToTypeAccess"> <maml:name>AsTypeAccess</maml:name> <maml:description> <maml:para>Return access as specific access type based on the NtType object.</maml:para> </maml:description> <command:parameterValue required="true">NtType</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtType</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: GenericMapping --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>GenericMapping</maml:name> <maml:description> <maml:para>When specifying a Mandatory Label Policy specify GenericMapping to get the mandatory access.</maml:para> </maml:description> <command:parameterValue required="true">GenericMapping</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.GenericMapping</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: MapGenericRights --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>MapGenericRights</maml:name> <maml:description> <maml:para>Specify that any generic rights should be mapped to type specific rights.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> </command:syntaxItem> <!-- Parameter set: FromKey --> <command:syntaxItem> <maml:name>Get-NtAccessMask</maml:name> <!-- Parameter: KeyAccess --> <command:parameter required="true" globbing="false" pipelineInput="false" position="named"> <maml:name>KeyAccess</maml:name> <maml:description> <maml:para>Specify Key access rights.</maml:para> <maml:para>Possible values: QueryValue, SetValue, CreateSubKey, EnumerateSubKeys, Notify, CreateLink, GenericRead, GenericWrite, GenericExecute, GenericAll, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, MaximumAllowed, AccessSystemSecurity</maml:para> </maml:description> <command:parameterValue required="true">KeyAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.KeyAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>0</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">QueryValue</command:parameterValue> <command:parameterValue required="false" variableLength="false">SetValue</command:parameterValue> <command:parameterValue required="false" variableLength="false">CreateSubKey</command:parameterValue> <command:parameterValue required="false" variableLength="false">EnumerateSubKeys</command:parameterValue> <command:parameterValue required="false" variableLength="false">Notify</command:parameterValue> <command:parameterValue required="false" variableLength="false">CreateLink</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> <command:parameterValue required="false" variableLength="false">AccessSystemSecurity</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: AsGenericAccess --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ToGenericAccess"> <maml:name>AsGenericAccess</maml:name> <maml:description> <maml:para>Return access as GenericAccess.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: AsMandatoryLabelPolicy --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ToMandatoryLabelPolicy"> <maml:name>AsMandatoryLabelPolicy</maml:name> <maml:description> <maml:para>Return access as ManadatoryLabelPolicy.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: AsSDKString --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>AsSDKString</maml:name> <maml:description> <maml:para>Specify to output the access mask a string, using SDK names if available.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: AsSpecificAccess --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ToSpecificAccess"> <maml:name>AsSpecificAccess</maml:name> <maml:description> <maml:para>Return access as specific access type based on the type enumeration.</maml:para> <maml:para>Possible values: None, ALPCPort, DebugObject, Desktop, Directory, Event, File, Device, IoCompletion, Job, Key, Mutant, Partition, Process, RegistryTransaction, Section, Semaphore, Session, SymbolicLink, Thread, Token, TmTx, WindowStation, TmRm, TmEn, TmTm, Transaction, ResourceManager, Enlistment, TransactionManager, Service, SCM, DirectoryService, Audit</maml:para> </maml:description> <command:parameterValue required="true">SpecificAccessType</command:parameterValue> <dev:type> <maml:name>NtObjectManager.Cmdlets.Object.SpecificAccessType</maml:name> <maml:uri /> <maml:description> <maml:para>Enumeration for specific access type mapping.</maml:para> </maml:description> </dev:type> <dev:defaultValue>None</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">ALPCPort</command:parameterValue> <command:parameterValue required="false" variableLength="false">DebugObject</command:parameterValue> <command:parameterValue required="false" variableLength="false">Desktop</command:parameterValue> <command:parameterValue required="false" variableLength="false">Directory</command:parameterValue> <command:parameterValue required="false" variableLength="false">Event</command:parameterValue> <command:parameterValue required="false" variableLength="false">File</command:parameterValue> <command:parameterValue required="false" variableLength="false">Device</command:parameterValue> <command:parameterValue required="false" variableLength="false">IoCompletion</command:parameterValue> <command:parameterValue required="false" variableLength="false">Job</command:parameterValue> <command:parameterValue required="false" variableLength="false">Key</command:parameterValue> <command:parameterValue required="false" variableLength="false">Mutant</command:parameterValue> <command:parameterValue required="false" variableLength="false">Partition</command:parameterValue> <command:parameterValue required="false" variableLength="false">Process</command:parameterValue> <command:parameterValue required="false" variableLength="false">RegistryTransaction</command:parameterValue> <command:parameterValue required="false" variableLength="false">Section</command:parameterValue> <command:parameterValue required="false" variableLength="false">Semaphore</command:parameterValue> <command:parameterValue required="false" variableLength="false">Session</command:parameterValue> <command:parameterValue required="false" variableLength="false">SymbolicLink</command:parameterValue> <command:parameterValue required="false" variableLength="false">Thread</command:parameterValue> <command:parameterValue required="false" variableLength="false">Token</command:parameterValue> <command:parameterValue required="false" variableLength="false">TmTx</command:parameterValue> <command:parameterValue required="false" variableLength="false">WindowStation</command:parameterValue> <command:parameterValue required="false" variableLength="false">TmRm</command:parameterValue> <command:parameterValue required="false" variableLength="false">TmEn</command:parameterValue> <command:parameterValue required="false" variableLength="false">TmTm</command:parameterValue> <command:parameterValue required="false" variableLength="false">Transaction</command:parameterValue> <command:parameterValue required="false" variableLength="false">ResourceManager</command:parameterValue> <command:parameterValue required="false" variableLength="false">Enlistment</command:parameterValue> <command:parameterValue required="false" variableLength="false">TransactionManager</command:parameterValue> <command:parameterValue required="false" variableLength="false">Service</command:parameterValue> <command:parameterValue required="false" variableLength="false">SCM</command:parameterValue> <command:parameterValue required="false" variableLength="false">DirectoryService</command:parameterValue> <command:parameterValue required="false" variableLength="false">Audit</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: AsString --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>AsString</maml:name> <maml:description> <maml:para>Specify to output the access mask a string.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: AsTypeAccess --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ToTypeAccess"> <maml:name>AsTypeAccess</maml:name> <maml:description> <maml:para>Return access as specific access type based on the NtType object.</maml:para> </maml:description> <command:parameterValue required="true">NtType</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtType</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: GenericMapping --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>GenericMapping</maml:name> <maml:description> <maml:para>When specifying a Mandatory Label Policy specify GenericMapping to get the mandatory access.</maml:para> </maml:description> <command:parameterValue required="true">GenericMapping</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.GenericMapping</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: MapGenericRights --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>MapGenericRights</maml:name> <maml:description> <maml:para>Specify that any generic rights should be mapped to type specific rights.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> </command:syntaxItem> <!-- Parameter set: FromEvent --> <command:syntaxItem> <maml:name>Get-NtAccessMask</maml:name> <!-- Parameter: EventAccess --> <command:parameter required="true" globbing="false" pipelineInput="false" position="named"> <maml:name>EventAccess</maml:name> <maml:description> <maml:para>Specify Event access rights.</maml:para> <maml:para>Possible values: QueryState, ModifyState, GenericRead, GenericWrite, GenericExecute, GenericAll, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, MaximumAllowed, AccessSystemSecurity</maml:para> </maml:description> <command:parameterValue required="true">EventAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.EventAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>0</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">QueryState</command:parameterValue> <command:parameterValue required="false" variableLength="false">ModifyState</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> <command:parameterValue required="false" variableLength="false">AccessSystemSecurity</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: AsGenericAccess --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ToGenericAccess"> <maml:name>AsGenericAccess</maml:name> <maml:description> <maml:para>Return access as GenericAccess.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: AsMandatoryLabelPolicy --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ToMandatoryLabelPolicy"> <maml:name>AsMandatoryLabelPolicy</maml:name> <maml:description> <maml:para>Return access as ManadatoryLabelPolicy.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: AsSDKString --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>AsSDKString</maml:name> <maml:description> <maml:para>Specify to output the access mask a string, using SDK names if available.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: AsSpecificAccess --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ToSpecificAccess"> <maml:name>AsSpecificAccess</maml:name> <maml:description> <maml:para>Return access as specific access type based on the type enumeration.</maml:para> <maml:para>Possible values: None, ALPCPort, DebugObject, Desktop, Directory, Event, File, Device, IoCompletion, Job, Key, Mutant, Partition, Process, RegistryTransaction, Section, Semaphore, Session, SymbolicLink, Thread, Token, TmTx, WindowStation, TmRm, TmEn, TmTm, Transaction, ResourceManager, Enlistment, TransactionManager, Service, SCM, DirectoryService, Audit</maml:para> </maml:description> <command:parameterValue required="true">SpecificAccessType</command:parameterValue> <dev:type> <maml:name>NtObjectManager.Cmdlets.Object.SpecificAccessType</maml:name> <maml:uri /> <maml:description> <maml:para>Enumeration for specific access type mapping.</maml:para> </maml:description> </dev:type> <dev:defaultValue>None</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">ALPCPort</command:parameterValue> <command:parameterValue required="false" variableLength="false">DebugObject</command:parameterValue> <command:parameterValue required="false" variableLength="false">Desktop</command:parameterValue> <command:parameterValue required="false" variableLength="false">Directory</command:parameterValue> <command:parameterValue required="false" variableLength="false">Event</command:parameterValue> <command:parameterValue required="false" variableLength="false">File</command:parameterValue> <command:parameterValue required="false" variableLength="false">Device</command:parameterValue> <command:parameterValue required="false" variableLength="false">IoCompletion</command:parameterValue> <command:parameterValue required="false" variableLength="false">Job</command:parameterValue> <command:parameterValue required="false" variableLength="false">Key</command:parameterValue> <command:parameterValue required="false" variableLength="false">Mutant</command:parameterValue> <command:parameterValue required="false" variableLength="false">Partition</command:parameterValue> <command:parameterValue required="false" variableLength="false">Process</command:parameterValue> <command:parameterValue required="false" variableLength="false">RegistryTransaction</command:parameterValue> <command:parameterValue required="false" variableLength="false">Section</command:parameterValue> <command:parameterValue required="false" variableLength="false">Semaphore</command:parameterValue> <command:parameterValue required="false" variableLength="false">Session</command:parameterValue> <command:parameterValue required="false" variableLength="false">SymbolicLink</command:parameterValue> <command:parameterValue required="false" variableLength="false">Thread</command:parameterValue> <command:parameterValue required="false" variableLength="false">Token</command:parameterValue> <command:parameterValue required="false" variableLength="false">TmTx</command:parameterValue> <command:parameterValue required="false" variableLength="false">WindowStation</command:parameterValue> <command:parameterValue required="false" variableLength="false">TmRm</command:parameterValue> <command:parameterValue required="false" variableLength="false">TmEn</command:parameterValue> <command:parameterValue required="false" variableLength="false">TmTm</command:parameterValue> <command:parameterValue required="false" variableLength="false">Transaction</command:parameterValue> <command:parameterValue required="false" variableLength="false">ResourceManager</command:parameterValue> <command:parameterValue required="false" variableLength="false">Enlistment</command:parameterValue> <command:parameterValue required="false" variableLength="false">TransactionManager</command:parameterValue> <command:parameterValue required="false" variableLength="false">Service</command:parameterValue> <command:parameterValue required="false" variableLength="false">SCM</command:parameterValue> <command:parameterValue required="false" variableLength="false">DirectoryService</command:parameterValue> <command:parameterValue required="false" variableLength="false">Audit</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: AsString --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>AsString</maml:name> <maml:description> <maml:para>Specify to output the access mask a string.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: AsTypeAccess --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ToTypeAccess"> <maml:name>AsTypeAccess</maml:name> <maml:description> <maml:para>Return access as specific access type based on the NtType object.</maml:para> </maml:description> <command:parameterValue required="true">NtType</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtType</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: GenericMapping --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>GenericMapping</maml:name> <maml:description> <maml:para>When specifying a Mandatory Label Policy specify GenericMapping to get the mandatory access.</maml:para> </maml:description> <command:parameterValue required="true">GenericMapping</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.GenericMapping</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: MapGenericRights --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>MapGenericRights</maml:name> <maml:description> <maml:para>Specify that any generic rights should be mapped to type specific rights.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> </command:syntaxItem> <!-- Parameter set: FromSymbolicLink --> <command:syntaxItem> <maml:name>Get-NtAccessMask</maml:name> <!-- Parameter: SymbolicLinkAccess --> <command:parameter required="true" globbing="false" pipelineInput="false" position="named"> <maml:name>SymbolicLinkAccess</maml:name> <maml:description> <maml:para>Specify Symbolic Link access rights.</maml:para> <maml:para>Possible values: Query, Set, GenericRead, GenericWrite, GenericExecute, GenericAll, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, MaximumAllowed, AccessSystemSecurity</maml:para> </maml:description> <command:parameterValue required="true">SymbolicLinkAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SymbolicLinkAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>0</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">Query</command:parameterValue> <command:parameterValue required="false" variableLength="false">Set</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> <command:parameterValue required="false" variableLength="false">AccessSystemSecurity</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: AsGenericAccess --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ToGenericAccess"> <maml:name>AsGenericAccess</maml:name> <maml:description> <maml:para>Return access as GenericAccess.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: AsMandatoryLabelPolicy --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ToMandatoryLabelPolicy"> <maml:name>AsMandatoryLabelPolicy</maml:name> <maml:description> <maml:para>Return access as ManadatoryLabelPolicy.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: AsSDKString --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>AsSDKString</maml:name> <maml:description> <maml:para>Specify to output the access mask a string, using SDK names if available.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: AsSpecificAccess --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ToSpecificAccess"> <maml:name>AsSpecificAccess</maml:name> <maml:description> <maml:para>Return access as specific access type based on the type enumeration.</maml:para> <maml:para>Possible values: None, ALPCPort, DebugObject, Desktop, Directory, Event, File, Device, IoCompletion, Job, Key, Mutant, Partition, Process, RegistryTransaction, Section, Semaphore, Session, SymbolicLink, Thread, Token, TmTx, WindowStation, TmRm, TmEn, TmTm, Transaction, ResourceManager, Enlistment, TransactionManager, Service, SCM, DirectoryService, Audit</maml:para> </maml:description> <command:parameterValue required="true">SpecificAccessType</command:parameterValue> <dev:type> <maml:name>NtObjectManager.Cmdlets.Object.SpecificAccessType</maml:name> <maml:uri /> <maml:description> <maml:para>Enumeration for specific access type mapping.</maml:para> </maml:description> </dev:type> <dev:defaultValue>None</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">ALPCPort</command:parameterValue> <command:parameterValue required="false" variableLength="false">DebugObject</command:parameterValue> <command:parameterValue required="false" variableLength="false">Desktop</command:parameterValue> <command:parameterValue required="false" variableLength="false">Directory</command:parameterValue> <command:parameterValue required="false" variableLength="false">Event</command:parameterValue> <command:parameterValue required="false" variableLength="false">File</command:parameterValue> <command:parameterValue required="false" variableLength="false">Device</command:parameterValue> <command:parameterValue required="false" variableLength="false">IoCompletion</command:parameterValue> <command:parameterValue required="false" variableLength="false">Job</command:parameterValue> <command:parameterValue required="false" variableLength="false">Key</command:parameterValue> <command:parameterValue required="false" variableLength="false">Mutant</command:parameterValue> <command:parameterValue required="false" variableLength="false">Partition</command:parameterValue> <command:parameterValue required="false" variableLength="false">Process</command:parameterValue> <command:parameterValue required="false" variableLength="false">RegistryTransaction</command:parameterValue> <command:parameterValue required="false" variableLength="false">Section</command:parameterValue> <command:parameterValue required="false" variableLength="false">Semaphore</command:parameterValue> <command:parameterValue required="false" variableLength="false">Session</command:parameterValue> <command:parameterValue required="false" variableLength="false">SymbolicLink</command:parameterValue> <command:parameterValue required="false" variableLength="false">Thread</command:parameterValue> <command:parameterValue required="false" variableLength="false">Token</command:parameterValue> <command:parameterValue required="false" variableLength="false">TmTx</command:parameterValue> <command:parameterValue required="false" variableLength="false">WindowStation</command:parameterValue> <command:parameterValue required="false" variableLength="false">TmRm</command:parameterValue> <command:parameterValue required="false" variableLength="false">TmEn</command:parameterValue> <command:parameterValue required="false" variableLength="false">TmTm</command:parameterValue> <command:parameterValue required="false" variableLength="false">Transaction</command:parameterValue> <command:parameterValue required="false" variableLength="false">ResourceManager</command:parameterValue> <command:parameterValue required="false" variableLength="false">Enlistment</command:parameterValue> <command:parameterValue required="false" variableLength="false">TransactionManager</command:parameterValue> <command:parameterValue required="false" variableLength="false">Service</command:parameterValue> <command:parameterValue required="false" variableLength="false">SCM</command:parameterValue> <command:parameterValue required="false" variableLength="false">DirectoryService</command:parameterValue> <command:parameterValue required="false" variableLength="false">Audit</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: AsString --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>AsString</maml:name> <maml:description> <maml:para>Specify to output the access mask a string.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: AsTypeAccess --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ToTypeAccess"> <maml:name>AsTypeAccess</maml:name> <maml:description> <maml:para>Return access as specific access type based on the NtType object.</maml:para> </maml:description> <command:parameterValue required="true">NtType</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtType</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: GenericMapping --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>GenericMapping</maml:name> <maml:description> <maml:para>When specifying a Mandatory Label Policy specify GenericMapping to get the mandatory access.</maml:para> </maml:description> <command:parameterValue required="true">GenericMapping</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.GenericMapping</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: MapGenericRights --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>MapGenericRights</maml:name> <maml:description> <maml:para>Specify that any generic rights should be mapped to type specific rights.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> </command:syntaxItem> <!-- Parameter set: FromToken --> <command:syntaxItem> <maml:name>Get-NtAccessMask</maml:name> <!-- Parameter: TokenAccess --> <command:parameter required="true" globbing="false" pipelineInput="false" position="named"> <maml:name>TokenAccess</maml:name> <maml:description> <maml:para>Specify Token access rights.</maml:para> <maml:para>Possible values: AssignPrimary, Duplicate, Impersonate, Query, QuerySource, AdjustPrivileges, AdjustGroups, AdjustDefault, AdjustSessionId, GenericRead, GenericWrite, GenericExecute, GenericAll, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, MaximumAllowed, AccessSystemSecurity</maml:para> </maml:description> <command:parameterValue required="true">TokenAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.TokenAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>0</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">AssignPrimary</command:parameterValue> <command:parameterValue required="false" variableLength="false">Duplicate</command:parameterValue> <command:parameterValue required="false" variableLength="false">Impersonate</command:parameterValue> <command:parameterValue required="false" variableLength="false">Query</command:parameterValue> <command:parameterValue required="false" variableLength="false">QuerySource</command:parameterValue> <command:parameterValue required="false" variableLength="false">AdjustPrivileges</command:parameterValue> <command:parameterValue required="false" variableLength="false">AdjustGroups</command:parameterValue> <command:parameterValue required="false" variableLength="false">AdjustDefault</command:parameterValue> <command:parameterValue required="false" variableLength="false">AdjustSessionId</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> <command:parameterValue required="false" variableLength="false">AccessSystemSecurity</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: AsGenericAccess --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ToGenericAccess"> <maml:name>AsGenericAccess</maml:name> <maml:description> <maml:para>Return access as GenericAccess.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: AsMandatoryLabelPolicy --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ToMandatoryLabelPolicy"> <maml:name>AsMandatoryLabelPolicy</maml:name> <maml:description> <maml:para>Return access as ManadatoryLabelPolicy.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: AsSDKString --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>AsSDKString</maml:name> <maml:description> <maml:para>Specify to output the access mask a string, using SDK names if available.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: AsSpecificAccess --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ToSpecificAccess"> <maml:name>AsSpecificAccess</maml:name> <maml:description> <maml:para>Return access as specific access type based on the type enumeration.</maml:para> <maml:para>Possible values: None, ALPCPort, DebugObject, Desktop, Directory, Event, File, Device, IoCompletion, Job, Key, Mutant, Partition, Process, RegistryTransaction, Section, Semaphore, Session, SymbolicLink, Thread, Token, TmTx, WindowStation, TmRm, TmEn, TmTm, Transaction, ResourceManager, Enlistment, TransactionManager, Service, SCM, DirectoryService, Audit</maml:para> </maml:description> <command:parameterValue required="true">SpecificAccessType</command:parameterValue> <dev:type> <maml:name>NtObjectManager.Cmdlets.Object.SpecificAccessType</maml:name> <maml:uri /> <maml:description> <maml:para>Enumeration for specific access type mapping.</maml:para> </maml:description> </dev:type> <dev:defaultValue>None</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">ALPCPort</command:parameterValue> <command:parameterValue required="false" variableLength="false">DebugObject</command:parameterValue> <command:parameterValue required="false" variableLength="false">Desktop</command:parameterValue> <command:parameterValue required="false" variableLength="false">Directory</command:parameterValue> <command:parameterValue required="false" variableLength="false">Event</command:parameterValue> <command:parameterValue required="false" variableLength="false">File</command:parameterValue> <command:parameterValue required="false" variableLength="false">Device</command:parameterValue> <command:parameterValue required="false" variableLength="false">IoCompletion</command:parameterValue> <command:parameterValue required="false" variableLength="false">Job</command:parameterValue> <command:parameterValue required="false" variableLength="false">Key</command:parameterValue> <command:parameterValue required="false" variableLength="false">Mutant</command:parameterValue> <command:parameterValue required="false" variableLength="false">Partition</command:parameterValue> <command:parameterValue required="false" variableLength="false">Process</command:parameterValue> <command:parameterValue required="false" variableLength="false">RegistryTransaction</command:parameterValue> <command:parameterValue required="false" variableLength="false">Section</command:parameterValue> <command:parameterValue required="false" variableLength="false">Semaphore</command:parameterValue> <command:parameterValue required="false" variableLength="false">Session</command:parameterValue> <command:parameterValue required="false" variableLength="false">SymbolicLink</command:parameterValue> <command:parameterValue required="false" variableLength="false">Thread</command:parameterValue> <command:parameterValue required="false" variableLength="false">Token</command:parameterValue> <command:parameterValue required="false" variableLength="false">TmTx</command:parameterValue> <command:parameterValue required="false" variableLength="false">WindowStation</command:parameterValue> <command:parameterValue required="false" variableLength="false">TmRm</command:parameterValue> <command:parameterValue required="false" variableLength="false">TmEn</command:parameterValue> <command:parameterValue required="false" variableLength="false">TmTm</command:parameterValue> <command:parameterValue required="false" variableLength="false">Transaction</command:parameterValue> <command:parameterValue required="false" variableLength="false">ResourceManager</command:parameterValue> <command:parameterValue required="false" variableLength="false">Enlistment</command:parameterValue> <command:parameterValue required="false" variableLength="false">TransactionManager</command:parameterValue> <command:parameterValue required="false" variableLength="false">Service</command:parameterValue> <command:parameterValue required="false" variableLength="false">SCM</command:parameterValue> <command:parameterValue required="false" variableLength="false">DirectoryService</command:parameterValue> <command:parameterValue required="false" variableLength="false">Audit</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: AsString --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>AsString</maml:name> <maml:description> <maml:para>Specify to output the access mask a string.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: AsTypeAccess --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ToTypeAccess"> <maml:name>AsTypeAccess</maml:name> <maml:description> <maml:para>Return access as specific access type based on the NtType object.</maml:para> </maml:description> <command:parameterValue required="true">NtType</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtType</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: GenericMapping --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>GenericMapping</maml:name> <maml:description> <maml:para>When specifying a Mandatory Label Policy specify GenericMapping to get the mandatory access.</maml:para> </maml:description> <command:parameterValue required="true">GenericMapping</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.GenericMapping</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: MapGenericRights --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>MapGenericRights</maml:name> <maml:description> <maml:para>Specify that any generic rights should be mapped to type specific rights.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> </command:syntaxItem> <!-- Parameter set: FromGeneric --> <command:syntaxItem> <maml:name>Get-NtAccessMask</maml:name> <!-- Parameter: GenericAccess --> <command:parameter required="true" globbing="false" pipelineInput="false" position="named"> <maml:name>GenericAccess</maml:name> <maml:description> <maml:para>Specify Generic access rights.</maml:para> <maml:para>Possible values: None, Access0, Access1, Access2, Access3, Access4, Access5, Access6, Access7, Access8, Access9, Access10, Access11, Access12, Access13, Access14, Access15, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, AccessSystemSecurity, MaximumAllowed, GenericAll, GenericExecute, GenericWrite, GenericRead</maml:para> </maml:description> <command:parameterValue required="true">GenericAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.GenericAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access0</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access1</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access2</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access3</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access4</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access5</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access6</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access7</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access8</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access9</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access10</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access11</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access12</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access13</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access14</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access15</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">AccessSystemSecurity</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: AsGenericAccess --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ToGenericAccess"> <maml:name>AsGenericAccess</maml:name> <maml:description> <maml:para>Return access as GenericAccess.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: AsMandatoryLabelPolicy --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ToMandatoryLabelPolicy"> <maml:name>AsMandatoryLabelPolicy</maml:name> <maml:description> <maml:para>Return access as ManadatoryLabelPolicy.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: AsSDKString --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>AsSDKString</maml:name> <maml:description> <maml:para>Specify to output the access mask a string, using SDK names if available.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: AsSpecificAccess --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ToSpecificAccess"> <maml:name>AsSpecificAccess</maml:name> <maml:description> <maml:para>Return access as specific access type based on the type enumeration.</maml:para> <maml:para>Possible values: None, ALPCPort, DebugObject, Desktop, Directory, Event, File, Device, IoCompletion, Job, Key, Mutant, Partition, Process, RegistryTransaction, Section, Semaphore, Session, SymbolicLink, Thread, Token, TmTx, WindowStation, TmRm, TmEn, TmTm, Transaction, ResourceManager, Enlistment, TransactionManager, Service, SCM, DirectoryService, Audit</maml:para> </maml:description> <command:parameterValue required="true">SpecificAccessType</command:parameterValue> <dev:type> <maml:name>NtObjectManager.Cmdlets.Object.SpecificAccessType</maml:name> <maml:uri /> <maml:description> <maml:para>Enumeration for specific access type mapping.</maml:para> </maml:description> </dev:type> <dev:defaultValue>None</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">ALPCPort</command:parameterValue> <command:parameterValue required="false" variableLength="false">DebugObject</command:parameterValue> <command:parameterValue required="false" variableLength="false">Desktop</command:parameterValue> <command:parameterValue required="false" variableLength="false">Directory</command:parameterValue> <command:parameterValue required="false" variableLength="false">Event</command:parameterValue> <command:parameterValue required="false" variableLength="false">File</command:parameterValue> <command:parameterValue required="false" variableLength="false">Device</command:parameterValue> <command:parameterValue required="false" variableLength="false">IoCompletion</command:parameterValue> <command:parameterValue required="false" variableLength="false">Job</command:parameterValue> <command:parameterValue required="false" variableLength="false">Key</command:parameterValue> <command:parameterValue required="false" variableLength="false">Mutant</command:parameterValue> <command:parameterValue required="false" variableLength="false">Partition</command:parameterValue> <command:parameterValue required="false" variableLength="false">Process</command:parameterValue> <command:parameterValue required="false" variableLength="false">RegistryTransaction</command:parameterValue> <command:parameterValue required="false" variableLength="false">Section</command:parameterValue> <command:parameterValue required="false" variableLength="false">Semaphore</command:parameterValue> <command:parameterValue required="false" variableLength="false">Session</command:parameterValue> <command:parameterValue required="false" variableLength="false">SymbolicLink</command:parameterValue> <command:parameterValue required="false" variableLength="false">Thread</command:parameterValue> <command:parameterValue required="false" variableLength="false">Token</command:parameterValue> <command:parameterValue required="false" variableLength="false">TmTx</command:parameterValue> <command:parameterValue required="false" variableLength="false">WindowStation</command:parameterValue> <command:parameterValue required="false" variableLength="false">TmRm</command:parameterValue> <command:parameterValue required="false" variableLength="false">TmEn</command:parameterValue> <command:parameterValue required="false" variableLength="false">TmTm</command:parameterValue> <command:parameterValue required="false" variableLength="false">Transaction</command:parameterValue> <command:parameterValue required="false" variableLength="false">ResourceManager</command:parameterValue> <command:parameterValue required="false" variableLength="false">Enlistment</command:parameterValue> <command:parameterValue required="false" variableLength="false">TransactionManager</command:parameterValue> <command:parameterValue required="false" variableLength="false">Service</command:parameterValue> <command:parameterValue required="false" variableLength="false">SCM</command:parameterValue> <command:parameterValue required="false" variableLength="false">DirectoryService</command:parameterValue> <command:parameterValue required="false" variableLength="false">Audit</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: AsString --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>AsString</maml:name> <maml:description> <maml:para>Specify to output the access mask a string.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: AsTypeAccess --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ToTypeAccess"> <maml:name>AsTypeAccess</maml:name> <maml:description> <maml:para>Return access as specific access type based on the NtType object.</maml:para> </maml:description> <command:parameterValue required="true">NtType</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtType</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: GenericMapping --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>GenericMapping</maml:name> <maml:description> <maml:para>When specifying a Mandatory Label Policy specify GenericMapping to get the mandatory access.</maml:para> </maml:description> <command:parameterValue required="true">GenericMapping</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.GenericMapping</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: MapGenericRights --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>MapGenericRights</maml:name> <maml:description> <maml:para>Specify that any generic rights should be mapped to type specific rights.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> </command:syntaxItem> <!-- Parameter set: FromDirectory --> <command:syntaxItem> <maml:name>Get-NtAccessMask</maml:name> <!-- Parameter: DirectoryAccess --> <command:parameter required="true" globbing="false" pipelineInput="false" position="named"> <maml:name>DirectoryAccess</maml:name> <maml:description> <maml:para>Specify Directory access rights.</maml:para> <maml:para>Possible values: Query, Traverse, CreateObject, CreateSubDirectory, GenericRead, GenericWrite, GenericExecute, GenericAll, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, MaximumAllowed, AccessSystemSecurity</maml:para> </maml:description> <command:parameterValue required="true">DirectoryAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.DirectoryAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>0</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">Query</command:parameterValue> <command:parameterValue required="false" variableLength="false">Traverse</command:parameterValue> <command:parameterValue required="false" variableLength="false">CreateObject</command:parameterValue> <command:parameterValue required="false" variableLength="false">CreateSubDirectory</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> <command:parameterValue required="false" variableLength="false">AccessSystemSecurity</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: AsGenericAccess --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ToGenericAccess"> <maml:name>AsGenericAccess</maml:name> <maml:description> <maml:para>Return access as GenericAccess.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: AsMandatoryLabelPolicy --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ToMandatoryLabelPolicy"> <maml:name>AsMandatoryLabelPolicy</maml:name> <maml:description> <maml:para>Return access as ManadatoryLabelPolicy.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: AsSDKString --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>AsSDKString</maml:name> <maml:description> <maml:para>Specify to output the access mask a string, using SDK names if available.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: AsSpecificAccess --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ToSpecificAccess"> <maml:name>AsSpecificAccess</maml:name> <maml:description> <maml:para>Return access as specific access type based on the type enumeration.</maml:para> <maml:para>Possible values: None, ALPCPort, DebugObject, Desktop, Directory, Event, File, Device, IoCompletion, Job, Key, Mutant, Partition, Process, RegistryTransaction, Section, Semaphore, Session, SymbolicLink, Thread, Token, TmTx, WindowStation, TmRm, TmEn, TmTm, Transaction, ResourceManager, Enlistment, TransactionManager, Service, SCM, DirectoryService, Audit</maml:para> </maml:description> <command:parameterValue required="true">SpecificAccessType</command:parameterValue> <dev:type> <maml:name>NtObjectManager.Cmdlets.Object.SpecificAccessType</maml:name> <maml:uri /> <maml:description> <maml:para>Enumeration for specific access type mapping.</maml:para> </maml:description> </dev:type> <dev:defaultValue>None</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">ALPCPort</command:parameterValue> <command:parameterValue required="false" variableLength="false">DebugObject</command:parameterValue> <command:parameterValue required="false" variableLength="false">Desktop</command:parameterValue> <command:parameterValue required="false" variableLength="false">Directory</command:parameterValue> <command:parameterValue required="false" variableLength="false">Event</command:parameterValue> <command:parameterValue required="false" variableLength="false">File</command:parameterValue> <command:parameterValue required="false" variableLength="false">Device</command:parameterValue> <command:parameterValue required="false" variableLength="false">IoCompletion</command:parameterValue> <command:parameterValue required="false" variableLength="false">Job</command:parameterValue> <command:parameterValue required="false" variableLength="false">Key</command:parameterValue> <command:parameterValue required="false" variableLength="false">Mutant</command:parameterValue> <command:parameterValue required="false" variableLength="false">Partition</command:parameterValue> <command:parameterValue required="false" variableLength="false">Process</command:parameterValue> <command:parameterValue required="false" variableLength="false">RegistryTransaction</command:parameterValue> <command:parameterValue required="false" variableLength="false">Section</command:parameterValue> <command:parameterValue required="false" variableLength="false">Semaphore</command:parameterValue> <command:parameterValue required="false" variableLength="false">Session</command:parameterValue> <command:parameterValue required="false" variableLength="false">SymbolicLink</command:parameterValue> <command:parameterValue required="false" variableLength="false">Thread</command:parameterValue> <command:parameterValue required="false" variableLength="false">Token</command:parameterValue> <command:parameterValue required="false" variableLength="false">TmTx</command:parameterValue> <command:parameterValue required="false" variableLength="false">WindowStation</command:parameterValue> <command:parameterValue required="false" variableLength="false">TmRm</command:parameterValue> <command:parameterValue required="false" variableLength="false">TmEn</command:parameterValue> <command:parameterValue required="false" variableLength="false">TmTm</command:parameterValue> <command:parameterValue required="false" variableLength="false">Transaction</command:parameterValue> <command:parameterValue required="false" variableLength="false">ResourceManager</command:parameterValue> <command:parameterValue required="false" variableLength="false">Enlistment</command:parameterValue> <command:parameterValue required="false" variableLength="false">TransactionManager</command:parameterValue> <command:parameterValue required="false" variableLength="false">Service</command:parameterValue> <command:parameterValue required="false" variableLength="false">SCM</command:parameterValue> <command:parameterValue required="false" variableLength="false">DirectoryService</command:parameterValue> <command:parameterValue required="false" variableLength="false">Audit</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: AsString --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>AsString</maml:name> <maml:description> <maml:para>Specify to output the access mask a string.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: AsTypeAccess --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ToTypeAccess"> <maml:name>AsTypeAccess</maml:name> <maml:description> <maml:para>Return access as specific access type based on the NtType object.</maml:para> </maml:description> <command:parameterValue required="true">NtType</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtType</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: GenericMapping --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>GenericMapping</maml:name> <maml:description> <maml:para>When specifying a Mandatory Label Policy specify GenericMapping to get the mandatory access.</maml:para> </maml:description> <command:parameterValue required="true">GenericMapping</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.GenericMapping</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: MapGenericRights --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>MapGenericRights</maml:name> <maml:description> <maml:para>Specify that any generic rights should be mapped to type specific rights.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> </command:syntaxItem> <!-- Parameter set: FromThread --> <command:syntaxItem> <maml:name>Get-NtAccessMask</maml:name> <!-- Parameter: ThreadAccess --> <command:parameter required="true" globbing="false" pipelineInput="false" position="named"> <maml:name>ThreadAccess</maml:name> <maml:description> <maml:para>Specify Thread access rights.</maml:para> <maml:para>Possible values: Terminate, SuspendResume, Alert, GetContext, SetContext, SetInformation, QueryInformation, SetThreadToken, Impersonate, DirectImpersonation, SetLimitedInformation, QueryLimitedInformation, Resume, AllAccess, GenericRead, GenericWrite, GenericExecute, GenericAll, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, MaximumAllowed, AccessSystemSecurity</maml:para> </maml:description> <command:parameterValue required="true">ThreadAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.ThreadAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>0</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">Terminate</command:parameterValue> <command:parameterValue required="false" variableLength="false">SuspendResume</command:parameterValue> <command:parameterValue required="false" variableLength="false">Alert</command:parameterValue> <command:parameterValue required="false" variableLength="false">GetContext</command:parameterValue> <command:parameterValue required="false" variableLength="false">SetContext</command:parameterValue> <command:parameterValue required="false" variableLength="false">SetInformation</command:parameterValue> <command:parameterValue required="false" variableLength="false">QueryInformation</command:parameterValue> <command:parameterValue required="false" variableLength="false">SetThreadToken</command:parameterValue> <command:parameterValue required="false" variableLength="false">Impersonate</command:parameterValue> <command:parameterValue required="false" variableLength="false">DirectImpersonation</command:parameterValue> <command:parameterValue required="false" variableLength="false">SetLimitedInformation</command:parameterValue> <command:parameterValue required="false" variableLength="false">QueryLimitedInformation</command:parameterValue> <command:parameterValue required="false" variableLength="false">Resume</command:parameterValue> <command:parameterValue required="false" variableLength="false">AllAccess</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> <command:parameterValue required="false" variableLength="false">AccessSystemSecurity</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: AsGenericAccess --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ToGenericAccess"> <maml:name>AsGenericAccess</maml:name> <maml:description> <maml:para>Return access as GenericAccess.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: AsMandatoryLabelPolicy --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ToMandatoryLabelPolicy"> <maml:name>AsMandatoryLabelPolicy</maml:name> <maml:description> <maml:para>Return access as ManadatoryLabelPolicy.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: AsSDKString --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>AsSDKString</maml:name> <maml:description> <maml:para>Specify to output the access mask a string, using SDK names if available.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: AsSpecificAccess --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ToSpecificAccess"> <maml:name>AsSpecificAccess</maml:name> <maml:description> <maml:para>Return access as specific access type based on the type enumeration.</maml:para> <maml:para>Possible values: None, ALPCPort, DebugObject, Desktop, Directory, Event, File, Device, IoCompletion, Job, Key, Mutant, Partition, Process, RegistryTransaction, Section, Semaphore, Session, SymbolicLink, Thread, Token, TmTx, WindowStation, TmRm, TmEn, TmTm, Transaction, ResourceManager, Enlistment, TransactionManager, Service, SCM, DirectoryService, Audit</maml:para> </maml:description> <command:parameterValue required="true">SpecificAccessType</command:parameterValue> <dev:type> <maml:name>NtObjectManager.Cmdlets.Object.SpecificAccessType</maml:name> <maml:uri /> <maml:description> <maml:para>Enumeration for specific access type mapping.</maml:para> </maml:description> </dev:type> <dev:defaultValue>None</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">ALPCPort</command:parameterValue> <command:parameterValue required="false" variableLength="false">DebugObject</command:parameterValue> <command:parameterValue required="false" variableLength="false">Desktop</command:parameterValue> <command:parameterValue required="false" variableLength="false">Directory</command:parameterValue> <command:parameterValue required="false" variableLength="false">Event</command:parameterValue> <command:parameterValue required="false" variableLength="false">File</command:parameterValue> <command:parameterValue required="false" variableLength="false">Device</command:parameterValue> <command:parameterValue required="false" variableLength="false">IoCompletion</command:parameterValue> <command:parameterValue required="false" variableLength="false">Job</command:parameterValue> <command:parameterValue required="false" variableLength="false">Key</command:parameterValue> <command:parameterValue required="false" variableLength="false">Mutant</command:parameterValue> <command:parameterValue required="false" variableLength="false">Partition</command:parameterValue> <command:parameterValue required="false" variableLength="false">Process</command:parameterValue> <command:parameterValue required="false" variableLength="false">RegistryTransaction</command:parameterValue> <command:parameterValue required="false" variableLength="false">Section</command:parameterValue> <command:parameterValue required="false" variableLength="false">Semaphore</command:parameterValue> <command:parameterValue required="false" variableLength="false">Session</command:parameterValue> <command:parameterValue required="false" variableLength="false">SymbolicLink</command:parameterValue> <command:parameterValue required="false" variableLength="false">Thread</command:parameterValue> <command:parameterValue required="false" variableLength="false">Token</command:parameterValue> <command:parameterValue required="false" variableLength="false">TmTx</command:parameterValue> <command:parameterValue required="false" variableLength="false">WindowStation</command:parameterValue> <command:parameterValue required="false" variableLength="false">TmRm</command:parameterValue> <command:parameterValue required="false" variableLength="false">TmEn</command:parameterValue> <command:parameterValue required="false" variableLength="false">TmTm</command:parameterValue> <command:parameterValue required="false" variableLength="false">Transaction</command:parameterValue> <command:parameterValue required="false" variableLength="false">ResourceManager</command:parameterValue> <command:parameterValue required="false" variableLength="false">Enlistment</command:parameterValue> <command:parameterValue required="false" variableLength="false">TransactionManager</command:parameterValue> <command:parameterValue required="false" variableLength="false">Service</command:parameterValue> <command:parameterValue required="false" variableLength="false">SCM</command:parameterValue> <command:parameterValue required="false" variableLength="false">DirectoryService</command:parameterValue> <command:parameterValue required="false" variableLength="false">Audit</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: AsString --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>AsString</maml:name> <maml:description> <maml:para>Specify to output the access mask a string.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: AsTypeAccess --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ToTypeAccess"> <maml:name>AsTypeAccess</maml:name> <maml:description> <maml:para>Return access as specific access type based on the NtType object.</maml:para> </maml:description> <command:parameterValue required="true">NtType</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtType</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: GenericMapping --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>GenericMapping</maml:name> <maml:description> <maml:para>When specifying a Mandatory Label Policy specify GenericMapping to get the mandatory access.</maml:para> </maml:description> <command:parameterValue required="true">GenericMapping</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.GenericMapping</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: MapGenericRights --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>MapGenericRights</maml:name> <maml:description> <maml:para>Specify that any generic rights should be mapped to type specific rights.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> </command:syntaxItem> <!-- Parameter set: FromDebugObject --> <command:syntaxItem> <maml:name>Get-NtAccessMask</maml:name> <!-- Parameter: DebugObjectAccess --> <command:parameter required="true" globbing="false" pipelineInput="false" position="named"> <maml:name>DebugObjectAccess</maml:name> <maml:description> <maml:para>Specify Debug Object access rights.</maml:para> <maml:para>Possible values: ReadEvent, ProcessAssign, SetInformation, QueryInformation, GenericRead, GenericWrite, GenericExecute, GenericAll, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, MaximumAllowed, AccessSystemSecurity</maml:para> </maml:description> <command:parameterValue required="true">DebugAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.DebugAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>0</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">ReadEvent</command:parameterValue> <command:parameterValue required="false" variableLength="false">ProcessAssign</command:parameterValue> <command:parameterValue required="false" variableLength="false">SetInformation</command:parameterValue> <command:parameterValue required="false" variableLength="false">QueryInformation</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> <command:parameterValue required="false" variableLength="false">AccessSystemSecurity</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: AsGenericAccess --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ToGenericAccess"> <maml:name>AsGenericAccess</maml:name> <maml:description> <maml:para>Return access as GenericAccess.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: AsMandatoryLabelPolicy --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ToMandatoryLabelPolicy"> <maml:name>AsMandatoryLabelPolicy</maml:name> <maml:description> <maml:para>Return access as ManadatoryLabelPolicy.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: AsSDKString --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>AsSDKString</maml:name> <maml:description> <maml:para>Specify to output the access mask a string, using SDK names if available.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: AsSpecificAccess --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ToSpecificAccess"> <maml:name>AsSpecificAccess</maml:name> <maml:description> <maml:para>Return access as specific access type based on the type enumeration.</maml:para> <maml:para>Possible values: None, ALPCPort, DebugObject, Desktop, Directory, Event, File, Device, IoCompletion, Job, Key, Mutant, Partition, Process, RegistryTransaction, Section, Semaphore, Session, SymbolicLink, Thread, Token, TmTx, WindowStation, TmRm, TmEn, TmTm, Transaction, ResourceManager, Enlistment, TransactionManager, Service, SCM, DirectoryService, Audit</maml:para> </maml:description> <command:parameterValue required="true">SpecificAccessType</command:parameterValue> <dev:type> <maml:name>NtObjectManager.Cmdlets.Object.SpecificAccessType</maml:name> <maml:uri /> <maml:description> <maml:para>Enumeration for specific access type mapping.</maml:para> </maml:description> </dev:type> <dev:defaultValue>None</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">ALPCPort</command:parameterValue> <command:parameterValue required="false" variableLength="false">DebugObject</command:parameterValue> <command:parameterValue required="false" variableLength="false">Desktop</command:parameterValue> <command:parameterValue required="false" variableLength="false">Directory</command:parameterValue> <command:parameterValue required="false" variableLength="false">Event</command:parameterValue> <command:parameterValue required="false" variableLength="false">File</command:parameterValue> <command:parameterValue required="false" variableLength="false">Device</command:parameterValue> <command:parameterValue required="false" variableLength="false">IoCompletion</command:parameterValue> <command:parameterValue required="false" variableLength="false">Job</command:parameterValue> <command:parameterValue required="false" variableLength="false">Key</command:parameterValue> <command:parameterValue required="false" variableLength="false">Mutant</command:parameterValue> <command:parameterValue required="false" variableLength="false">Partition</command:parameterValue> <command:parameterValue required="false" variableLength="false">Process</command:parameterValue> <command:parameterValue required="false" variableLength="false">RegistryTransaction</command:parameterValue> <command:parameterValue required="false" variableLength="false">Section</command:parameterValue> <command:parameterValue required="false" variableLength="false">Semaphore</command:parameterValue> <command:parameterValue required="false" variableLength="false">Session</command:parameterValue> <command:parameterValue required="false" variableLength="false">SymbolicLink</command:parameterValue> <command:parameterValue required="false" variableLength="false">Thread</command:parameterValue> <command:parameterValue required="false" variableLength="false">Token</command:parameterValue> <command:parameterValue required="false" variableLength="false">TmTx</command:parameterValue> <command:parameterValue required="false" variableLength="false">WindowStation</command:parameterValue> <command:parameterValue required="false" variableLength="false">TmRm</command:parameterValue> <command:parameterValue required="false" variableLength="false">TmEn</command:parameterValue> <command:parameterValue required="false" variableLength="false">TmTm</command:parameterValue> <command:parameterValue required="false" variableLength="false">Transaction</command:parameterValue> <command:parameterValue required="false" variableLength="false">ResourceManager</command:parameterValue> <command:parameterValue required="false" variableLength="false">Enlistment</command:parameterValue> <command:parameterValue required="false" variableLength="false">TransactionManager</command:parameterValue> <command:parameterValue required="false" variableLength="false">Service</command:parameterValue> <command:parameterValue required="false" variableLength="false">SCM</command:parameterValue> <command:parameterValue required="false" variableLength="false">DirectoryService</command:parameterValue> <command:parameterValue required="false" variableLength="false">Audit</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: AsString --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>AsString</maml:name> <maml:description> <maml:para>Specify to output the access mask a string.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: AsTypeAccess --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ToTypeAccess"> <maml:name>AsTypeAccess</maml:name> <maml:description> <maml:para>Return access as specific access type based on the NtType object.</maml:para> </maml:description> <command:parameterValue required="true">NtType</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtType</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: GenericMapping --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>GenericMapping</maml:name> <maml:description> <maml:para>When specifying a Mandatory Label Policy specify GenericMapping to get the mandatory access.</maml:para> </maml:description> <command:parameterValue required="true">GenericMapping</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.GenericMapping</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: MapGenericRights --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>MapGenericRights</maml:name> <maml:description> <maml:para>Specify that any generic rights should be mapped to type specific rights.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> </command:syntaxItem> <!-- Parameter set: FromJob --> <command:syntaxItem> <maml:name>Get-NtAccessMask</maml:name> <!-- Parameter: JobAccess --> <command:parameter required="true" globbing="false" pipelineInput="false" position="named"> <maml:name>JobAccess</maml:name> <maml:description> <maml:para>Specify Job access rights.</maml:para> <maml:para>Possible values: None, AssignProcess, SetAttributes, Query, Terminate, SetSecurityAttributes, Impersonate, GenericRead, GenericWrite, GenericExecute, GenericAll, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, MaximumAllowed, AccessSystemSecurity</maml:para> </maml:description> <command:parameterValue required="true">JobAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.JobAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">AssignProcess</command:parameterValue> <command:parameterValue required="false" variableLength="false">SetAttributes</command:parameterValue> <command:parameterValue required="false" variableLength="false">Query</command:parameterValue> <command:parameterValue required="false" variableLength="false">Terminate</command:parameterValue> <command:parameterValue required="false" variableLength="false">SetSecurityAttributes</command:parameterValue> <command:parameterValue required="false" variableLength="false">Impersonate</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> <command:parameterValue required="false" variableLength="false">AccessSystemSecurity</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: AsGenericAccess --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ToGenericAccess"> <maml:name>AsGenericAccess</maml:name> <maml:description> <maml:para>Return access as GenericAccess.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: AsMandatoryLabelPolicy --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ToMandatoryLabelPolicy"> <maml:name>AsMandatoryLabelPolicy</maml:name> <maml:description> <maml:para>Return access as ManadatoryLabelPolicy.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: AsSDKString --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>AsSDKString</maml:name> <maml:description> <maml:para>Specify to output the access mask a string, using SDK names if available.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: AsSpecificAccess --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ToSpecificAccess"> <maml:name>AsSpecificAccess</maml:name> <maml:description> <maml:para>Return access as specific access type based on the type enumeration.</maml:para> <maml:para>Possible values: None, ALPCPort, DebugObject, Desktop, Directory, Event, File, Device, IoCompletion, Job, Key, Mutant, Partition, Process, RegistryTransaction, Section, Semaphore, Session, SymbolicLink, Thread, Token, TmTx, WindowStation, TmRm, TmEn, TmTm, Transaction, ResourceManager, Enlistment, TransactionManager, Service, SCM, DirectoryService, Audit</maml:para> </maml:description> <command:parameterValue required="true">SpecificAccessType</command:parameterValue> <dev:type> <maml:name>NtObjectManager.Cmdlets.Object.SpecificAccessType</maml:name> <maml:uri /> <maml:description> <maml:para>Enumeration for specific access type mapping.</maml:para> </maml:description> </dev:type> <dev:defaultValue>None</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">ALPCPort</command:parameterValue> <command:parameterValue required="false" variableLength="false">DebugObject</command:parameterValue> <command:parameterValue required="false" variableLength="false">Desktop</command:parameterValue> <command:parameterValue required="false" variableLength="false">Directory</command:parameterValue> <command:parameterValue required="false" variableLength="false">Event</command:parameterValue> <command:parameterValue required="false" variableLength="false">File</command:parameterValue> <command:parameterValue required="false" variableLength="false">Device</command:parameterValue> <command:parameterValue required="false" variableLength="false">IoCompletion</command:parameterValue> <command:parameterValue required="false" variableLength="false">Job</command:parameterValue> <command:parameterValue required="false" variableLength="false">Key</command:parameterValue> <command:parameterValue required="false" variableLength="false">Mutant</command:parameterValue> <command:parameterValue required="false" variableLength="false">Partition</command:parameterValue> <command:parameterValue required="false" variableLength="false">Process</command:parameterValue> <command:parameterValue required="false" variableLength="false">RegistryTransaction</command:parameterValue> <command:parameterValue required="false" variableLength="false">Section</command:parameterValue> <command:parameterValue required="false" variableLength="false">Semaphore</command:parameterValue> <command:parameterValue required="false" variableLength="false">Session</command:parameterValue> <command:parameterValue required="false" variableLength="false">SymbolicLink</command:parameterValue> <command:parameterValue required="false" variableLength="false">Thread</command:parameterValue> <command:parameterValue required="false" variableLength="false">Token</command:parameterValue> <command:parameterValue required="false" variableLength="false">TmTx</command:parameterValue> <command:parameterValue required="false" variableLength="false">WindowStation</command:parameterValue> <command:parameterValue required="false" variableLength="false">TmRm</command:parameterValue> <command:parameterValue required="false" variableLength="false">TmEn</command:parameterValue> <command:parameterValue required="false" variableLength="false">TmTm</command:parameterValue> <command:parameterValue required="false" variableLength="false">Transaction</command:parameterValue> <command:parameterValue required="false" variableLength="false">ResourceManager</command:parameterValue> <command:parameterValue required="false" variableLength="false">Enlistment</command:parameterValue> <command:parameterValue required="false" variableLength="false">TransactionManager</command:parameterValue> <command:parameterValue required="false" variableLength="false">Service</command:parameterValue> <command:parameterValue required="false" variableLength="false">SCM</command:parameterValue> <command:parameterValue required="false" variableLength="false">DirectoryService</command:parameterValue> <command:parameterValue required="false" variableLength="false">Audit</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: AsString --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>AsString</maml:name> <maml:description> <maml:para>Specify to output the access mask a string.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: AsTypeAccess --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ToTypeAccess"> <maml:name>AsTypeAccess</maml:name> <maml:description> <maml:para>Return access as specific access type based on the NtType object.</maml:para> </maml:description> <command:parameterValue required="true">NtType</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtType</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: GenericMapping --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>GenericMapping</maml:name> <maml:description> <maml:para>When specifying a Mandatory Label Policy specify GenericMapping to get the mandatory access.</maml:para> </maml:description> <command:parameterValue required="true">GenericMapping</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.GenericMapping</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: MapGenericRights --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>MapGenericRights</maml:name> <maml:description> <maml:para>Specify that any generic rights should be mapped to type specific rights.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> </command:syntaxItem> <!-- Parameter set: FromProcess --> <command:syntaxItem> <maml:name>Get-NtAccessMask</maml:name> <!-- Parameter: ProcessAccess --> <command:parameter required="true" globbing="false" pipelineInput="false" position="named"> <maml:name>ProcessAccess</maml:name> <maml:description> <maml:para>Specify Process access rights.</maml:para> <maml:para>Possible values: None, Terminate, CreateThread, SetSessionId, VmOperation, VmRead, VmWrite, DupHandle, CreateProcess, SetQuota, SetInformation, QueryInformation, SuspendResume, QueryLimitedInformation, SetLimitedInformation, AllAccess, GenericRead, GenericWrite, GenericExecute, GenericAll, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, MaximumAllowed, AccessSystemSecurity</maml:para> </maml:description> <command:parameterValue required="true">ProcessAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.ProcessAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">Terminate</command:parameterValue> <command:parameterValue required="false" variableLength="false">CreateThread</command:parameterValue> <command:parameterValue required="false" variableLength="false">SetSessionId</command:parameterValue> <command:parameterValue required="false" variableLength="false">VmOperation</command:parameterValue> <command:parameterValue required="false" variableLength="false">VmRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">VmWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">DupHandle</command:parameterValue> <command:parameterValue required="false" variableLength="false">CreateProcess</command:parameterValue> <command:parameterValue required="false" variableLength="false">SetQuota</command:parameterValue> <command:parameterValue required="false" variableLength="false">SetInformation</command:parameterValue> <command:parameterValue required="false" variableLength="false">QueryInformation</command:parameterValue> <command:parameterValue required="false" variableLength="false">SuspendResume</command:parameterValue> <command:parameterValue required="false" variableLength="false">QueryLimitedInformation</command:parameterValue> <command:parameterValue required="false" variableLength="false">SetLimitedInformation</command:parameterValue> <command:parameterValue required="false" variableLength="false">AllAccess</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> <command:parameterValue required="false" variableLength="false">AccessSystemSecurity</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: AsGenericAccess --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ToGenericAccess"> <maml:name>AsGenericAccess</maml:name> <maml:description> <maml:para>Return access as GenericAccess.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: AsMandatoryLabelPolicy --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ToMandatoryLabelPolicy"> <maml:name>AsMandatoryLabelPolicy</maml:name> <maml:description> <maml:para>Return access as ManadatoryLabelPolicy.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: AsSDKString --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>AsSDKString</maml:name> <maml:description> <maml:para>Specify to output the access mask a string, using SDK names if available.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: AsSpecificAccess --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ToSpecificAccess"> <maml:name>AsSpecificAccess</maml:name> <maml:description> <maml:para>Return access as specific access type based on the type enumeration.</maml:para> <maml:para>Possible values: None, ALPCPort, DebugObject, Desktop, Directory, Event, File, Device, IoCompletion, Job, Key, Mutant, Partition, Process, RegistryTransaction, Section, Semaphore, Session, SymbolicLink, Thread, Token, TmTx, WindowStation, TmRm, TmEn, TmTm, Transaction, ResourceManager, Enlistment, TransactionManager, Service, SCM, DirectoryService, Audit</maml:para> </maml:description> <command:parameterValue required="true">SpecificAccessType</command:parameterValue> <dev:type> <maml:name>NtObjectManager.Cmdlets.Object.SpecificAccessType</maml:name> <maml:uri /> <maml:description> <maml:para>Enumeration for specific access type mapping.</maml:para> </maml:description> </dev:type> <dev:defaultValue>None</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">ALPCPort</command:parameterValue> <command:parameterValue required="false" variableLength="false">DebugObject</command:parameterValue> <command:parameterValue required="false" variableLength="false">Desktop</command:parameterValue> <command:parameterValue required="false" variableLength="false">Directory</command:parameterValue> <command:parameterValue required="false" variableLength="false">Event</command:parameterValue> <command:parameterValue required="false" variableLength="false">File</command:parameterValue> <command:parameterValue required="false" variableLength="false">Device</command:parameterValue> <command:parameterValue required="false" variableLength="false">IoCompletion</command:parameterValue> <command:parameterValue required="false" variableLength="false">Job</command:parameterValue> <command:parameterValue required="false" variableLength="false">Key</command:parameterValue> <command:parameterValue required="false" variableLength="false">Mutant</command:parameterValue> <command:parameterValue required="false" variableLength="false">Partition</command:parameterValue> <command:parameterValue required="false" variableLength="false">Process</command:parameterValue> <command:parameterValue required="false" variableLength="false">RegistryTransaction</command:parameterValue> <command:parameterValue required="false" variableLength="false">Section</command:parameterValue> <command:parameterValue required="false" variableLength="false">Semaphore</command:parameterValue> <command:parameterValue required="false" variableLength="false">Session</command:parameterValue> <command:parameterValue required="false" variableLength="false">SymbolicLink</command:parameterValue> <command:parameterValue required="false" variableLength="false">Thread</command:parameterValue> <command:parameterValue required="false" variableLength="false">Token</command:parameterValue> <command:parameterValue required="false" variableLength="false">TmTx</command:parameterValue> <command:parameterValue required="false" variableLength="false">WindowStation</command:parameterValue> <command:parameterValue required="false" variableLength="false">TmRm</command:parameterValue> <command:parameterValue required="false" variableLength="false">TmEn</command:parameterValue> <command:parameterValue required="false" variableLength="false">TmTm</command:parameterValue> <command:parameterValue required="false" variableLength="false">Transaction</command:parameterValue> <command:parameterValue required="false" variableLength="false">ResourceManager</command:parameterValue> <command:parameterValue required="false" variableLength="false">Enlistment</command:parameterValue> <command:parameterValue required="false" variableLength="false">TransactionManager</command:parameterValue> <command:parameterValue required="false" variableLength="false">Service</command:parameterValue> <command:parameterValue required="false" variableLength="false">SCM</command:parameterValue> <command:parameterValue required="false" variableLength="false">DirectoryService</command:parameterValue> <command:parameterValue required="false" variableLength="false">Audit</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: AsString --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>AsString</maml:name> <maml:description> <maml:para>Specify to output the access mask a string.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: AsTypeAccess --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ToTypeAccess"> <maml:name>AsTypeAccess</maml:name> <maml:description> <maml:para>Return access as specific access type based on the NtType object.</maml:para> </maml:description> <command:parameterValue required="true">NtType</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtType</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: GenericMapping --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>GenericMapping</maml:name> <maml:description> <maml:para>When specifying a Mandatory Label Policy specify GenericMapping to get the mandatory access.</maml:para> </maml:description> <command:parameterValue required="true">GenericMapping</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.GenericMapping</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: MapGenericRights --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>MapGenericRights</maml:name> <maml:description> <maml:para>Specify that any generic rights should be mapped to type specific rights.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> </command:syntaxItem> <!-- Parameter set: FromTransaction --> <command:syntaxItem> <maml:name>Get-NtAccessMask</maml:name> <!-- Parameter: TransactionAccess --> <command:parameter required="true" globbing="false" pipelineInput="false" position="named"> <maml:name>TransactionAccess</maml:name> <maml:description> <maml:para>Specify transaction access rights.</maml:para> <maml:para>Possible values: QueryInformation, SetInformation, Enlist, Commit, Rollback, Propagate, RightReserved1, GenericRead, GenericWrite, GenericExecute, GenericAll, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, MaximumAllowed, AccessSystemSecurity</maml:para> </maml:description> <command:parameterValue required="true">TransactionAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.TransactionAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>0</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">QueryInformation</command:parameterValue> <command:parameterValue required="false" variableLength="false">SetInformation</command:parameterValue> <command:parameterValue required="false" variableLength="false">Enlist</command:parameterValue> <command:parameterValue required="false" variableLength="false">Commit</command:parameterValue> <command:parameterValue required="false" variableLength="false">Rollback</command:parameterValue> <command:parameterValue required="false" variableLength="false">Propagate</command:parameterValue> <command:parameterValue required="false" variableLength="false">RightReserved1</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> <command:parameterValue required="false" variableLength="false">AccessSystemSecurity</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: AsGenericAccess --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ToGenericAccess"> <maml:name>AsGenericAccess</maml:name> <maml:description> <maml:para>Return access as GenericAccess.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: AsMandatoryLabelPolicy --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ToMandatoryLabelPolicy"> <maml:name>AsMandatoryLabelPolicy</maml:name> <maml:description> <maml:para>Return access as ManadatoryLabelPolicy.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: AsSDKString --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>AsSDKString</maml:name> <maml:description> <maml:para>Specify to output the access mask a string, using SDK names if available.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: AsSpecificAccess --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ToSpecificAccess"> <maml:name>AsSpecificAccess</maml:name> <maml:description> <maml:para>Return access as specific access type based on the type enumeration.</maml:para> <maml:para>Possible values: None, ALPCPort, DebugObject, Desktop, Directory, Event, File, Device, IoCompletion, Job, Key, Mutant, Partition, Process, RegistryTransaction, Section, Semaphore, Session, SymbolicLink, Thread, Token, TmTx, WindowStation, TmRm, TmEn, TmTm, Transaction, ResourceManager, Enlistment, TransactionManager, Service, SCM, DirectoryService, Audit</maml:para> </maml:description> <command:parameterValue required="true">SpecificAccessType</command:parameterValue> <dev:type> <maml:name>NtObjectManager.Cmdlets.Object.SpecificAccessType</maml:name> <maml:uri /> <maml:description> <maml:para>Enumeration for specific access type mapping.</maml:para> </maml:description> </dev:type> <dev:defaultValue>None</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">ALPCPort</command:parameterValue> <command:parameterValue required="false" variableLength="false">DebugObject</command:parameterValue> <command:parameterValue required="false" variableLength="false">Desktop</command:parameterValue> <command:parameterValue required="false" variableLength="false">Directory</command:parameterValue> <command:parameterValue required="false" variableLength="false">Event</command:parameterValue> <command:parameterValue required="false" variableLength="false">File</command:parameterValue> <command:parameterValue required="false" variableLength="false">Device</command:parameterValue> <command:parameterValue required="false" variableLength="false">IoCompletion</command:parameterValue> <command:parameterValue required="false" variableLength="false">Job</command:parameterValue> <command:parameterValue required="false" variableLength="false">Key</command:parameterValue> <command:parameterValue required="false" variableLength="false">Mutant</command:parameterValue> <command:parameterValue required="false" variableLength="false">Partition</command:parameterValue> <command:parameterValue required="false" variableLength="false">Process</command:parameterValue> <command:parameterValue required="false" variableLength="false">RegistryTransaction</command:parameterValue> <command:parameterValue required="false" variableLength="false">Section</command:parameterValue> <command:parameterValue required="false" variableLength="false">Semaphore</command:parameterValue> <command:parameterValue required="false" variableLength="false">Session</command:parameterValue> <command:parameterValue required="false" variableLength="false">SymbolicLink</command:parameterValue> <command:parameterValue required="false" variableLength="false">Thread</command:parameterValue> <command:parameterValue required="false" variableLength="false">Token</command:parameterValue> <command:parameterValue required="false" variableLength="false">TmTx</command:parameterValue> <command:parameterValue required="false" variableLength="false">WindowStation</command:parameterValue> <command:parameterValue required="false" variableLength="false">TmRm</command:parameterValue> <command:parameterValue required="false" variableLength="false">TmEn</command:parameterValue> <command:parameterValue required="false" variableLength="false">TmTm</command:parameterValue> <command:parameterValue required="false" variableLength="false">Transaction</command:parameterValue> <command:parameterValue required="false" variableLength="false">ResourceManager</command:parameterValue> <command:parameterValue required="false" variableLength="false">Enlistment</command:parameterValue> <command:parameterValue required="false" variableLength="false">TransactionManager</command:parameterValue> <command:parameterValue required="false" variableLength="false">Service</command:parameterValue> <command:parameterValue required="false" variableLength="false">SCM</command:parameterValue> <command:parameterValue required="false" variableLength="false">DirectoryService</command:parameterValue> <command:parameterValue required="false" variableLength="false">Audit</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: AsString --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>AsString</maml:name> <maml:description> <maml:para>Specify to output the access mask a string.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: AsTypeAccess --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ToTypeAccess"> <maml:name>AsTypeAccess</maml:name> <maml:description> <maml:para>Return access as specific access type based on the NtType object.</maml:para> </maml:description> <command:parameterValue required="true">NtType</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtType</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: GenericMapping --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>GenericMapping</maml:name> <maml:description> <maml:para>When specifying a Mandatory Label Policy specify GenericMapping to get the mandatory access.</maml:para> </maml:description> <command:parameterValue required="true">GenericMapping</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.GenericMapping</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: MapGenericRights --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>MapGenericRights</maml:name> <maml:description> <maml:para>Specify that any generic rights should be mapped to type specific rights.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> </command:syntaxItem> <!-- Parameter set: FromTransactionManager --> <command:syntaxItem> <maml:name>Get-NtAccessMask</maml:name> <!-- Parameter: TransactionManagerAccess --> <command:parameter required="true" globbing="false" pipelineInput="false" position="named"> <maml:name>TransactionManagerAccess</maml:name> <maml:description> <maml:para>Specify transaction manager access rights.</maml:para> <maml:para>Possible values: QueryInformation, SetInformation, Recover, Rename, CreateRm, BindTransaction, GenericRead, GenericWrite, GenericExecute, GenericAll, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, MaximumAllowed, AccessSystemSecurity</maml:para> </maml:description> <command:parameterValue required="true">TransactionManagerAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.TransactionManagerAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>0</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">QueryInformation</command:parameterValue> <command:parameterValue required="false" variableLength="false">SetInformation</command:parameterValue> <command:parameterValue required="false" variableLength="false">Recover</command:parameterValue> <command:parameterValue required="false" variableLength="false">Rename</command:parameterValue> <command:parameterValue required="false" variableLength="false">CreateRm</command:parameterValue> <command:parameterValue required="false" variableLength="false">BindTransaction</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> <command:parameterValue required="false" variableLength="false">AccessSystemSecurity</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: AsGenericAccess --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ToGenericAccess"> <maml:name>AsGenericAccess</maml:name> <maml:description> <maml:para>Return access as GenericAccess.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: AsMandatoryLabelPolicy --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ToMandatoryLabelPolicy"> <maml:name>AsMandatoryLabelPolicy</maml:name> <maml:description> <maml:para>Return access as ManadatoryLabelPolicy.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: AsSDKString --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>AsSDKString</maml:name> <maml:description> <maml:para>Specify to output the access mask a string, using SDK names if available.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: AsSpecificAccess --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ToSpecificAccess"> <maml:name>AsSpecificAccess</maml:name> <maml:description> <maml:para>Return access as specific access type based on the type enumeration.</maml:para> <maml:para>Possible values: None, ALPCPort, DebugObject, Desktop, Directory, Event, File, Device, IoCompletion, Job, Key, Mutant, Partition, Process, RegistryTransaction, Section, Semaphore, Session, SymbolicLink, Thread, Token, TmTx, WindowStation, TmRm, TmEn, TmTm, Transaction, ResourceManager, Enlistment, TransactionManager, Service, SCM, DirectoryService, Audit</maml:para> </maml:description> <command:parameterValue required="true">SpecificAccessType</command:parameterValue> <dev:type> <maml:name>NtObjectManager.Cmdlets.Object.SpecificAccessType</maml:name> <maml:uri /> <maml:description> <maml:para>Enumeration for specific access type mapping.</maml:para> </maml:description> </dev:type> <dev:defaultValue>None</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">ALPCPort</command:parameterValue> <command:parameterValue required="false" variableLength="false">DebugObject</command:parameterValue> <command:parameterValue required="false" variableLength="false">Desktop</command:parameterValue> <command:parameterValue required="false" variableLength="false">Directory</command:parameterValue> <command:parameterValue required="false" variableLength="false">Event</command:parameterValue> <command:parameterValue required="false" variableLength="false">File</command:parameterValue> <command:parameterValue required="false" variableLength="false">Device</command:parameterValue> <command:parameterValue required="false" variableLength="false">IoCompletion</command:parameterValue> <command:parameterValue required="false" variableLength="false">Job</command:parameterValue> <command:parameterValue required="false" variableLength="false">Key</command:parameterValue> <command:parameterValue required="false" variableLength="false">Mutant</command:parameterValue> <command:parameterValue required="false" variableLength="false">Partition</command:parameterValue> <command:parameterValue required="false" variableLength="false">Process</command:parameterValue> <command:parameterValue required="false" variableLength="false">RegistryTransaction</command:parameterValue> <command:parameterValue required="false" variableLength="false">Section</command:parameterValue> <command:parameterValue required="false" variableLength="false">Semaphore</command:parameterValue> <command:parameterValue required="false" variableLength="false">Session</command:parameterValue> <command:parameterValue required="false" variableLength="false">SymbolicLink</command:parameterValue> <command:parameterValue required="false" variableLength="false">Thread</command:parameterValue> <command:parameterValue required="false" variableLength="false">Token</command:parameterValue> <command:parameterValue required="false" variableLength="false">TmTx</command:parameterValue> <command:parameterValue required="false" variableLength="false">WindowStation</command:parameterValue> <command:parameterValue required="false" variableLength="false">TmRm</command:parameterValue> <command:parameterValue required="false" variableLength="false">TmEn</command:parameterValue> <command:parameterValue required="false" variableLength="false">TmTm</command:parameterValue> <command:parameterValue required="false" variableLength="false">Transaction</command:parameterValue> <command:parameterValue required="false" variableLength="false">ResourceManager</command:parameterValue> <command:parameterValue required="false" variableLength="false">Enlistment</command:parameterValue> <command:parameterValue required="false" variableLength="false">TransactionManager</command:parameterValue> <command:parameterValue required="false" variableLength="false">Service</command:parameterValue> <command:parameterValue required="false" variableLength="false">SCM</command:parameterValue> <command:parameterValue required="false" variableLength="false">DirectoryService</command:parameterValue> <command:parameterValue required="false" variableLength="false">Audit</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: AsString --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>AsString</maml:name> <maml:description> <maml:para>Specify to output the access mask a string.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: AsTypeAccess --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ToTypeAccess"> <maml:name>AsTypeAccess</maml:name> <maml:description> <maml:para>Return access as specific access type based on the NtType object.</maml:para> </maml:description> <command:parameterValue required="true">NtType</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtType</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: GenericMapping --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>GenericMapping</maml:name> <maml:description> <maml:para>When specifying a Mandatory Label Policy specify GenericMapping to get the mandatory access.</maml:para> </maml:description> <command:parameterValue required="true">GenericMapping</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.GenericMapping</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: MapGenericRights --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>MapGenericRights</maml:name> <maml:description> <maml:para>Specify that any generic rights should be mapped to type specific rights.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> </command:syntaxItem> <!-- Parameter set: FromResourceManager --> <command:syntaxItem> <maml:name>Get-NtAccessMask</maml:name> <!-- Parameter: ResourceManagerAccess --> <command:parameter required="true" globbing="false" pipelineInput="false" position="named"> <maml:name>ResourceManagerAccess</maml:name> <maml:description> <maml:para>Specify resource manager access rights.</maml:para> <maml:para>Possible values: QueryInformation, SetInformation, Recover, Enlist, GetNotification, RegisterProtocol, CompletePropagation, GenericRead, GenericWrite, GenericExecute, GenericAll, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, MaximumAllowed, AccessSystemSecurity</maml:para> </maml:description> <command:parameterValue required="true">ResourceManagerAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.ResourceManagerAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>0</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">QueryInformation</command:parameterValue> <command:parameterValue required="false" variableLength="false">SetInformation</command:parameterValue> <command:parameterValue required="false" variableLength="false">Recover</command:parameterValue> <command:parameterValue required="false" variableLength="false">Enlist</command:parameterValue> <command:parameterValue required="false" variableLength="false">GetNotification</command:parameterValue> <command:parameterValue required="false" variableLength="false">RegisterProtocol</command:parameterValue> <command:parameterValue required="false" variableLength="false">CompletePropagation</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> <command:parameterValue required="false" variableLength="false">AccessSystemSecurity</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: AsGenericAccess --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ToGenericAccess"> <maml:name>AsGenericAccess</maml:name> <maml:description> <maml:para>Return access as GenericAccess.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: AsMandatoryLabelPolicy --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ToMandatoryLabelPolicy"> <maml:name>AsMandatoryLabelPolicy</maml:name> <maml:description> <maml:para>Return access as ManadatoryLabelPolicy.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: AsSDKString --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>AsSDKString</maml:name> <maml:description> <maml:para>Specify to output the access mask a string, using SDK names if available.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: AsSpecificAccess --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ToSpecificAccess"> <maml:name>AsSpecificAccess</maml:name> <maml:description> <maml:para>Return access as specific access type based on the type enumeration.</maml:para> <maml:para>Possible values: None, ALPCPort, DebugObject, Desktop, Directory, Event, File, Device, IoCompletion, Job, Key, Mutant, Partition, Process, RegistryTransaction, Section, Semaphore, Session, SymbolicLink, Thread, Token, TmTx, WindowStation, TmRm, TmEn, TmTm, Transaction, ResourceManager, Enlistment, TransactionManager, Service, SCM, DirectoryService, Audit</maml:para> </maml:description> <command:parameterValue required="true">SpecificAccessType</command:parameterValue> <dev:type> <maml:name>NtObjectManager.Cmdlets.Object.SpecificAccessType</maml:name> <maml:uri /> <maml:description> <maml:para>Enumeration for specific access type mapping.</maml:para> </maml:description> </dev:type> <dev:defaultValue>None</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">ALPCPort</command:parameterValue> <command:parameterValue required="false" variableLength="false">DebugObject</command:parameterValue> <command:parameterValue required="false" variableLength="false">Desktop</command:parameterValue> <command:parameterValue required="false" variableLength="false">Directory</command:parameterValue> <command:parameterValue required="false" variableLength="false">Event</command:parameterValue> <command:parameterValue required="false" variableLength="false">File</command:parameterValue> <command:parameterValue required="false" variableLength="false">Device</command:parameterValue> <command:parameterValue required="false" variableLength="false">IoCompletion</command:parameterValue> <command:parameterValue required="false" variableLength="false">Job</command:parameterValue> <command:parameterValue required="false" variableLength="false">Key</command:parameterValue> <command:parameterValue required="false" variableLength="false">Mutant</command:parameterValue> <command:parameterValue required="false" variableLength="false">Partition</command:parameterValue> <command:parameterValue required="false" variableLength="false">Process</command:parameterValue> <command:parameterValue required="false" variableLength="false">RegistryTransaction</command:parameterValue> <command:parameterValue required="false" variableLength="false">Section</command:parameterValue> <command:parameterValue required="false" variableLength="false">Semaphore</command:parameterValue> <command:parameterValue required="false" variableLength="false">Session</command:parameterValue> <command:parameterValue required="false" variableLength="false">SymbolicLink</command:parameterValue> <command:parameterValue required="false" variableLength="false">Thread</command:parameterValue> <command:parameterValue required="false" variableLength="false">Token</command:parameterValue> <command:parameterValue required="false" variableLength="false">TmTx</command:parameterValue> <command:parameterValue required="false" variableLength="false">WindowStation</command:parameterValue> <command:parameterValue required="false" variableLength="false">TmRm</command:parameterValue> <command:parameterValue required="false" variableLength="false">TmEn</command:parameterValue> <command:parameterValue required="false" variableLength="false">TmTm</command:parameterValue> <command:parameterValue required="false" variableLength="false">Transaction</command:parameterValue> <command:parameterValue required="false" variableLength="false">ResourceManager</command:parameterValue> <command:parameterValue required="false" variableLength="false">Enlistment</command:parameterValue> <command:parameterValue required="false" variableLength="false">TransactionManager</command:parameterValue> <command:parameterValue required="false" variableLength="false">Service</command:parameterValue> <command:parameterValue required="false" variableLength="false">SCM</command:parameterValue> <command:parameterValue required="false" variableLength="false">DirectoryService</command:parameterValue> <command:parameterValue required="false" variableLength="false">Audit</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: AsString --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>AsString</maml:name> <maml:description> <maml:para>Specify to output the access mask a string.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: AsTypeAccess --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ToTypeAccess"> <maml:name>AsTypeAccess</maml:name> <maml:description> <maml:para>Return access as specific access type based on the NtType object.</maml:para> </maml:description> <command:parameterValue required="true">NtType</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtType</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: GenericMapping --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>GenericMapping</maml:name> <maml:description> <maml:para>When specifying a Mandatory Label Policy specify GenericMapping to get the mandatory access.</maml:para> </maml:description> <command:parameterValue required="true">GenericMapping</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.GenericMapping</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: MapGenericRights --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>MapGenericRights</maml:name> <maml:description> <maml:para>Specify that any generic rights should be mapped to type specific rights.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> </command:syntaxItem> <!-- Parameter set: FromEnlistment --> <command:syntaxItem> <maml:name>Get-NtAccessMask</maml:name> <!-- Parameter: EnlistmentAccess --> <command:parameter required="true" globbing="false" pipelineInput="false" position="named"> <maml:name>EnlistmentAccess</maml:name> <maml:description> <maml:para>Specify enlistment access rights.</maml:para> <maml:para>Possible values: None, QueryInformation, SetInformation, Recover, SubordinateRights, SuperiorRights, GenericRead, GenericWrite, GenericExecute, GenericAll, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, MaximumAllowed, AccessSystemSecurity</maml:para> </maml:description> <command:parameterValue required="true">EnlistmentAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.EnlistmentAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">QueryInformation</command:parameterValue> <command:parameterValue required="false" variableLength="false">SetInformation</command:parameterValue> <command:parameterValue required="false" variableLength="false">Recover</command:parameterValue> <command:parameterValue required="false" variableLength="false">SubordinateRights</command:parameterValue> <command:parameterValue required="false" variableLength="false">SuperiorRights</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> <command:parameterValue required="false" variableLength="false">AccessSystemSecurity</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: AsGenericAccess --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ToGenericAccess"> <maml:name>AsGenericAccess</maml:name> <maml:description> <maml:para>Return access as GenericAccess.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: AsMandatoryLabelPolicy --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ToMandatoryLabelPolicy"> <maml:name>AsMandatoryLabelPolicy</maml:name> <maml:description> <maml:para>Return access as ManadatoryLabelPolicy.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: AsSDKString --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>AsSDKString</maml:name> <maml:description> <maml:para>Specify to output the access mask a string, using SDK names if available.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: AsSpecificAccess --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ToSpecificAccess"> <maml:name>AsSpecificAccess</maml:name> <maml:description> <maml:para>Return access as specific access type based on the type enumeration.</maml:para> <maml:para>Possible values: None, ALPCPort, DebugObject, Desktop, Directory, Event, File, Device, IoCompletion, Job, Key, Mutant, Partition, Process, RegistryTransaction, Section, Semaphore, Session, SymbolicLink, Thread, Token, TmTx, WindowStation, TmRm, TmEn, TmTm, Transaction, ResourceManager, Enlistment, TransactionManager, Service, SCM, DirectoryService, Audit</maml:para> </maml:description> <command:parameterValue required="true">SpecificAccessType</command:parameterValue> <dev:type> <maml:name>NtObjectManager.Cmdlets.Object.SpecificAccessType</maml:name> <maml:uri /> <maml:description> <maml:para>Enumeration for specific access type mapping.</maml:para> </maml:description> </dev:type> <dev:defaultValue>None</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">ALPCPort</command:parameterValue> <command:parameterValue required="false" variableLength="false">DebugObject</command:parameterValue> <command:parameterValue required="false" variableLength="false">Desktop</command:parameterValue> <command:parameterValue required="false" variableLength="false">Directory</command:parameterValue> <command:parameterValue required="false" variableLength="false">Event</command:parameterValue> <command:parameterValue required="false" variableLength="false">File</command:parameterValue> <command:parameterValue required="false" variableLength="false">Device</command:parameterValue> <command:parameterValue required="false" variableLength="false">IoCompletion</command:parameterValue> <command:parameterValue required="false" variableLength="false">Job</command:parameterValue> <command:parameterValue required="false" variableLength="false">Key</command:parameterValue> <command:parameterValue required="false" variableLength="false">Mutant</command:parameterValue> <command:parameterValue required="false" variableLength="false">Partition</command:parameterValue> <command:parameterValue required="false" variableLength="false">Process</command:parameterValue> <command:parameterValue required="false" variableLength="false">RegistryTransaction</command:parameterValue> <command:parameterValue required="false" variableLength="false">Section</command:parameterValue> <command:parameterValue required="false" variableLength="false">Semaphore</command:parameterValue> <command:parameterValue required="false" variableLength="false">Session</command:parameterValue> <command:parameterValue required="false" variableLength="false">SymbolicLink</command:parameterValue> <command:parameterValue required="false" variableLength="false">Thread</command:parameterValue> <command:parameterValue required="false" variableLength="false">Token</command:parameterValue> <command:parameterValue required="false" variableLength="false">TmTx</command:parameterValue> <command:parameterValue required="false" variableLength="false">WindowStation</command:parameterValue> <command:parameterValue required="false" variableLength="false">TmRm</command:parameterValue> <command:parameterValue required="false" variableLength="false">TmEn</command:parameterValue> <command:parameterValue required="false" variableLength="false">TmTm</command:parameterValue> <command:parameterValue required="false" variableLength="false">Transaction</command:parameterValue> <command:parameterValue required="false" variableLength="false">ResourceManager</command:parameterValue> <command:parameterValue required="false" variableLength="false">Enlistment</command:parameterValue> <command:parameterValue required="false" variableLength="false">TransactionManager</command:parameterValue> <command:parameterValue required="false" variableLength="false">Service</command:parameterValue> <command:parameterValue required="false" variableLength="false">SCM</command:parameterValue> <command:parameterValue required="false" variableLength="false">DirectoryService</command:parameterValue> <command:parameterValue required="false" variableLength="false">Audit</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: AsString --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>AsString</maml:name> <maml:description> <maml:para>Specify to output the access mask a string.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: AsTypeAccess --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ToTypeAccess"> <maml:name>AsTypeAccess</maml:name> <maml:description> <maml:para>Return access as specific access type based on the NtType object.</maml:para> </maml:description> <command:parameterValue required="true">NtType</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtType</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: GenericMapping --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>GenericMapping</maml:name> <maml:description> <maml:para>When specifying a Mandatory Label Policy specify GenericMapping to get the mandatory access.</maml:para> </maml:description> <command:parameterValue required="true">GenericMapping</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.GenericMapping</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: MapGenericRights --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>MapGenericRights</maml:name> <maml:description> <maml:para>Specify that any generic rights should be mapped to type specific rights.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> </command:syntaxItem> <!-- Parameter set: FromService --> <command:syntaxItem> <maml:name>Get-NtAccessMask</maml:name> <!-- Parameter: ServiceAccess --> <command:parameter required="true" globbing="false" pipelineInput="false" position="named"> <maml:name>ServiceAccess</maml:name> <maml:description> <maml:para>Specify service access rights.</maml:para> <maml:para>Possible values: QueryConfig, ChangeConfig, QueryStatus, EnumerateDependents, Start, Stop, PauseContinue, Interrogate, UserDefinedControl, SetStatus, All, GenericRead, GenericWrite, GenericExecute, GenericAll, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, MaximumAllowed, AccessSystemSecurity</maml:para> </maml:description> <command:parameterValue required="true">ServiceAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.Win32.ServiceAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>0</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">QueryConfig</command:parameterValue> <command:parameterValue required="false" variableLength="false">ChangeConfig</command:parameterValue> <command:parameterValue required="false" variableLength="false">QueryStatus</command:parameterValue> <command:parameterValue required="false" variableLength="false">EnumerateDependents</command:parameterValue> <command:parameterValue required="false" variableLength="false">Start</command:parameterValue> <command:parameterValue required="false" variableLength="false">Stop</command:parameterValue> <command:parameterValue required="false" variableLength="false">PauseContinue</command:parameterValue> <command:parameterValue required="false" variableLength="false">Interrogate</command:parameterValue> <command:parameterValue required="false" variableLength="false">UserDefinedControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">SetStatus</command:parameterValue> <command:parameterValue required="false" variableLength="false">All</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> <command:parameterValue required="false" variableLength="false">AccessSystemSecurity</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: AsGenericAccess --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ToGenericAccess"> <maml:name>AsGenericAccess</maml:name> <maml:description> <maml:para>Return access as GenericAccess.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: AsMandatoryLabelPolicy --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ToMandatoryLabelPolicy"> <maml:name>AsMandatoryLabelPolicy</maml:name> <maml:description> <maml:para>Return access as ManadatoryLabelPolicy.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: AsSDKString --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>AsSDKString</maml:name> <maml:description> <maml:para>Specify to output the access mask a string, using SDK names if available.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: AsSpecificAccess --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ToSpecificAccess"> <maml:name>AsSpecificAccess</maml:name> <maml:description> <maml:para>Return access as specific access type based on the type enumeration.</maml:para> <maml:para>Possible values: None, ALPCPort, DebugObject, Desktop, Directory, Event, File, Device, IoCompletion, Job, Key, Mutant, Partition, Process, RegistryTransaction, Section, Semaphore, Session, SymbolicLink, Thread, Token, TmTx, WindowStation, TmRm, TmEn, TmTm, Transaction, ResourceManager, Enlistment, TransactionManager, Service, SCM, DirectoryService, Audit</maml:para> </maml:description> <command:parameterValue required="true">SpecificAccessType</command:parameterValue> <dev:type> <maml:name>NtObjectManager.Cmdlets.Object.SpecificAccessType</maml:name> <maml:uri /> <maml:description> <maml:para>Enumeration for specific access type mapping.</maml:para> </maml:description> </dev:type> <dev:defaultValue>None</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">ALPCPort</command:parameterValue> <command:parameterValue required="false" variableLength="false">DebugObject</command:parameterValue> <command:parameterValue required="false" variableLength="false">Desktop</command:parameterValue> <command:parameterValue required="false" variableLength="false">Directory</command:parameterValue> <command:parameterValue required="false" variableLength="false">Event</command:parameterValue> <command:parameterValue required="false" variableLength="false">File</command:parameterValue> <command:parameterValue required="false" variableLength="false">Device</command:parameterValue> <command:parameterValue required="false" variableLength="false">IoCompletion</command:parameterValue> <command:parameterValue required="false" variableLength="false">Job</command:parameterValue> <command:parameterValue required="false" variableLength="false">Key</command:parameterValue> <command:parameterValue required="false" variableLength="false">Mutant</command:parameterValue> <command:parameterValue required="false" variableLength="false">Partition</command:parameterValue> <command:parameterValue required="false" variableLength="false">Process</command:parameterValue> <command:parameterValue required="false" variableLength="false">RegistryTransaction</command:parameterValue> <command:parameterValue required="false" variableLength="false">Section</command:parameterValue> <command:parameterValue required="false" variableLength="false">Semaphore</command:parameterValue> <command:parameterValue required="false" variableLength="false">Session</command:parameterValue> <command:parameterValue required="false" variableLength="false">SymbolicLink</command:parameterValue> <command:parameterValue required="false" variableLength="false">Thread</command:parameterValue> <command:parameterValue required="false" variableLength="false">Token</command:parameterValue> <command:parameterValue required="false" variableLength="false">TmTx</command:parameterValue> <command:parameterValue required="false" variableLength="false">WindowStation</command:parameterValue> <command:parameterValue required="false" variableLength="false">TmRm</command:parameterValue> <command:parameterValue required="false" variableLength="false">TmEn</command:parameterValue> <command:parameterValue required="false" variableLength="false">TmTm</command:parameterValue> <command:parameterValue required="false" variableLength="false">Transaction</command:parameterValue> <command:parameterValue required="false" variableLength="false">ResourceManager</command:parameterValue> <command:parameterValue required="false" variableLength="false">Enlistment</command:parameterValue> <command:parameterValue required="false" variableLength="false">TransactionManager</command:parameterValue> <command:parameterValue required="false" variableLength="false">Service</command:parameterValue> <command:parameterValue required="false" variableLength="false">SCM</command:parameterValue> <command:parameterValue required="false" variableLength="false">DirectoryService</command:parameterValue> <command:parameterValue required="false" variableLength="false">Audit</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: AsString --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>AsString</maml:name> <maml:description> <maml:para>Specify to output the access mask a string.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: AsTypeAccess --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ToTypeAccess"> <maml:name>AsTypeAccess</maml:name> <maml:description> <maml:para>Return access as specific access type based on the NtType object.</maml:para> </maml:description> <command:parameterValue required="true">NtType</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtType</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: GenericMapping --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>GenericMapping</maml:name> <maml:description> <maml:para>When specifying a Mandatory Label Policy specify GenericMapping to get the mandatory access.</maml:para> </maml:description> <command:parameterValue required="true">GenericMapping</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.GenericMapping</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: MapGenericRights --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>MapGenericRights</maml:name> <maml:description> <maml:para>Specify that any generic rights should be mapped to type specific rights.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> </command:syntaxItem> <!-- Parameter set: FromServiceControlManager --> <command:syntaxItem> <maml:name>Get-NtAccessMask</maml:name> <!-- Parameter: ServiceControlManagerAccess --> <command:parameter required="true" globbing="false" pipelineInput="false" position="named"> <maml:name>ServiceControlManagerAccess</maml:name> <maml:description> <maml:para>Specify service control manager access rights.</maml:para> <maml:para>Possible values: Connect, CreateService, EnumerateService, Lock, QueryLockStatus, ModifyBootConfig, All, GenericRead, GenericWrite, GenericExecute, GenericAll, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, MaximumAllowed, AccessSystemSecurity</maml:para> </maml:description> <command:parameterValue required="true">ServiceControlManagerAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.Win32.ServiceControlManagerAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>0</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">Connect</command:parameterValue> <command:parameterValue required="false" variableLength="false">CreateService</command:parameterValue> <command:parameterValue required="false" variableLength="false">EnumerateService</command:parameterValue> <command:parameterValue required="false" variableLength="false">Lock</command:parameterValue> <command:parameterValue required="false" variableLength="false">QueryLockStatus</command:parameterValue> <command:parameterValue required="false" variableLength="false">ModifyBootConfig</command:parameterValue> <command:parameterValue required="false" variableLength="false">All</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> <command:parameterValue required="false" variableLength="false">AccessSystemSecurity</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: AsGenericAccess --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ToGenericAccess"> <maml:name>AsGenericAccess</maml:name> <maml:description> <maml:para>Return access as GenericAccess.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: AsMandatoryLabelPolicy --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ToMandatoryLabelPolicy"> <maml:name>AsMandatoryLabelPolicy</maml:name> <maml:description> <maml:para>Return access as ManadatoryLabelPolicy.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: AsSDKString --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>AsSDKString</maml:name> <maml:description> <maml:para>Specify to output the access mask a string, using SDK names if available.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: AsSpecificAccess --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ToSpecificAccess"> <maml:name>AsSpecificAccess</maml:name> <maml:description> <maml:para>Return access as specific access type based on the type enumeration.</maml:para> <maml:para>Possible values: None, ALPCPort, DebugObject, Desktop, Directory, Event, File, Device, IoCompletion, Job, Key, Mutant, Partition, Process, RegistryTransaction, Section, Semaphore, Session, SymbolicLink, Thread, Token, TmTx, WindowStation, TmRm, TmEn, TmTm, Transaction, ResourceManager, Enlistment, TransactionManager, Service, SCM, DirectoryService, Audit</maml:para> </maml:description> <command:parameterValue required="true">SpecificAccessType</command:parameterValue> <dev:type> <maml:name>NtObjectManager.Cmdlets.Object.SpecificAccessType</maml:name> <maml:uri /> <maml:description> <maml:para>Enumeration for specific access type mapping.</maml:para> </maml:description> </dev:type> <dev:defaultValue>None</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">ALPCPort</command:parameterValue> <command:parameterValue required="false" variableLength="false">DebugObject</command:parameterValue> <command:parameterValue required="false" variableLength="false">Desktop</command:parameterValue> <command:parameterValue required="false" variableLength="false">Directory</command:parameterValue> <command:parameterValue required="false" variableLength="false">Event</command:parameterValue> <command:parameterValue required="false" variableLength="false">File</command:parameterValue> <command:parameterValue required="false" variableLength="false">Device</command:parameterValue> <command:parameterValue required="false" variableLength="false">IoCompletion</command:parameterValue> <command:parameterValue required="false" variableLength="false">Job</command:parameterValue> <command:parameterValue required="false" variableLength="false">Key</command:parameterValue> <command:parameterValue required="false" variableLength="false">Mutant</command:parameterValue> <command:parameterValue required="false" variableLength="false">Partition</command:parameterValue> <command:parameterValue required="false" variableLength="false">Process</command:parameterValue> <command:parameterValue required="false" variableLength="false">RegistryTransaction</command:parameterValue> <command:parameterValue required="false" variableLength="false">Section</command:parameterValue> <command:parameterValue required="false" variableLength="false">Semaphore</command:parameterValue> <command:parameterValue required="false" variableLength="false">Session</command:parameterValue> <command:parameterValue required="false" variableLength="false">SymbolicLink</command:parameterValue> <command:parameterValue required="false" variableLength="false">Thread</command:parameterValue> <command:parameterValue required="false" variableLength="false">Token</command:parameterValue> <command:parameterValue required="false" variableLength="false">TmTx</command:parameterValue> <command:parameterValue required="false" variableLength="false">WindowStation</command:parameterValue> <command:parameterValue required="false" variableLength="false">TmRm</command:parameterValue> <command:parameterValue required="false" variableLength="false">TmEn</command:parameterValue> <command:parameterValue required="false" variableLength="false">TmTm</command:parameterValue> <command:parameterValue required="false" variableLength="false">Transaction</command:parameterValue> <command:parameterValue required="false" variableLength="false">ResourceManager</command:parameterValue> <command:parameterValue required="false" variableLength="false">Enlistment</command:parameterValue> <command:parameterValue required="false" variableLength="false">TransactionManager</command:parameterValue> <command:parameterValue required="false" variableLength="false">Service</command:parameterValue> <command:parameterValue required="false" variableLength="false">SCM</command:parameterValue> <command:parameterValue required="false" variableLength="false">DirectoryService</command:parameterValue> <command:parameterValue required="false" variableLength="false">Audit</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: AsString --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>AsString</maml:name> <maml:description> <maml:para>Specify to output the access mask a string.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: AsTypeAccess --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ToTypeAccess"> <maml:name>AsTypeAccess</maml:name> <maml:description> <maml:para>Return access as specific access type based on the NtType object.</maml:para> </maml:description> <command:parameterValue required="true">NtType</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtType</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: GenericMapping --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>GenericMapping</maml:name> <maml:description> <maml:para>When specifying a Mandatory Label Policy specify GenericMapping to get the mandatory access.</maml:para> </maml:description> <command:parameterValue required="true">GenericMapping</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.GenericMapping</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: MapGenericRights --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>MapGenericRights</maml:name> <maml:description> <maml:para>Specify that any generic rights should be mapped to type specific rights.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> </command:syntaxItem> <!-- Parameter set: FromMandatoryLabel --> <command:syntaxItem> <maml:name>Get-NtAccessMask</maml:name> <!-- Parameter: ManadatoryLabelPolicy --> <command:parameter required="true" globbing="false" pipelineInput="false" position="named"> <maml:name>ManadatoryLabelPolicy</maml:name> <maml:description> <maml:para>Specify mandatory label policy.</maml:para> <maml:para>Possible values: None, NoWriteUp, NoReadUp, NoExecuteUp</maml:para> </maml:description> <command:parameterValue required="true">MandatoryLabelPolicy</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.MandatoryLabelPolicy</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">NoWriteUp</command:parameterValue> <command:parameterValue required="false" variableLength="false">NoReadUp</command:parameterValue> <command:parameterValue required="false" variableLength="false">NoExecuteUp</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: AsGenericAccess --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ToGenericAccess"> <maml:name>AsGenericAccess</maml:name> <maml:description> <maml:para>Return access as GenericAccess.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: AsMandatoryLabelPolicy --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ToMandatoryLabelPolicy"> <maml:name>AsMandatoryLabelPolicy</maml:name> <maml:description> <maml:para>Return access as ManadatoryLabelPolicy.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: AsSDKString --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>AsSDKString</maml:name> <maml:description> <maml:para>Specify to output the access mask a string, using SDK names if available.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: AsSpecificAccess --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ToSpecificAccess"> <maml:name>AsSpecificAccess</maml:name> <maml:description> <maml:para>Return access as specific access type based on the type enumeration.</maml:para> <maml:para>Possible values: None, ALPCPort, DebugObject, Desktop, Directory, Event, File, Device, IoCompletion, Job, Key, Mutant, Partition, Process, RegistryTransaction, Section, Semaphore, Session, SymbolicLink, Thread, Token, TmTx, WindowStation, TmRm, TmEn, TmTm, Transaction, ResourceManager, Enlistment, TransactionManager, Service, SCM, DirectoryService, Audit</maml:para> </maml:description> <command:parameterValue required="true">SpecificAccessType</command:parameterValue> <dev:type> <maml:name>NtObjectManager.Cmdlets.Object.SpecificAccessType</maml:name> <maml:uri /> <maml:description> <maml:para>Enumeration for specific access type mapping.</maml:para> </maml:description> </dev:type> <dev:defaultValue>None</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">ALPCPort</command:parameterValue> <command:parameterValue required="false" variableLength="false">DebugObject</command:parameterValue> <command:parameterValue required="false" variableLength="false">Desktop</command:parameterValue> <command:parameterValue required="false" variableLength="false">Directory</command:parameterValue> <command:parameterValue required="false" variableLength="false">Event</command:parameterValue> <command:parameterValue required="false" variableLength="false">File</command:parameterValue> <command:parameterValue required="false" variableLength="false">Device</command:parameterValue> <command:parameterValue required="false" variableLength="false">IoCompletion</command:parameterValue> <command:parameterValue required="false" variableLength="false">Job</command:parameterValue> <command:parameterValue required="false" variableLength="false">Key</command:parameterValue> <command:parameterValue required="false" variableLength="false">Mutant</command:parameterValue> <command:parameterValue required="false" variableLength="false">Partition</command:parameterValue> <command:parameterValue required="false" variableLength="false">Process</command:parameterValue> <command:parameterValue required="false" variableLength="false">RegistryTransaction</command:parameterValue> <command:parameterValue required="false" variableLength="false">Section</command:parameterValue> <command:parameterValue required="false" variableLength="false">Semaphore</command:parameterValue> <command:parameterValue required="false" variableLength="false">Session</command:parameterValue> <command:parameterValue required="false" variableLength="false">SymbolicLink</command:parameterValue> <command:parameterValue required="false" variableLength="false">Thread</command:parameterValue> <command:parameterValue required="false" variableLength="false">Token</command:parameterValue> <command:parameterValue required="false" variableLength="false">TmTx</command:parameterValue> <command:parameterValue required="false" variableLength="false">WindowStation</command:parameterValue> <command:parameterValue required="false" variableLength="false">TmRm</command:parameterValue> <command:parameterValue required="false" variableLength="false">TmEn</command:parameterValue> <command:parameterValue required="false" variableLength="false">TmTm</command:parameterValue> <command:parameterValue required="false" variableLength="false">Transaction</command:parameterValue> <command:parameterValue required="false" variableLength="false">ResourceManager</command:parameterValue> <command:parameterValue required="false" variableLength="false">Enlistment</command:parameterValue> <command:parameterValue required="false" variableLength="false">TransactionManager</command:parameterValue> <command:parameterValue required="false" variableLength="false">Service</command:parameterValue> <command:parameterValue required="false" variableLength="false">SCM</command:parameterValue> <command:parameterValue required="false" variableLength="false">DirectoryService</command:parameterValue> <command:parameterValue required="false" variableLength="false">Audit</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: AsString --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>AsString</maml:name> <maml:description> <maml:para>Specify to output the access mask a string.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: AsTypeAccess --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ToTypeAccess"> <maml:name>AsTypeAccess</maml:name> <maml:description> <maml:para>Return access as specific access type based on the NtType object.</maml:para> </maml:description> <command:parameterValue required="true">NtType</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtType</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: GenericMapping --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>GenericMapping</maml:name> <maml:description> <maml:para>When specifying a Mandatory Label Policy specify GenericMapping to get the mandatory access.</maml:para> </maml:description> <command:parameterValue required="true">GenericMapping</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.GenericMapping</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: MapGenericRights --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>MapGenericRights</maml:name> <maml:description> <maml:para>Specify that any generic rights should be mapped to type specific rights.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> </command:syntaxItem> <!-- Parameter set: FromAce --> <command:syntaxItem> <maml:name>Get-NtAccessMask</maml:name> <!-- Parameter: AccessControlEntry --> <command:parameter required="true" globbing="false" pipelineInput="true (ByValue)" position="0" aliases="Ace"> <maml:name>AccessControlEntry</maml:name> <maml:description> <maml:para>Specify an ACE to extract the mask to map.</maml:para> </maml:description> <command:parameterValue required="true">Ace</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.Ace</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: AsGenericAccess --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ToGenericAccess"> <maml:name>AsGenericAccess</maml:name> <maml:description> <maml:para>Return access as GenericAccess.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: AsMandatoryLabelPolicy --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ToMandatoryLabelPolicy"> <maml:name>AsMandatoryLabelPolicy</maml:name> <maml:description> <maml:para>Return access as ManadatoryLabelPolicy.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: AsSDKString --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>AsSDKString</maml:name> <maml:description> <maml:para>Specify to output the access mask a string, using SDK names if available.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: AsSpecificAccess --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ToSpecificAccess"> <maml:name>AsSpecificAccess</maml:name> <maml:description> <maml:para>Return access as specific access type based on the type enumeration.</maml:para> <maml:para>Possible values: None, ALPCPort, DebugObject, Desktop, Directory, Event, File, Device, IoCompletion, Job, Key, Mutant, Partition, Process, RegistryTransaction, Section, Semaphore, Session, SymbolicLink, Thread, Token, TmTx, WindowStation, TmRm, TmEn, TmTm, Transaction, ResourceManager, Enlistment, TransactionManager, Service, SCM, DirectoryService, Audit</maml:para> </maml:description> <command:parameterValue required="true">SpecificAccessType</command:parameterValue> <dev:type> <maml:name>NtObjectManager.Cmdlets.Object.SpecificAccessType</maml:name> <maml:uri /> <maml:description> <maml:para>Enumeration for specific access type mapping.</maml:para> </maml:description> </dev:type> <dev:defaultValue>None</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">ALPCPort</command:parameterValue> <command:parameterValue required="false" variableLength="false">DebugObject</command:parameterValue> <command:parameterValue required="false" variableLength="false">Desktop</command:parameterValue> <command:parameterValue required="false" variableLength="false">Directory</command:parameterValue> <command:parameterValue required="false" variableLength="false">Event</command:parameterValue> <command:parameterValue required="false" variableLength="false">File</command:parameterValue> <command:parameterValue required="false" variableLength="false">Device</command:parameterValue> <command:parameterValue required="false" variableLength="false">IoCompletion</command:parameterValue> <command:parameterValue required="false" variableLength="false">Job</command:parameterValue> <command:parameterValue required="false" variableLength="false">Key</command:parameterValue> <command:parameterValue required="false" variableLength="false">Mutant</command:parameterValue> <command:parameterValue required="false" variableLength="false">Partition</command:parameterValue> <command:parameterValue required="false" variableLength="false">Process</command:parameterValue> <command:parameterValue required="false" variableLength="false">RegistryTransaction</command:parameterValue> <command:parameterValue required="false" variableLength="false">Section</command:parameterValue> <command:parameterValue required="false" variableLength="false">Semaphore</command:parameterValue> <command:parameterValue required="false" variableLength="false">Session</command:parameterValue> <command:parameterValue required="false" variableLength="false">SymbolicLink</command:parameterValue> <command:parameterValue required="false" variableLength="false">Thread</command:parameterValue> <command:parameterValue required="false" variableLength="false">Token</command:parameterValue> <command:parameterValue required="false" variableLength="false">TmTx</command:parameterValue> <command:parameterValue required="false" variableLength="false">WindowStation</command:parameterValue> <command:parameterValue required="false" variableLength="false">TmRm</command:parameterValue> <command:parameterValue required="false" variableLength="false">TmEn</command:parameterValue> <command:parameterValue required="false" variableLength="false">TmTm</command:parameterValue> <command:parameterValue required="false" variableLength="false">Transaction</command:parameterValue> <command:parameterValue required="false" variableLength="false">ResourceManager</command:parameterValue> <command:parameterValue required="false" variableLength="false">Enlistment</command:parameterValue> <command:parameterValue required="false" variableLength="false">TransactionManager</command:parameterValue> <command:parameterValue required="false" variableLength="false">Service</command:parameterValue> <command:parameterValue required="false" variableLength="false">SCM</command:parameterValue> <command:parameterValue required="false" variableLength="false">DirectoryService</command:parameterValue> <command:parameterValue required="false" variableLength="false">Audit</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: AsString --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>AsString</maml:name> <maml:description> <maml:para>Specify to output the access mask a string.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: AsTypeAccess --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ToTypeAccess"> <maml:name>AsTypeAccess</maml:name> <maml:description> <maml:para>Return access as specific access type based on the NtType object.</maml:para> </maml:description> <command:parameterValue required="true">NtType</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtType</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: GenericMapping --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>GenericMapping</maml:name> <maml:description> <maml:para>When specifying a Mandatory Label Policy specify GenericMapping to get the mandatory access.</maml:para> </maml:description> <command:parameterValue required="true">GenericMapping</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.GenericMapping</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: MapGenericRights --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>MapGenericRights</maml:name> <maml:description> <maml:para>Specify that any generic rights should be mapped to type specific rights.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> </command:syntaxItem> <!-- Parameter set: FromSecurityInformation --> <command:syntaxItem> <maml:name>Get-NtAccessMask</maml:name> <!-- Parameter: SecurityInformation --> <command:parameter required="true" globbing="false" pipelineInput="false" position="named"> <maml:name>SecurityInformation</maml:name> <maml:description> <maml:para>Specify a security information to get the access mask.</maml:para> <maml:para>Possible values: Owner, Group, Dacl, Sacl, Label, Attribute, Scope, ProcessTrustLabel, AccessFilter, Backup, ProtectedDacl, ProtectedSacl, UnprotectedDacl, UnprotectedSacl, AllBasic, AllNoSacl, All</maml:para> </maml:description> <command:parameterValue required="true">SecurityInformation</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SecurityInformation</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>0</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">Owner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Group</command:parameterValue> <command:parameterValue required="false" variableLength="false">Dacl</command:parameterValue> <command:parameterValue required="false" variableLength="false">Sacl</command:parameterValue> <command:parameterValue required="false" variableLength="false">Label</command:parameterValue> <command:parameterValue required="false" variableLength="false">Attribute</command:parameterValue> <command:parameterValue required="false" variableLength="false">Scope</command:parameterValue> <command:parameterValue required="false" variableLength="false">ProcessTrustLabel</command:parameterValue> <command:parameterValue required="false" variableLength="false">AccessFilter</command:parameterValue> <command:parameterValue required="false" variableLength="false">Backup</command:parameterValue> <command:parameterValue required="false" variableLength="false">ProtectedDacl</command:parameterValue> <command:parameterValue required="false" variableLength="false">ProtectedSacl</command:parameterValue> <command:parameterValue required="false" variableLength="false">UnprotectedDacl</command:parameterValue> <command:parameterValue required="false" variableLength="false">UnprotectedSacl</command:parameterValue> <command:parameterValue required="false" variableLength="false">AllBasic</command:parameterValue> <command:parameterValue required="false" variableLength="false">AllNoSacl</command:parameterValue> <command:parameterValue required="false" variableLength="false">All</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: AsGenericAccess --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ToGenericAccess"> <maml:name>AsGenericAccess</maml:name> <maml:description> <maml:para>Return access as GenericAccess.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: AsMandatoryLabelPolicy --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ToMandatoryLabelPolicy"> <maml:name>AsMandatoryLabelPolicy</maml:name> <maml:description> <maml:para>Return access as ManadatoryLabelPolicy.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: AsSDKString --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>AsSDKString</maml:name> <maml:description> <maml:para>Specify to output the access mask a string, using SDK names if available.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: AsSpecificAccess --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ToSpecificAccess"> <maml:name>AsSpecificAccess</maml:name> <maml:description> <maml:para>Return access as specific access type based on the type enumeration.</maml:para> <maml:para>Possible values: None, ALPCPort, DebugObject, Desktop, Directory, Event, File, Device, IoCompletion, Job, Key, Mutant, Partition, Process, RegistryTransaction, Section, Semaphore, Session, SymbolicLink, Thread, Token, TmTx, WindowStation, TmRm, TmEn, TmTm, Transaction, ResourceManager, Enlistment, TransactionManager, Service, SCM, DirectoryService, Audit</maml:para> </maml:description> <command:parameterValue required="true">SpecificAccessType</command:parameterValue> <dev:type> <maml:name>NtObjectManager.Cmdlets.Object.SpecificAccessType</maml:name> <maml:uri /> <maml:description> <maml:para>Enumeration for specific access type mapping.</maml:para> </maml:description> </dev:type> <dev:defaultValue>None</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">ALPCPort</command:parameterValue> <command:parameterValue required="false" variableLength="false">DebugObject</command:parameterValue> <command:parameterValue required="false" variableLength="false">Desktop</command:parameterValue> <command:parameterValue required="false" variableLength="false">Directory</command:parameterValue> <command:parameterValue required="false" variableLength="false">Event</command:parameterValue> <command:parameterValue required="false" variableLength="false">File</command:parameterValue> <command:parameterValue required="false" variableLength="false">Device</command:parameterValue> <command:parameterValue required="false" variableLength="false">IoCompletion</command:parameterValue> <command:parameterValue required="false" variableLength="false">Job</command:parameterValue> <command:parameterValue required="false" variableLength="false">Key</command:parameterValue> <command:parameterValue required="false" variableLength="false">Mutant</command:parameterValue> <command:parameterValue required="false" variableLength="false">Partition</command:parameterValue> <command:parameterValue required="false" variableLength="false">Process</command:parameterValue> <command:parameterValue required="false" variableLength="false">RegistryTransaction</command:parameterValue> <command:parameterValue required="false" variableLength="false">Section</command:parameterValue> <command:parameterValue required="false" variableLength="false">Semaphore</command:parameterValue> <command:parameterValue required="false" variableLength="false">Session</command:parameterValue> <command:parameterValue required="false" variableLength="false">SymbolicLink</command:parameterValue> <command:parameterValue required="false" variableLength="false">Thread</command:parameterValue> <command:parameterValue required="false" variableLength="false">Token</command:parameterValue> <command:parameterValue required="false" variableLength="false">TmTx</command:parameterValue> <command:parameterValue required="false" variableLength="false">WindowStation</command:parameterValue> <command:parameterValue required="false" variableLength="false">TmRm</command:parameterValue> <command:parameterValue required="false" variableLength="false">TmEn</command:parameterValue> <command:parameterValue required="false" variableLength="false">TmTm</command:parameterValue> <command:parameterValue required="false" variableLength="false">Transaction</command:parameterValue> <command:parameterValue required="false" variableLength="false">ResourceManager</command:parameterValue> <command:parameterValue required="false" variableLength="false">Enlistment</command:parameterValue> <command:parameterValue required="false" variableLength="false">TransactionManager</command:parameterValue> <command:parameterValue required="false" variableLength="false">Service</command:parameterValue> <command:parameterValue required="false" variableLength="false">SCM</command:parameterValue> <command:parameterValue required="false" variableLength="false">DirectoryService</command:parameterValue> <command:parameterValue required="false" variableLength="false">Audit</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: AsString --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>AsString</maml:name> <maml:description> <maml:para>Specify to output the access mask a string.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: AsTypeAccess --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ToTypeAccess"> <maml:name>AsTypeAccess</maml:name> <maml:description> <maml:para>Return access as specific access type based on the NtType object.</maml:para> </maml:description> <command:parameterValue required="true">NtType</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtType</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: GenericMapping --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>GenericMapping</maml:name> <maml:description> <maml:para>When specifying a Mandatory Label Policy specify GenericMapping to get the mandatory access.</maml:para> </maml:description> <command:parameterValue required="true">GenericMapping</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.GenericMapping</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: MapGenericRights --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>MapGenericRights</maml:name> <maml:description> <maml:para>Specify that any generic rights should be mapped to type specific rights.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: SetSecurity --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>SetSecurity</maml:name> <maml:description> <maml:para>Specify to get the set security mask rather than the query.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <!-- Parameter: AccessMask --> <command:parameter required="true" globbing="false" pipelineInput="false" position="0"> <maml:name>AccessMask</maml:name> <maml:description> <maml:para>Specify a raw access mask.</maml:para> </maml:description> <command:parameterValue required="true">AccessMask</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.AccessMask</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>00000000</dev:defaultValue> </command:parameter> <!-- Parameter: FileAccess --> <command:parameter required="true" globbing="false" pipelineInput="false" position="named"> <maml:name>FileAccess</maml:name> <maml:description> <maml:para>Specify File access rights.</maml:para> <maml:para>Possible values: None, ReadData, WriteData, AppendData, ReadEa, WriteEa, Execute, DeleteChild, ReadAttributes, WriteAttributes, GenericRead, GenericWrite, GenericExecute, GenericAll, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, MaximumAllowed, AccessSystemSecurity</maml:para> </maml:description> <command:parameterValue required="true">FileAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.FileAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadData</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteData</command:parameterValue> <command:parameterValue required="false" variableLength="false">AppendData</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadEa</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteEa</command:parameterValue> <command:parameterValue required="false" variableLength="false">Execute</command:parameterValue> <command:parameterValue required="false" variableLength="false">DeleteChild</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadAttributes</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteAttributes</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> <command:parameterValue required="false" variableLength="false">AccessSystemSecurity</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: FileDirectoryAccess --> <command:parameter required="true" globbing="false" pipelineInput="false" position="named"> <maml:name>FileDirectoryAccess</maml:name> <maml:description> <maml:para>Specify File Directory access rights.</maml:para> <maml:para>Possible values: None, ListDirectory, AddFile, AddSubDirectory, ReadEa, WriteEa, Traverse, DeleteChild, ReadAttributes, WriteAttributes, GenericRead, GenericWrite, GenericExecute, GenericAll, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, MaximumAllowed, AccessSystemSecurity</maml:para> </maml:description> <command:parameterValue required="true">FileDirectoryAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.FileDirectoryAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">ListDirectory</command:parameterValue> <command:parameterValue required="false" variableLength="false">AddFile</command:parameterValue> <command:parameterValue required="false" variableLength="false">AddSubDirectory</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadEa</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteEa</command:parameterValue> <command:parameterValue required="false" variableLength="false">Traverse</command:parameterValue> <command:parameterValue required="false" variableLength="false">DeleteChild</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadAttributes</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteAttributes</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> <command:parameterValue required="false" variableLength="false">AccessSystemSecurity</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: IoCompletionAccess --> <command:parameter required="true" globbing="false" pipelineInput="false" position="named"> <maml:name>IoCompletionAccess</maml:name> <maml:description> <maml:para>Specify IO Completion access rights.</maml:para> <maml:para>Possible values: QueryState, SetCompletion, GenericRead, GenericWrite, GenericExecute, GenericAll, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, MaximumAllowed, AccessSystemSecurity</maml:para> </maml:description> <command:parameterValue required="true">IoCompletionAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.IoCompletionAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>0</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">QueryState</command:parameterValue> <command:parameterValue required="false" variableLength="false">SetCompletion</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> <command:parameterValue required="false" variableLength="false">AccessSystemSecurity</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: MutantAccess --> <command:parameter required="true" globbing="false" pipelineInput="false" position="named"> <maml:name>MutantAccess</maml:name> <maml:description> <maml:para>Specify Mutant access rights.</maml:para> <maml:para>Possible values: None, ModifyState, GenericRead, GenericWrite, GenericExecute, GenericAll, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, MaximumAllowed, AccessSystemSecurity</maml:para> </maml:description> <command:parameterValue required="true">MutantAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.MutantAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">ModifyState</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> <command:parameterValue required="false" variableLength="false">AccessSystemSecurity</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: SemaphoreAccess --> <command:parameter required="true" globbing="false" pipelineInput="false" position="named"> <maml:name>SemaphoreAccess</maml:name> <maml:description> <maml:para>Specify Semaphore access rights.</maml:para> <maml:para>Possible values: None, QueryState, ModifyState, GenericRead, GenericWrite, GenericExecute, GenericAll, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, MaximumAllowed, AccessSystemSecurity</maml:para> </maml:description> <command:parameterValue required="true">SemaphoreAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SemaphoreAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">QueryState</command:parameterValue> <command:parameterValue required="false" variableLength="false">ModifyState</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> <command:parameterValue required="false" variableLength="false">AccessSystemSecurity</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: RegistryTransactionAccess --> <command:parameter required="true" globbing="false" pipelineInput="false" position="named"> <maml:name>RegistryTransactionAccess</maml:name> <maml:description> <maml:para>Specify Registry Transaction access rights.</maml:para> <maml:para>Possible values: QueryInformation, SetInformation, Enlist, Commit, Rollback, Propagate, GenericRead, GenericWrite, GenericExecute, GenericAll, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, MaximumAllowed, AccessSystemSecurity</maml:para> </maml:description> <command:parameterValue required="true">RegistryTransactionAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.RegistryTransactionAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>0</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">QueryInformation</command:parameterValue> <command:parameterValue required="false" variableLength="false">SetInformation</command:parameterValue> <command:parameterValue required="false" variableLength="false">Enlist</command:parameterValue> <command:parameterValue required="false" variableLength="false">Commit</command:parameterValue> <command:parameterValue required="false" variableLength="false">Rollback</command:parameterValue> <command:parameterValue required="false" variableLength="false">Propagate</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> <command:parameterValue required="false" variableLength="false">AccessSystemSecurity</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: AlpcPortAccess --> <command:parameter required="true" globbing="false" pipelineInput="false" position="named"> <maml:name>AlpcPortAccess</maml:name> <maml:description> <maml:para>Specify ALPC Port access rights.</maml:para> <maml:para>Possible values: Connect, GenericRead, GenericWrite, GenericExecute, GenericAll, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, MaximumAllowed, AccessSystemSecurity</maml:para> </maml:description> <command:parameterValue required="true">AlpcAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.AlpcAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>0</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">Connect</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> <command:parameterValue required="false" variableLength="false">AccessSystemSecurity</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: SectionAccess --> <command:parameter required="true" globbing="false" pipelineInput="false" position="named"> <maml:name>SectionAccess</maml:name> <maml:description> <maml:para>Specify Section access rights.</maml:para> <maml:para>Possible values: Query, MapWrite, MapRead, MapExecute, ExtendSize, MapExecuteExplicit, GenericRead, GenericWrite, GenericExecute, GenericAll, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, MaximumAllowed, AccessSystemSecurity</maml:para> </maml:description> <command:parameterValue required="true">SectionAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SectionAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>0</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">Query</command:parameterValue> <command:parameterValue required="false" variableLength="false">MapWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">MapRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">MapExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">ExtendSize</command:parameterValue> <command:parameterValue required="false" variableLength="false">MapExecuteExplicit</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> <command:parameterValue required="false" variableLength="false">AccessSystemSecurity</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: KeyAccess --> <command:parameter required="true" globbing="false" pipelineInput="false" position="named"> <maml:name>KeyAccess</maml:name> <maml:description> <maml:para>Specify Key access rights.</maml:para> <maml:para>Possible values: QueryValue, SetValue, CreateSubKey, EnumerateSubKeys, Notify, CreateLink, GenericRead, GenericWrite, GenericExecute, GenericAll, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, MaximumAllowed, AccessSystemSecurity</maml:para> </maml:description> <command:parameterValue required="true">KeyAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.KeyAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>0</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">QueryValue</command:parameterValue> <command:parameterValue required="false" variableLength="false">SetValue</command:parameterValue> <command:parameterValue required="false" variableLength="false">CreateSubKey</command:parameterValue> <command:parameterValue required="false" variableLength="false">EnumerateSubKeys</command:parameterValue> <command:parameterValue required="false" variableLength="false">Notify</command:parameterValue> <command:parameterValue required="false" variableLength="false">CreateLink</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> <command:parameterValue required="false" variableLength="false">AccessSystemSecurity</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: EventAccess --> <command:parameter required="true" globbing="false" pipelineInput="false" position="named"> <maml:name>EventAccess</maml:name> <maml:description> <maml:para>Specify Event access rights.</maml:para> <maml:para>Possible values: QueryState, ModifyState, GenericRead, GenericWrite, GenericExecute, GenericAll, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, MaximumAllowed, AccessSystemSecurity</maml:para> </maml:description> <command:parameterValue required="true">EventAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.EventAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>0</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">QueryState</command:parameterValue> <command:parameterValue required="false" variableLength="false">ModifyState</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> <command:parameterValue required="false" variableLength="false">AccessSystemSecurity</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: SymbolicLinkAccess --> <command:parameter required="true" globbing="false" pipelineInput="false" position="named"> <maml:name>SymbolicLinkAccess</maml:name> <maml:description> <maml:para>Specify Symbolic Link access rights.</maml:para> <maml:para>Possible values: Query, Set, GenericRead, GenericWrite, GenericExecute, GenericAll, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, MaximumAllowed, AccessSystemSecurity</maml:para> </maml:description> <command:parameterValue required="true">SymbolicLinkAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SymbolicLinkAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>0</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">Query</command:parameterValue> <command:parameterValue required="false" variableLength="false">Set</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> <command:parameterValue required="false" variableLength="false">AccessSystemSecurity</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: TokenAccess --> <command:parameter required="true" globbing="false" pipelineInput="false" position="named"> <maml:name>TokenAccess</maml:name> <maml:description> <maml:para>Specify Token access rights.</maml:para> <maml:para>Possible values: AssignPrimary, Duplicate, Impersonate, Query, QuerySource, AdjustPrivileges, AdjustGroups, AdjustDefault, AdjustSessionId, GenericRead, GenericWrite, GenericExecute, GenericAll, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, MaximumAllowed, AccessSystemSecurity</maml:para> </maml:description> <command:parameterValue required="true">TokenAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.TokenAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>0</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">AssignPrimary</command:parameterValue> <command:parameterValue required="false" variableLength="false">Duplicate</command:parameterValue> <command:parameterValue required="false" variableLength="false">Impersonate</command:parameterValue> <command:parameterValue required="false" variableLength="false">Query</command:parameterValue> <command:parameterValue required="false" variableLength="false">QuerySource</command:parameterValue> <command:parameterValue required="false" variableLength="false">AdjustPrivileges</command:parameterValue> <command:parameterValue required="false" variableLength="false">AdjustGroups</command:parameterValue> <command:parameterValue required="false" variableLength="false">AdjustDefault</command:parameterValue> <command:parameterValue required="false" variableLength="false">AdjustSessionId</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> <command:parameterValue required="false" variableLength="false">AccessSystemSecurity</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: GenericAccess --> <command:parameter required="true" globbing="false" pipelineInput="false" position="named"> <maml:name>GenericAccess</maml:name> <maml:description> <maml:para>Specify Generic access rights.</maml:para> <maml:para>Possible values: None, Access0, Access1, Access2, Access3, Access4, Access5, Access6, Access7, Access8, Access9, Access10, Access11, Access12, Access13, Access14, Access15, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, AccessSystemSecurity, MaximumAllowed, GenericAll, GenericExecute, GenericWrite, GenericRead</maml:para> </maml:description> <command:parameterValue required="true">GenericAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.GenericAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access0</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access1</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access2</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access3</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access4</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access5</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access6</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access7</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access8</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access9</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access10</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access11</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access12</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access13</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access14</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access15</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">AccessSystemSecurity</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: DirectoryAccess --> <command:parameter required="true" globbing="false" pipelineInput="false" position="named"> <maml:name>DirectoryAccess</maml:name> <maml:description> <maml:para>Specify Directory access rights.</maml:para> <maml:para>Possible values: Query, Traverse, CreateObject, CreateSubDirectory, GenericRead, GenericWrite, GenericExecute, GenericAll, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, MaximumAllowed, AccessSystemSecurity</maml:para> </maml:description> <command:parameterValue required="true">DirectoryAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.DirectoryAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>0</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">Query</command:parameterValue> <command:parameterValue required="false" variableLength="false">Traverse</command:parameterValue> <command:parameterValue required="false" variableLength="false">CreateObject</command:parameterValue> <command:parameterValue required="false" variableLength="false">CreateSubDirectory</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> <command:parameterValue required="false" variableLength="false">AccessSystemSecurity</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: ThreadAccess --> <command:parameter required="true" globbing="false" pipelineInput="false" position="named"> <maml:name>ThreadAccess</maml:name> <maml:description> <maml:para>Specify Thread access rights.</maml:para> <maml:para>Possible values: Terminate, SuspendResume, Alert, GetContext, SetContext, SetInformation, QueryInformation, SetThreadToken, Impersonate, DirectImpersonation, SetLimitedInformation, QueryLimitedInformation, Resume, AllAccess, GenericRead, GenericWrite, GenericExecute, GenericAll, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, MaximumAllowed, AccessSystemSecurity</maml:para> </maml:description> <command:parameterValue required="true">ThreadAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.ThreadAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>0</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">Terminate</command:parameterValue> <command:parameterValue required="false" variableLength="false">SuspendResume</command:parameterValue> <command:parameterValue required="false" variableLength="false">Alert</command:parameterValue> <command:parameterValue required="false" variableLength="false">GetContext</command:parameterValue> <command:parameterValue required="false" variableLength="false">SetContext</command:parameterValue> <command:parameterValue required="false" variableLength="false">SetInformation</command:parameterValue> <command:parameterValue required="false" variableLength="false">QueryInformation</command:parameterValue> <command:parameterValue required="false" variableLength="false">SetThreadToken</command:parameterValue> <command:parameterValue required="false" variableLength="false">Impersonate</command:parameterValue> <command:parameterValue required="false" variableLength="false">DirectImpersonation</command:parameterValue> <command:parameterValue required="false" variableLength="false">SetLimitedInformation</command:parameterValue> <command:parameterValue required="false" variableLength="false">QueryLimitedInformation</command:parameterValue> <command:parameterValue required="false" variableLength="false">Resume</command:parameterValue> <command:parameterValue required="false" variableLength="false">AllAccess</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> <command:parameterValue required="false" variableLength="false">AccessSystemSecurity</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: DebugObjectAccess --> <command:parameter required="true" globbing="false" pipelineInput="false" position="named"> <maml:name>DebugObjectAccess</maml:name> <maml:description> <maml:para>Specify Debug Object access rights.</maml:para> <maml:para>Possible values: ReadEvent, ProcessAssign, SetInformation, QueryInformation, GenericRead, GenericWrite, GenericExecute, GenericAll, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, MaximumAllowed, AccessSystemSecurity</maml:para> </maml:description> <command:parameterValue required="true">DebugAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.DebugAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>0</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">ReadEvent</command:parameterValue> <command:parameterValue required="false" variableLength="false">ProcessAssign</command:parameterValue> <command:parameterValue required="false" variableLength="false">SetInformation</command:parameterValue> <command:parameterValue required="false" variableLength="false">QueryInformation</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> <command:parameterValue required="false" variableLength="false">AccessSystemSecurity</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: JobAccess --> <command:parameter required="true" globbing="false" pipelineInput="false" position="named"> <maml:name>JobAccess</maml:name> <maml:description> <maml:para>Specify Job access rights.</maml:para> <maml:para>Possible values: None, AssignProcess, SetAttributes, Query, Terminate, SetSecurityAttributes, Impersonate, GenericRead, GenericWrite, GenericExecute, GenericAll, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, MaximumAllowed, AccessSystemSecurity</maml:para> </maml:description> <command:parameterValue required="true">JobAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.JobAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">AssignProcess</command:parameterValue> <command:parameterValue required="false" variableLength="false">SetAttributes</command:parameterValue> <command:parameterValue required="false" variableLength="false">Query</command:parameterValue> <command:parameterValue required="false" variableLength="false">Terminate</command:parameterValue> <command:parameterValue required="false" variableLength="false">SetSecurityAttributes</command:parameterValue> <command:parameterValue required="false" variableLength="false">Impersonate</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> <command:parameterValue required="false" variableLength="false">AccessSystemSecurity</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: ProcessAccess --> <command:parameter required="true" globbing="false" pipelineInput="false" position="named"> <maml:name>ProcessAccess</maml:name> <maml:description> <maml:para>Specify Process access rights.</maml:para> <maml:para>Possible values: None, Terminate, CreateThread, SetSessionId, VmOperation, VmRead, VmWrite, DupHandle, CreateProcess, SetQuota, SetInformation, QueryInformation, SuspendResume, QueryLimitedInformation, SetLimitedInformation, AllAccess, GenericRead, GenericWrite, GenericExecute, GenericAll, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, MaximumAllowed, AccessSystemSecurity</maml:para> </maml:description> <command:parameterValue required="true">ProcessAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.ProcessAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">Terminate</command:parameterValue> <command:parameterValue required="false" variableLength="false">CreateThread</command:parameterValue> <command:parameterValue required="false" variableLength="false">SetSessionId</command:parameterValue> <command:parameterValue required="false" variableLength="false">VmOperation</command:parameterValue> <command:parameterValue required="false" variableLength="false">VmRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">VmWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">DupHandle</command:parameterValue> <command:parameterValue required="false" variableLength="false">CreateProcess</command:parameterValue> <command:parameterValue required="false" variableLength="false">SetQuota</command:parameterValue> <command:parameterValue required="false" variableLength="false">SetInformation</command:parameterValue> <command:parameterValue required="false" variableLength="false">QueryInformation</command:parameterValue> <command:parameterValue required="false" variableLength="false">SuspendResume</command:parameterValue> <command:parameterValue required="false" variableLength="false">QueryLimitedInformation</command:parameterValue> <command:parameterValue required="false" variableLength="false">SetLimitedInformation</command:parameterValue> <command:parameterValue required="false" variableLength="false">AllAccess</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> <command:parameterValue required="false" variableLength="false">AccessSystemSecurity</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: TransactionAccess --> <command:parameter required="true" globbing="false" pipelineInput="false" position="named"> <maml:name>TransactionAccess</maml:name> <maml:description> <maml:para>Specify transaction access rights.</maml:para> <maml:para>Possible values: QueryInformation, SetInformation, Enlist, Commit, Rollback, Propagate, RightReserved1, GenericRead, GenericWrite, GenericExecute, GenericAll, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, MaximumAllowed, AccessSystemSecurity</maml:para> </maml:description> <command:parameterValue required="true">TransactionAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.TransactionAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>0</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">QueryInformation</command:parameterValue> <command:parameterValue required="false" variableLength="false">SetInformation</command:parameterValue> <command:parameterValue required="false" variableLength="false">Enlist</command:parameterValue> <command:parameterValue required="false" variableLength="false">Commit</command:parameterValue> <command:parameterValue required="false" variableLength="false">Rollback</command:parameterValue> <command:parameterValue required="false" variableLength="false">Propagate</command:parameterValue> <command:parameterValue required="false" variableLength="false">RightReserved1</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> <command:parameterValue required="false" variableLength="false">AccessSystemSecurity</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: TransactionManagerAccess --> <command:parameter required="true" globbing="false" pipelineInput="false" position="named"> <maml:name>TransactionManagerAccess</maml:name> <maml:description> <maml:para>Specify transaction manager access rights.</maml:para> <maml:para>Possible values: QueryInformation, SetInformation, Recover, Rename, CreateRm, BindTransaction, GenericRead, GenericWrite, GenericExecute, GenericAll, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, MaximumAllowed, AccessSystemSecurity</maml:para> </maml:description> <command:parameterValue required="true">TransactionManagerAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.TransactionManagerAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>0</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">QueryInformation</command:parameterValue> <command:parameterValue required="false" variableLength="false">SetInformation</command:parameterValue> <command:parameterValue required="false" variableLength="false">Recover</command:parameterValue> <command:parameterValue required="false" variableLength="false">Rename</command:parameterValue> <command:parameterValue required="false" variableLength="false">CreateRm</command:parameterValue> <command:parameterValue required="false" variableLength="false">BindTransaction</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> <command:parameterValue required="false" variableLength="false">AccessSystemSecurity</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: ResourceManagerAccess --> <command:parameter required="true" globbing="false" pipelineInput="false" position="named"> <maml:name>ResourceManagerAccess</maml:name> <maml:description> <maml:para>Specify resource manager access rights.</maml:para> <maml:para>Possible values: QueryInformation, SetInformation, Recover, Enlist, GetNotification, RegisterProtocol, CompletePropagation, GenericRead, GenericWrite, GenericExecute, GenericAll, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, MaximumAllowed, AccessSystemSecurity</maml:para> </maml:description> <command:parameterValue required="true">ResourceManagerAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.ResourceManagerAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>0</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">QueryInformation</command:parameterValue> <command:parameterValue required="false" variableLength="false">SetInformation</command:parameterValue> <command:parameterValue required="false" variableLength="false">Recover</command:parameterValue> <command:parameterValue required="false" variableLength="false">Enlist</command:parameterValue> <command:parameterValue required="false" variableLength="false">GetNotification</command:parameterValue> <command:parameterValue required="false" variableLength="false">RegisterProtocol</command:parameterValue> <command:parameterValue required="false" variableLength="false">CompletePropagation</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> <command:parameterValue required="false" variableLength="false">AccessSystemSecurity</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: EnlistmentAccess --> <command:parameter required="true" globbing="false" pipelineInput="false" position="named"> <maml:name>EnlistmentAccess</maml:name> <maml:description> <maml:para>Specify enlistment access rights.</maml:para> <maml:para>Possible values: None, QueryInformation, SetInformation, Recover, SubordinateRights, SuperiorRights, GenericRead, GenericWrite, GenericExecute, GenericAll, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, MaximumAllowed, AccessSystemSecurity</maml:para> </maml:description> <command:parameterValue required="true">EnlistmentAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.EnlistmentAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">QueryInformation</command:parameterValue> <command:parameterValue required="false" variableLength="false">SetInformation</command:parameterValue> <command:parameterValue required="false" variableLength="false">Recover</command:parameterValue> <command:parameterValue required="false" variableLength="false">SubordinateRights</command:parameterValue> <command:parameterValue required="false" variableLength="false">SuperiorRights</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> <command:parameterValue required="false" variableLength="false">AccessSystemSecurity</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: ServiceAccess --> <command:parameter required="true" globbing="false" pipelineInput="false" position="named"> <maml:name>ServiceAccess</maml:name> <maml:description> <maml:para>Specify service access rights.</maml:para> <maml:para>Possible values: QueryConfig, ChangeConfig, QueryStatus, EnumerateDependents, Start, Stop, PauseContinue, Interrogate, UserDefinedControl, SetStatus, All, GenericRead, GenericWrite, GenericExecute, GenericAll, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, MaximumAllowed, AccessSystemSecurity</maml:para> </maml:description> <command:parameterValue required="true">ServiceAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.Win32.ServiceAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>0</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">QueryConfig</command:parameterValue> <command:parameterValue required="false" variableLength="false">ChangeConfig</command:parameterValue> <command:parameterValue required="false" variableLength="false">QueryStatus</command:parameterValue> <command:parameterValue required="false" variableLength="false">EnumerateDependents</command:parameterValue> <command:parameterValue required="false" variableLength="false">Start</command:parameterValue> <command:parameterValue required="false" variableLength="false">Stop</command:parameterValue> <command:parameterValue required="false" variableLength="false">PauseContinue</command:parameterValue> <command:parameterValue required="false" variableLength="false">Interrogate</command:parameterValue> <command:parameterValue required="false" variableLength="false">UserDefinedControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">SetStatus</command:parameterValue> <command:parameterValue required="false" variableLength="false">All</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> <command:parameterValue required="false" variableLength="false">AccessSystemSecurity</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: ServiceControlManagerAccess --> <command:parameter required="true" globbing="false" pipelineInput="false" position="named"> <maml:name>ServiceControlManagerAccess</maml:name> <maml:description> <maml:para>Specify service control manager access rights.</maml:para> <maml:para>Possible values: Connect, CreateService, EnumerateService, Lock, QueryLockStatus, ModifyBootConfig, All, GenericRead, GenericWrite, GenericExecute, GenericAll, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, MaximumAllowed, AccessSystemSecurity</maml:para> </maml:description> <command:parameterValue required="true">ServiceControlManagerAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.Win32.ServiceControlManagerAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>0</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">Connect</command:parameterValue> <command:parameterValue required="false" variableLength="false">CreateService</command:parameterValue> <command:parameterValue required="false" variableLength="false">EnumerateService</command:parameterValue> <command:parameterValue required="false" variableLength="false">Lock</command:parameterValue> <command:parameterValue required="false" variableLength="false">QueryLockStatus</command:parameterValue> <command:parameterValue required="false" variableLength="false">ModifyBootConfig</command:parameterValue> <command:parameterValue required="false" variableLength="false">All</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> <command:parameterValue required="false" variableLength="false">AccessSystemSecurity</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: ManadatoryLabelPolicy --> <command:parameter required="true" globbing="false" pipelineInput="false" position="named"> <maml:name>ManadatoryLabelPolicy</maml:name> <maml:description> <maml:para>Specify mandatory label policy.</maml:para> <maml:para>Possible values: None, NoWriteUp, NoReadUp, NoExecuteUp</maml:para> </maml:description> <command:parameterValue required="true">MandatoryLabelPolicy</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.MandatoryLabelPolicy</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">NoWriteUp</command:parameterValue> <command:parameterValue required="false" variableLength="false">NoReadUp</command:parameterValue> <command:parameterValue required="false" variableLength="false">NoExecuteUp</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: AccessControlEntry --> <command:parameter required="true" globbing="false" pipelineInput="true (ByValue)" position="0" aliases="Ace"> <maml:name>AccessControlEntry</maml:name> <maml:description> <maml:para>Specify an ACE to extract the mask to map.</maml:para> </maml:description> <command:parameterValue required="true">Ace</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.Ace</maml:name> <maml:uri /> </dev:type> </command:parameter> <command:parameter required="true" globbing="false" pipelineInput="true (ByValue)" position="0" aliases="Ace"> <maml:name>Ace</maml:name> <maml:description> <maml:para>Specify an ACE to extract the mask to map.</maml:para> <maml:para>This is an alias of the AccessControlEntry parameter.</maml:para> </maml:description> <command:parameterValue required="true">Ace</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.Ace</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: SecurityInformation --> <command:parameter required="true" globbing="false" pipelineInput="false" position="named"> <maml:name>SecurityInformation</maml:name> <maml:description> <maml:para>Specify a security information to get the access mask.</maml:para> <maml:para>Possible values: Owner, Group, Dacl, Sacl, Label, Attribute, Scope, ProcessTrustLabel, AccessFilter, Backup, ProtectedDacl, ProtectedSacl, UnprotectedDacl, UnprotectedSacl, AllBasic, AllNoSacl, All</maml:para> </maml:description> <command:parameterValue required="true">SecurityInformation</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SecurityInformation</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>0</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">Owner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Group</command:parameterValue> <command:parameterValue required="false" variableLength="false">Dacl</command:parameterValue> <command:parameterValue required="false" variableLength="false">Sacl</command:parameterValue> <command:parameterValue required="false" variableLength="false">Label</command:parameterValue> <command:parameterValue required="false" variableLength="false">Attribute</command:parameterValue> <command:parameterValue required="false" variableLength="false">Scope</command:parameterValue> <command:parameterValue required="false" variableLength="false">ProcessTrustLabel</command:parameterValue> <command:parameterValue required="false" variableLength="false">AccessFilter</command:parameterValue> <command:parameterValue required="false" variableLength="false">Backup</command:parameterValue> <command:parameterValue required="false" variableLength="false">ProtectedDacl</command:parameterValue> <command:parameterValue required="false" variableLength="false">ProtectedSacl</command:parameterValue> <command:parameterValue required="false" variableLength="false">UnprotectedDacl</command:parameterValue> <command:parameterValue required="false" variableLength="false">UnprotectedSacl</command:parameterValue> <command:parameterValue required="false" variableLength="false">AllBasic</command:parameterValue> <command:parameterValue required="false" variableLength="false">AllNoSacl</command:parameterValue> <command:parameterValue required="false" variableLength="false">All</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: SetSecurity --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>SetSecurity</maml:name> <maml:description> <maml:para>Specify to get the set security mask rather than the query.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: AsGenericAccess --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ToGenericAccess"> <maml:name>AsGenericAccess</maml:name> <maml:description> <maml:para>Return access as GenericAccess.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ToGenericAccess"> <maml:name>ToGenericAccess</maml:name> <maml:description> <maml:para>Return access as GenericAccess.</maml:para> <maml:para>This is an alias of the AsGenericAccess parameter.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: AsMandatoryLabelPolicy --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ToMandatoryLabelPolicy"> <maml:name>AsMandatoryLabelPolicy</maml:name> <maml:description> <maml:para>Return access as ManadatoryLabelPolicy.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ToMandatoryLabelPolicy"> <maml:name>ToMandatoryLabelPolicy</maml:name> <maml:description> <maml:para>Return access as ManadatoryLabelPolicy.</maml:para> <maml:para>This is an alias of the AsMandatoryLabelPolicy parameter.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: AsSpecificAccess --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ToSpecificAccess"> <maml:name>AsSpecificAccess</maml:name> <maml:description> <maml:para>Return access as specific access type based on the type enumeration.</maml:para> <maml:para>Possible values: None, ALPCPort, DebugObject, Desktop, Directory, Event, File, Device, IoCompletion, Job, Key, Mutant, Partition, Process, RegistryTransaction, Section, Semaphore, Session, SymbolicLink, Thread, Token, TmTx, WindowStation, TmRm, TmEn, TmTm, Transaction, ResourceManager, Enlistment, TransactionManager, Service, SCM, DirectoryService, Audit</maml:para> </maml:description> <command:parameterValue required="true">SpecificAccessType</command:parameterValue> <dev:type> <maml:name>NtObjectManager.Cmdlets.Object.SpecificAccessType</maml:name> <maml:uri /> <maml:description> <maml:para>Enumeration for specific access type mapping.</maml:para> </maml:description> </dev:type> <dev:defaultValue>None</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">ALPCPort</command:parameterValue> <command:parameterValue required="false" variableLength="false">DebugObject</command:parameterValue> <command:parameterValue required="false" variableLength="false">Desktop</command:parameterValue> <command:parameterValue required="false" variableLength="false">Directory</command:parameterValue> <command:parameterValue required="false" variableLength="false">Event</command:parameterValue> <command:parameterValue required="false" variableLength="false">File</command:parameterValue> <command:parameterValue required="false" variableLength="false">Device</command:parameterValue> <command:parameterValue required="false" variableLength="false">IoCompletion</command:parameterValue> <command:parameterValue required="false" variableLength="false">Job</command:parameterValue> <command:parameterValue required="false" variableLength="false">Key</command:parameterValue> <command:parameterValue required="false" variableLength="false">Mutant</command:parameterValue> <command:parameterValue required="false" variableLength="false">Partition</command:parameterValue> <command:parameterValue required="false" variableLength="false">Process</command:parameterValue> <command:parameterValue required="false" variableLength="false">RegistryTransaction</command:parameterValue> <command:parameterValue required="false" variableLength="false">Section</command:parameterValue> <command:parameterValue required="false" variableLength="false">Semaphore</command:parameterValue> <command:parameterValue required="false" variableLength="false">Session</command:parameterValue> <command:parameterValue required="false" variableLength="false">SymbolicLink</command:parameterValue> <command:parameterValue required="false" variableLength="false">Thread</command:parameterValue> <command:parameterValue required="false" variableLength="false">Token</command:parameterValue> <command:parameterValue required="false" variableLength="false">TmTx</command:parameterValue> <command:parameterValue required="false" variableLength="false">WindowStation</command:parameterValue> <command:parameterValue required="false" variableLength="false">TmRm</command:parameterValue> <command:parameterValue required="false" variableLength="false">TmEn</command:parameterValue> <command:parameterValue required="false" variableLength="false">TmTm</command:parameterValue> <command:parameterValue required="false" variableLength="false">Transaction</command:parameterValue> <command:parameterValue required="false" variableLength="false">ResourceManager</command:parameterValue> <command:parameterValue required="false" variableLength="false">Enlistment</command:parameterValue> <command:parameterValue required="false" variableLength="false">TransactionManager</command:parameterValue> <command:parameterValue required="false" variableLength="false">Service</command:parameterValue> <command:parameterValue required="false" variableLength="false">SCM</command:parameterValue> <command:parameterValue required="false" variableLength="false">DirectoryService</command:parameterValue> <command:parameterValue required="false" variableLength="false">Audit</command:parameterValue> </command:parameterValueGroup> </command:parameter> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ToSpecificAccess"> <maml:name>ToSpecificAccess</maml:name> <maml:description> <maml:para>Return access as specific access type based on the type enumeration.</maml:para> <maml:para>Possible values: None, ALPCPort, DebugObject, Desktop, Directory, Event, File, Device, IoCompletion, Job, Key, Mutant, Partition, Process, RegistryTransaction, Section, Semaphore, Session, SymbolicLink, Thread, Token, TmTx, WindowStation, TmRm, TmEn, TmTm, Transaction, ResourceManager, Enlistment, TransactionManager, Service, SCM, DirectoryService, Audit</maml:para> <maml:para>This is an alias of the AsSpecificAccess parameter.</maml:para> </maml:description> <command:parameterValue required="true">SpecificAccessType</command:parameterValue> <dev:type> <maml:name>NtObjectManager.Cmdlets.Object.SpecificAccessType</maml:name> <maml:uri /> <maml:description> <maml:para>Enumeration for specific access type mapping.</maml:para> </maml:description> </dev:type> <dev:defaultValue>None</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">ALPCPort</command:parameterValue> <command:parameterValue required="false" variableLength="false">DebugObject</command:parameterValue> <command:parameterValue required="false" variableLength="false">Desktop</command:parameterValue> <command:parameterValue required="false" variableLength="false">Directory</command:parameterValue> <command:parameterValue required="false" variableLength="false">Event</command:parameterValue> <command:parameterValue required="false" variableLength="false">File</command:parameterValue> <command:parameterValue required="false" variableLength="false">Device</command:parameterValue> <command:parameterValue required="false" variableLength="false">IoCompletion</command:parameterValue> <command:parameterValue required="false" variableLength="false">Job</command:parameterValue> <command:parameterValue required="false" variableLength="false">Key</command:parameterValue> <command:parameterValue required="false" variableLength="false">Mutant</command:parameterValue> <command:parameterValue required="false" variableLength="false">Partition</command:parameterValue> <command:parameterValue required="false" variableLength="false">Process</command:parameterValue> <command:parameterValue required="false" variableLength="false">RegistryTransaction</command:parameterValue> <command:parameterValue required="false" variableLength="false">Section</command:parameterValue> <command:parameterValue required="false" variableLength="false">Semaphore</command:parameterValue> <command:parameterValue required="false" variableLength="false">Session</command:parameterValue> <command:parameterValue required="false" variableLength="false">SymbolicLink</command:parameterValue> <command:parameterValue required="false" variableLength="false">Thread</command:parameterValue> <command:parameterValue required="false" variableLength="false">Token</command:parameterValue> <command:parameterValue required="false" variableLength="false">TmTx</command:parameterValue> <command:parameterValue required="false" variableLength="false">WindowStation</command:parameterValue> <command:parameterValue required="false" variableLength="false">TmRm</command:parameterValue> <command:parameterValue required="false" variableLength="false">TmEn</command:parameterValue> <command:parameterValue required="false" variableLength="false">TmTm</command:parameterValue> <command:parameterValue required="false" variableLength="false">Transaction</command:parameterValue> <command:parameterValue required="false" variableLength="false">ResourceManager</command:parameterValue> <command:parameterValue required="false" variableLength="false">Enlistment</command:parameterValue> <command:parameterValue required="false" variableLength="false">TransactionManager</command:parameterValue> <command:parameterValue required="false" variableLength="false">Service</command:parameterValue> <command:parameterValue required="false" variableLength="false">SCM</command:parameterValue> <command:parameterValue required="false" variableLength="false">DirectoryService</command:parameterValue> <command:parameterValue required="false" variableLength="false">Audit</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: AsTypeAccess --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ToTypeAccess"> <maml:name>AsTypeAccess</maml:name> <maml:description> <maml:para>Return access as specific access type based on the NtType object.</maml:para> </maml:description> <command:parameterValue required="true">NtType</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtType</maml:name> <maml:uri /> </dev:type> </command:parameter> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ToTypeAccess"> <maml:name>ToTypeAccess</maml:name> <maml:description> <maml:para>Return access as specific access type based on the NtType object.</maml:para> <maml:para>This is an alias of the AsTypeAccess parameter.</maml:para> </maml:description> <command:parameterValue required="true">NtType</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtType</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: MapGenericRights --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>MapGenericRights</maml:name> <maml:description> <maml:para>Specify that any generic rights should be mapped to type specific rights.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: GenericMapping --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>GenericMapping</maml:name> <maml:description> <maml:para>When specifying a Mandatory Label Policy specify GenericMapping to get the mandatory access.</maml:para> </maml:description> <command:parameterValue required="true">GenericMapping</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.GenericMapping</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: AsString --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>AsString</maml:name> <maml:description> <maml:para>Specify to output the access mask a string.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: AsSDKString --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>AsSDKString</maml:name> <maml:description> <maml:para>Specify to output the access mask a string, using SDK names if available.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes> <command:inputType> <dev:type> <maml:name>NtApiDotNet.Ace</maml:name> <maml:uri /> </dev:type> <maml:description> <maml:para>Specify an ACE to extract the mask to map.</maml:para> </maml:description> </command:inputType> </command:inputTypes> <command:returnValues /> <command:examples> <command:example> <maml:title>---------- EXAMPLE 1 ----------</maml:title> <dev:code>Get-NtAccessMask -ProcessAccess DupHandle</dev:code> <dev:remarks> <maml:para>Get the Process DupHandle access right as an AccessMask</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 2 ----------</maml:title> <dev:code>Get-NtAccessMask -ProcessAccess DupHandle -AsGenericAccess</dev:code> <dev:remarks> <maml:para>Get the Process DupHandle access right as a GenericAccess value</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 3 ----------</maml:title> <dev:code>Get-NtAccessMask -AccessMask 0xFF -AsTypeAccess Process</dev:code> <dev:remarks> <maml:para>Convert a raw access mask to a process access mask.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 4 ----------</maml:title> <dev:code>Get-NtAccessMask -AccessControlEntry $sd.Dacl[0] -AsTypeAccess Thread</dev:code> <dev:remarks> <maml:para>Get the access mask from a security descriptor ACE and map to thread access.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 5 ----------</maml:title> <dev:code>$sd.Dacl | Get-NtAccessMask -AsTypeAccess Thread</dev:code> <dev:remarks> <maml:para>Get the access mask from a list of security descriptor ACEs and map to thread access.</maml:para> </dev:remarks> </command:example> </command:examples> </command:command> <!-- Cmdlet: Grant-NtAccessMask --> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"> <command:details> <command:name>Grant-NtAccessMask</command:name> <command:verb>Grant</command:verb> <command:noun>NtAccessMask</command:noun> <maml:description> <maml:para>Grants specific bits on an access mask and returns the updated access mask.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>This cmdlet grants specific bits on an access mask and returns the updated access mask</maml:para> </maml:description> <command:syntax> <!-- Parameter set: SetAccess --> <command:syntaxItem> <maml:name>Grant-NtAccessMask</maml:name> <!-- Parameter: AccessMask --> <command:parameter required="true" globbing="false" pipelineInput="false" position="0"> <maml:name>AccessMask</maml:name> <maml:description> <maml:para>The initial access mask to update.</maml:para> </maml:description> <command:parameterValue required="true">AccessMask</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.AccessMask</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>00000000</dev:defaultValue> </command:parameter> <!-- Parameter: SetAccess --> <command:parameter required="true" globbing="false" pipelineInput="false" position="1"> <maml:name>SetAccess</maml:name> <maml:description> <maml:para>The access mask to grant.</maml:para> <maml:para>Possible values: None, Access0, Access1, Access2, Access3, Access4, Access5, Access6, Access7, Access8, Access9, Access10, Access11, Access12, Access13, Access14, Access15, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, AccessSystemSecurity, MaximumAllowed, GenericAll, GenericExecute, GenericWrite, GenericRead</maml:para> </maml:description> <command:parameterValue required="true">GenericAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.GenericAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access0</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access1</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access2</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access3</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access4</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access5</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access6</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access7</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access8</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access9</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access10</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access11</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access12</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access13</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access14</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access15</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">AccessSystemSecurity</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> </command:parameterValueGroup> </command:parameter> </command:syntaxItem> <!-- Parameter set: RawSetAccess --> <command:syntaxItem> <maml:name>Grant-NtAccessMask</maml:name> <!-- Parameter: AccessMask --> <command:parameter required="true" globbing="false" pipelineInput="false" position="0"> <maml:name>AccessMask</maml:name> <maml:description> <maml:para>The initial access mask to update.</maml:para> </maml:description> <command:parameterValue required="true">AccessMask</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.AccessMask</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>00000000</dev:defaultValue> </command:parameter> <!-- Parameter: RawSetAccess --> <command:parameter required="true" globbing="false" pipelineInput="false" position="1"> <maml:name>RawSetAccess</maml:name> <maml:description> <maml:para>The raw access mask to grant.</maml:para> </maml:description> <command:parameterValue required="true">AccessMask</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.AccessMask</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>00000000</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <!-- Parameter: AccessMask --> <command:parameter required="true" globbing="false" pipelineInput="false" position="0"> <maml:name>AccessMask</maml:name> <maml:description> <maml:para>The initial access mask to update.</maml:para> </maml:description> <command:parameterValue required="true">AccessMask</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.AccessMask</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>00000000</dev:defaultValue> </command:parameter> <!-- Parameter: SetAccess --> <command:parameter required="true" globbing="false" pipelineInput="false" position="1"> <maml:name>SetAccess</maml:name> <maml:description> <maml:para>The access mask to grant.</maml:para> <maml:para>Possible values: None, Access0, Access1, Access2, Access3, Access4, Access5, Access6, Access7, Access8, Access9, Access10, Access11, Access12, Access13, Access14, Access15, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, AccessSystemSecurity, MaximumAllowed, GenericAll, GenericExecute, GenericWrite, GenericRead</maml:para> </maml:description> <command:parameterValue required="true">GenericAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.GenericAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access0</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access1</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access2</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access3</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access4</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access5</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access6</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access7</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access8</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access9</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access10</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access11</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access12</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access13</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access14</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access15</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">AccessSystemSecurity</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: RawSetAccess --> <command:parameter required="true" globbing="false" pipelineInput="false" position="1"> <maml:name>RawSetAccess</maml:name> <maml:description> <maml:para>The raw access mask to grant.</maml:para> </maml:description> <command:parameterValue required="true">AccessMask</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.AccessMask</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>00000000</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes /> <command:returnValues /> <command:examples> <command:example> <maml:title>---------- EXAMPLE 1 ----------</maml:title> <dev:code>$access = Grant-NtAccessMask $access WriteDac</dev:code> <dev:remarks> <maml:para>Adds WriteDac to the access.</maml:para> </dev:remarks> </command:example> </command:examples> </command:command> <!-- Cmdlet: Revoke-NtAccessMask --> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"> <command:details> <command:name>Revoke-NtAccessMask</command:name> <command:verb>Revoke</command:verb> <command:noun>NtAccessMask</command:noun> <maml:description> <maml:para>Revokes specific bits on an access mask and returns the updated access mask.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>This cmdlet revokes specific bits on an access mask and returns the updated access mask</maml:para> </maml:description> <command:syntax> <!-- Parameter set: RevokeAccess --> <command:syntaxItem> <maml:name>Revoke-NtAccessMask</maml:name> <!-- Parameter: AccessMask --> <command:parameter required="true" globbing="false" pipelineInput="false" position="0"> <maml:name>AccessMask</maml:name> <maml:description> <maml:para>The initial access mask to update.</maml:para> </maml:description> <command:parameterValue required="true">AccessMask</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.AccessMask</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>00000000</dev:defaultValue> </command:parameter> <!-- Parameter: RevokeAccess --> <command:parameter required="true" globbing="false" pipelineInput="false" position="1"> <maml:name>RevokeAccess</maml:name> <maml:description> <maml:para>The access mask to grant.</maml:para> <maml:para>Possible values: None, Access0, Access1, Access2, Access3, Access4, Access5, Access6, Access7, Access8, Access9, Access10, Access11, Access12, Access13, Access14, Access15, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, AccessSystemSecurity, MaximumAllowed, GenericAll, GenericExecute, GenericWrite, GenericRead</maml:para> </maml:description> <command:parameterValue required="true">GenericAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.GenericAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access0</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access1</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access2</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access3</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access4</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access5</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access6</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access7</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access8</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access9</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access10</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access11</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access12</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access13</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access14</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access15</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">AccessSystemSecurity</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> </command:parameterValueGroup> </command:parameter> </command:syntaxItem> <!-- Parameter set: RawRevokeAccess --> <command:syntaxItem> <maml:name>Revoke-NtAccessMask</maml:name> <!-- Parameter: AccessMask --> <command:parameter required="true" globbing="false" pipelineInput="false" position="0"> <maml:name>AccessMask</maml:name> <maml:description> <maml:para>The initial access mask to update.</maml:para> </maml:description> <command:parameterValue required="true">AccessMask</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.AccessMask</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>00000000</dev:defaultValue> </command:parameter> <!-- Parameter: RawRevokeAccess --> <command:parameter required="true" globbing="false" pipelineInput="false" position="1"> <maml:name>RawRevokeAccess</maml:name> <maml:description> <maml:para>The raw access mask to grant.</maml:para> </maml:description> <command:parameterValue required="true">AccessMask</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.AccessMask</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>00000000</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <!-- Parameter: AccessMask --> <command:parameter required="true" globbing="false" pipelineInput="false" position="0"> <maml:name>AccessMask</maml:name> <maml:description> <maml:para>The initial access mask to update.</maml:para> </maml:description> <command:parameterValue required="true">AccessMask</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.AccessMask</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>00000000</dev:defaultValue> </command:parameter> <!-- Parameter: RevokeAccess --> <command:parameter required="true" globbing="false" pipelineInput="false" position="1"> <maml:name>RevokeAccess</maml:name> <maml:description> <maml:para>The access mask to grant.</maml:para> <maml:para>Possible values: None, Access0, Access1, Access2, Access3, Access4, Access5, Access6, Access7, Access8, Access9, Access10, Access11, Access12, Access13, Access14, Access15, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, AccessSystemSecurity, MaximumAllowed, GenericAll, GenericExecute, GenericWrite, GenericRead</maml:para> </maml:description> <command:parameterValue required="true">GenericAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.GenericAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access0</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access1</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access2</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access3</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access4</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access5</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access6</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access7</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access8</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access9</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access10</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access11</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access12</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access13</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access14</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access15</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">AccessSystemSecurity</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: RawRevokeAccess --> <command:parameter required="true" globbing="false" pipelineInput="false" position="1"> <maml:name>RawRevokeAccess</maml:name> <maml:description> <maml:para>The raw access mask to grant.</maml:para> </maml:description> <command:parameterValue required="true">AccessMask</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.AccessMask</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>00000000</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes /> <command:returnValues /> <command:examples> <command:example> <maml:title>---------- EXAMPLE 1 ----------</maml:title> <dev:code>$access = Remove-NtAccessMask $access WriteDac</dev:code> <dev:remarks> <maml:para>Remove WriteDac from the access.</maml:para> </dev:remarks> </command:example> </command:examples> </command:command> <!-- Cmdlet: Test-NtAccessMask --> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"> <command:details> <command:name>Test-NtAccessMask</command:name> <command:verb>Test</command:verb> <command:noun>NtAccessMask</command:noun> <maml:description> <maml:para>Tests an access mask for empty or specific bits set.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>This cmdlet tests if an access mask is empty or if one or all bits are set from a comparison access mask.</maml:para> </maml:description> <command:syntax> <!-- Parameter set: AccessCompare --> <command:syntaxItem> <maml:name>Test-NtAccessMask</maml:name> <!-- Parameter: AccessMask --> <command:parameter required="true" globbing="false" pipelineInput="false" position="0"> <maml:name>AccessMask</maml:name> <maml:description> <maml:para>The access mask to test.</maml:para> </maml:description> <command:parameterValue required="true">AccessMask</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.AccessMask</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>00000000</dev:defaultValue> </command:parameter> <!-- Parameter: AccessCompare --> <command:parameter required="true" globbing="false" pipelineInput="false" position="1"> <maml:name>AccessCompare</maml:name> <maml:description> <maml:para>The access mask to compare to.</maml:para> <maml:para>Possible values: None, Access0, Access1, Access2, Access3, Access4, Access5, Access6, Access7, Access8, Access9, Access10, Access11, Access12, Access13, Access14, Access15, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, AccessSystemSecurity, MaximumAllowed, GenericAll, GenericExecute, GenericWrite, GenericRead</maml:para> </maml:description> <command:parameterValue required="true">GenericAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.GenericAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access0</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access1</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access2</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access3</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access4</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access5</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access6</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access7</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access8</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access9</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access10</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access11</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access12</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access13</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access14</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access15</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">AccessSystemSecurity</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: All --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>All</maml:name> <maml:description> <maml:para>Check all access is in the mask.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> </command:syntaxItem> <!-- Parameter set: RawAccessCompare --> <command:syntaxItem> <maml:name>Test-NtAccessMask</maml:name> <!-- Parameter: AccessMask --> <command:parameter required="true" globbing="false" pipelineInput="false" position="0"> <maml:name>AccessMask</maml:name> <maml:description> <maml:para>The access mask to test.</maml:para> </maml:description> <command:parameterValue required="true">AccessMask</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.AccessMask</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>00000000</dev:defaultValue> </command:parameter> <!-- Parameter: RawAccessCompare --> <command:parameter required="true" globbing="false" pipelineInput="false" position="1"> <maml:name>RawAccessCompare</maml:name> <maml:description> <maml:para>The raw access mask to compare to.</maml:para> </maml:description> <command:parameterValue required="true">AccessMask</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.AccessMask</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>00000000</dev:defaultValue> </command:parameter> <!-- Parameter: All --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>All</maml:name> <maml:description> <maml:para>Check all access is in the mask.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> </command:syntaxItem> <!-- Parameter set: AccessEmpty --> <command:syntaxItem> <maml:name>Test-NtAccessMask</maml:name> <!-- Parameter: AccessMask --> <command:parameter required="true" globbing="false" pipelineInput="false" position="0"> <maml:name>AccessMask</maml:name> <maml:description> <maml:para>The access mask to test.</maml:para> </maml:description> <command:parameterValue required="true">AccessMask</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.AccessMask</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>00000000</dev:defaultValue> </command:parameter> <!-- Parameter: Empty --> <command:parameter required="true" globbing="false" pipelineInput="false" position="named"> <maml:name>Empty</maml:name> <maml:description> <maml:para>Test if access mask is empty.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> </command:syntaxItem> <!-- Parameter set: WriteRestricted --> <command:syntaxItem> <maml:name>Test-NtAccessMask</maml:name> <!-- Parameter: AccessMask --> <command:parameter required="true" globbing="false" pipelineInput="false" position="0"> <maml:name>AccessMask</maml:name> <maml:description> <maml:para>The access mask to test.</maml:para> </maml:description> <command:parameterValue required="true">AccessMask</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.AccessMask</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>00000000</dev:defaultValue> </command:parameter> <!-- Parameter: WriteRestricted --> <command:parameter required="true" globbing="false" pipelineInput="false" position="named"> <maml:name>WriteRestricted</maml:name> <maml:description> <maml:para>Specify the GenericMapping to check if Access Mask would be Write Restricted.</maml:para> </maml:description> <command:parameterValue required="true">GenericMapping</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.GenericMapping</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>R:00000000 W:00000000 E:00000000 A:00000000</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <!-- Parameter: AccessMask --> <command:parameter required="true" globbing="false" pipelineInput="false" position="0"> <maml:name>AccessMask</maml:name> <maml:description> <maml:para>The access mask to test.</maml:para> </maml:description> <command:parameterValue required="true">AccessMask</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.AccessMask</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>00000000</dev:defaultValue> </command:parameter> <!-- Parameter: AccessCompare --> <command:parameter required="true" globbing="false" pipelineInput="false" position="1"> <maml:name>AccessCompare</maml:name> <maml:description> <maml:para>The access mask to compare to.</maml:para> <maml:para>Possible values: None, Access0, Access1, Access2, Access3, Access4, Access5, Access6, Access7, Access8, Access9, Access10, Access11, Access12, Access13, Access14, Access15, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, AccessSystemSecurity, MaximumAllowed, GenericAll, GenericExecute, GenericWrite, GenericRead</maml:para> </maml:description> <command:parameterValue required="true">GenericAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.GenericAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access0</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access1</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access2</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access3</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access4</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access5</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access6</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access7</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access8</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access9</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access10</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access11</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access12</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access13</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access14</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access15</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">AccessSystemSecurity</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: RawAccessCompare --> <command:parameter required="true" globbing="false" pipelineInput="false" position="1"> <maml:name>RawAccessCompare</maml:name> <maml:description> <maml:para>The raw access mask to compare to.</maml:para> </maml:description> <command:parameterValue required="true">AccessMask</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.AccessMask</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>00000000</dev:defaultValue> </command:parameter> <!-- Parameter: All --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>All</maml:name> <maml:description> <maml:para>Check all access is in the mask.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: Empty --> <command:parameter required="true" globbing="false" pipelineInput="false" position="named"> <maml:name>Empty</maml:name> <maml:description> <maml:para>Test if access mask is empty.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: WriteRestricted --> <command:parameter required="true" globbing="false" pipelineInput="false" position="named"> <maml:name>WriteRestricted</maml:name> <maml:description> <maml:para>Specify the GenericMapping to check if Access Mask would be Write Restricted.</maml:para> </maml:description> <command:parameterValue required="true">GenericMapping</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.GenericMapping</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>R:00000000 W:00000000 E:00000000 A:00000000</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes /> <command:returnValues /> <command:examples> <command:example> <maml:title>---------- EXAMPLE 1 ----------</maml:title> <dev:code>Test-NtAccessMask $access WriteDac</dev:code> <dev:remarks> <maml:para>Checks if an access mask has WriteDac access.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 2 ----------</maml:title> <dev:code>Test-NtAccessMask $access WriteDac, ReadControl -All</dev:code> <dev:remarks> <maml:para>Checks if an access mask has WriteDac and ReadControl access.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 3 ----------</maml:title> <dev:code>Test-NtAccessMask $access WriteDac, ReadControl</dev:code> <dev:remarks> <maml:para>Checks if an access mask has WriteDac or ReadControl access.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 4 ----------</maml:title> <dev:code>Test-NtAccessMask $access -Empty</dev:code> <dev:remarks> <maml:para>Checks if an access mask is empty.</maml:para> </dev:remarks> </command:example> </command:examples> </command:command> <!-- Cmdlet: Test-NtAceCondition --> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"> <command:details> <command:name>Test-NtAceCondition</command:name> <command:verb>Test</command:verb> <command:noun>NtAceCondition</command:noun> <maml:description> <maml:para>Checks a ACE conditional express evaluated to a true.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>This cmdlet evaluates an ACE conditional express to see if a specified token would match.</maml:para> </maml:description> <command:syntax> <!-- Parameter set: FromSddl --> <command:syntaxItem> <maml:name>Test-NtAceCondition</maml:name> <!-- Parameter: Condition --> <command:parameter required="true" globbing="false" pipelineInput="false" position="0"> <maml:name>Condition</maml:name> <maml:description> <maml:para>Specify the conditional expression as an SDDL string.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: ResourceAttribute --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ResourceAttribute</maml:name> <maml:description> <maml:para>Specify a list of resource attributes.</maml:para> </maml:description> <command:parameterValue required="true">ClaimSecurityAttribute[]</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.ClaimSecurityAttribute[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Token --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Token</maml:name> <maml:description> <maml:para>Specify the token to test.</maml:para> </maml:description> <command:parameterValue required="true">NtToken</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtToken</maml:name> <maml:uri /> </dev:type> </command:parameter> </command:syntaxItem> <!-- Parameter set: FromData --> <command:syntaxItem> <maml:name>Test-NtAceCondition</maml:name> <!-- Parameter: ConditionData --> <command:parameter required="true" globbing="false" pipelineInput="false" position="0"> <maml:name>ConditionData</maml:name> <maml:description> <maml:para>Specify the conditional expression as a byte array.</maml:para> </maml:description> <command:parameterValue required="true">byte[]</command:parameterValue> <dev:type> <maml:name>System.Byte[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: ResourceAttribute --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ResourceAttribute</maml:name> <maml:description> <maml:para>Specify a list of resource attributes.</maml:para> </maml:description> <command:parameterValue required="true">ClaimSecurityAttribute[]</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.ClaimSecurityAttribute[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Token --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Token</maml:name> <maml:description> <maml:para>Specify the token to test.</maml:para> </maml:description> <command:parameterValue required="true">NtToken</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtToken</maml:name> <maml:uri /> </dev:type> </command:parameter> </command:syntaxItem> <!-- Parameter set: FromAce --> <command:syntaxItem> <maml:name>Test-NtAceCondition</maml:name> <!-- Parameter: Ace --> <command:parameter required="true" globbing="false" pipelineInput="false" position="0"> <maml:name>Ace</maml:name> <maml:description> <maml:para>Specify a conditional ACE. Note that only the conditional expression is used, not the Sid or Mask.</maml:para> </maml:description> <command:parameterValue required="true">Ace</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.Ace</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: ResourceAttribute --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ResourceAttribute</maml:name> <maml:description> <maml:para>Specify a list of resource attributes.</maml:para> </maml:description> <command:parameterValue required="true">ClaimSecurityAttribute[]</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.ClaimSecurityAttribute[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Token --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Token</maml:name> <maml:description> <maml:para>Specify the token to test.</maml:para> </maml:description> <command:parameterValue required="true">NtToken</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtToken</maml:name> <maml:uri /> </dev:type> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <!-- Parameter: Token --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Token</maml:name> <maml:description> <maml:para>Specify the token to test.</maml:para> </maml:description> <command:parameterValue required="true">NtToken</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtToken</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Condition --> <command:parameter required="true" globbing="false" pipelineInput="false" position="0"> <maml:name>Condition</maml:name> <maml:description> <maml:para>Specify the conditional expression as an SDDL string.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: ConditionData --> <command:parameter required="true" globbing="false" pipelineInput="false" position="0"> <maml:name>ConditionData</maml:name> <maml:description> <maml:para>Specify the conditional expression as a byte array.</maml:para> </maml:description> <command:parameterValue required="true">byte[]</command:parameterValue> <dev:type> <maml:name>System.Byte[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Ace --> <command:parameter required="true" globbing="false" pipelineInput="false" position="0"> <maml:name>Ace</maml:name> <maml:description> <maml:para>Specify a conditional ACE. Note that only the conditional expression is used, not the Sid or Mask.</maml:para> </maml:description> <command:parameterValue required="true">Ace</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.Ace</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: ResourceAttribute --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ResourceAttribute</maml:name> <maml:description> <maml:para>Specify a list of resource attributes.</maml:para> </maml:description> <command:parameterValue required="true">ClaimSecurityAttribute[]</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.ClaimSecurityAttribute[]</maml:name> <maml:uri /> </dev:type> </command:parameter> </command:parameters> <command:inputTypes /> <command:returnValues /> <command:examples> <command:example> <maml:title>---------- EXAMPLE 1 ----------</maml:title> <dev:code>Test-NtAceCondition -Token $token</dev:code> <dev:remarks> <maml:para>Checks if the token can be impersonated at impersonation level.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 2 ----------</maml:title> <dev:code>Test-NtAceCondition -Condition "WIN://ABC == 100"</dev:code> <dev:remarks> <maml:para>Checks the expression "WIN://ABC == 100" matches the effective token.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 3 ----------</maml:title> <dev:code>Test-NtAceCondition -Condition "WIN://ABC == 100" -Token $token</dev:code> <dev:remarks> <maml:para>Checks the expression "WIN://ABC == 100" matches a specified token.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 4 ----------</maml:title> <dev:code>Test-NtAceCondition -ConditionData $ba</dev:code> <dev:remarks> <maml:para>Checks the expression as a byte array matches the effective token.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 5 ----------</maml:title> <dev:code>Test-NtAceCondition -Ace $ace</dev:code> <dev:remarks> <maml:para>Checks the expression from a conditional ACE matches the effective token.</maml:para> </dev:remarks> </command:example> </command:examples> </command:command> <!-- Cmdlet: Connect-NtAlpcClient --> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"> <command:details> <command:name>Connect-NtAlpcClient</command:name> <command:verb>Connect</command:verb> <command:noun>NtAlpcClient</command:noun> <maml:description> <maml:para>Connects to an ALPC server by path.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>This cmdlet connects to an existing NT ALPC server. The absolute path to the object in the NT object manager name space must be specified. It's also possible to create the object relative to an existing object by specified the -Root parameter (if running on Win8+).</maml:para> </maml:description> <command:syntax> <!-- Parameter set: SidCheck --> <command:syntaxItem> <maml:name>Connect-NtAlpcClient</maml:name> <!-- Parameter: Path --> <command:parameter required="true" globbing="false" pipelineInput="false" position="0"> <maml:name>Path</maml:name> <maml:description> <maml:para>The NT object manager path to the object to use.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: AttributeFlags --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ObjectAttributes,AttributesFlags"> <maml:name>AttributeFlags</maml:name> <maml:description> <maml:para>Object Attribute flags used during Open/Create calls.</maml:para> <maml:para>Possible values: None, ProtectClose, Inherit, AuditObjectClose, Permanent, Exclusive, CaseInsensitive, OpenIf, OpenLink, KernelHandle, ForceAccessCheck, IgnoreImpersonatedDevicemap, DontReparse</maml:para> </maml:description> <command:parameterValue required="true">AttributeFlags</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.AttributeFlags</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>CaseInsensitive</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">ProtectClose</command:parameterValue> <command:parameterValue required="false" variableLength="false">Inherit</command:parameterValue> <command:parameterValue required="false" variableLength="false">AuditObjectClose</command:parameterValue> <command:parameterValue required="false" variableLength="false">Permanent</command:parameterValue> <command:parameterValue required="false" variableLength="false">Exclusive</command:parameterValue> <command:parameterValue required="false" variableLength="false">CaseInsensitive</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenIf</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenLink</command:parameterValue> <command:parameterValue required="false" variableLength="false">KernelHandle</command:parameterValue> <command:parameterValue required="false" variableLength="false">ForceAccessCheck</command:parameterValue> <command:parameterValue required="false" variableLength="false">IgnoreImpersonatedDevicemap</command:parameterValue> <command:parameterValue required="false" variableLength="false">DontReparse</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: Close --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Close</maml:name> <maml:description> <maml:para>Close the object immediately and don't pass to the output. This is useful to create permanent objects without needing to close the handle manually.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: CloseRoot --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CloseRoot</maml:name> <maml:description> <maml:para>Automatically close the Root object when this cmdlet finishes processing. Useful for pipelines.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: ConnectionMessage --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ConnectionMessage</maml:name> <maml:description> <maml:para>Optional initial connection message.</maml:para> </maml:description> <command:parameterValue required="true">AlpcMessage</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.AlpcMessage</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: CreateDirectories --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CreateDirectories</maml:name> <maml:description> <maml:para>Create any necessary NtDirectory objects to create the required object. Will return the created directories as well as the object in the output. The new object will be the first entry in the list. This doesn't work when opening an object or creating keys/files.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: Flags --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Flags</maml:name> <maml:description> <maml:para>Flags for sending the initial message.</maml:para> <maml:para>Possible values: None, ReplyMessage, LpcMode, ReleaseMessage, SyncRequest, TrackPortReferences, WaitUserMode, WaitAlertable, WaitChargePolicy, Unknown1000000, Wow64Call</maml:para> </maml:description> <command:parameterValue required="true">AlpcMessageFlags</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.AlpcMessageFlags</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>SyncRequest</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReplyMessage</command:parameterValue> <command:parameterValue required="false" variableLength="false">LpcMode</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReleaseMessage</command:parameterValue> <command:parameterValue required="false" variableLength="false">SyncRequest</command:parameterValue> <command:parameterValue required="false" variableLength="false">TrackPortReferences</command:parameterValue> <command:parameterValue required="false" variableLength="false">WaitUserMode</command:parameterValue> <command:parameterValue required="false" variableLength="false">WaitAlertable</command:parameterValue> <command:parameterValue required="false" variableLength="false">WaitChargePolicy</command:parameterValue> <command:parameterValue required="false" variableLength="false">Unknown1000000</command:parameterValue> <command:parameterValue required="false" variableLength="false">Wow64Call</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: HandleObjectAttributes --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>HandleObjectAttributes</maml:name> <maml:description> <maml:para>Optional object attributes for the handle.</maml:para> </maml:description> <command:parameterValue required="true">ObjectAttributes</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.ObjectAttributes</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Inherit --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Inherit</maml:name> <maml:description> <maml:para>Set to mark the new handle as inheritable. Can be used with ObjectAttributes.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: InMessageAttributes --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>InMessageAttributes</maml:name> <maml:description> <maml:para>Optional inbound message attributes.</maml:para> </maml:description> <command:parameterValue required="true">AlpcReceiveMessageAttributes</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.AlpcReceiveMessageAttributes</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: OutMessageAttributes --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>OutMessageAttributes</maml:name> <maml:description> <maml:para>Optional outbound message attributes.</maml:para> </maml:description> <command:parameterValue required="true">AlpcSendMessageAttributes</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.AlpcSendMessageAttributes</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: PortAttributes --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>PortAttributes</maml:name> <maml:description> <maml:para>Optional port attributes.</maml:para> </maml:description> <command:parameterValue required="true">AlpcPortAttributes</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.AlpcPortAttributes</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: RequiredServerSid --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>RequiredServerSid</maml:name> <maml:description> <maml:para>Optional SID to verify the server's identity.</maml:para> </maml:description> <command:parameterValue required="true">Sid</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.Sid</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Root --> <command:parameter required="false" globbing="false" pipelineInput="true (ByValue)" position="named"> <maml:name>Root</maml:name> <maml:description> <maml:para>An existing open NT object to use when Path is relative.</maml:para> </maml:description> <command:parameterValue required="true">NtObject</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtObject</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: ScriptBlock --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ScriptBlock</maml:name> <maml:description> <maml:para>Invoke a script block on the created object before writing it to the output. Can be used in combination with the Close to map objects to some value.</maml:para> </maml:description> <command:parameterValue required="true">ScriptBlock</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.ScriptBlock</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Sddl --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Sddl</maml:name> <maml:description> <maml:para>Set to provide an explicit security descriptor to a newly created object in SDDL format.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: SecurityDescriptor --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>SecurityDescriptor</maml:name> <maml:description> <maml:para>Set to provide an explicit security descriptor to a newly created object.</maml:para> </maml:description> <command:parameterValue required="true">SecurityDescriptor</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SecurityDescriptor</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: SecurityQualityOfService --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>SecurityQualityOfService</maml:name> <maml:description> <maml:para>Set to provide an explicit security quality of service when opening files/namedpipes.</maml:para> </maml:description> <command:parameterValue required="true">SecurityQualityOfService</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SecurityQualityOfService</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Timeout --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Timeout</maml:name> <maml:description> <maml:para>Optional connection timeout.</maml:para> </maml:description> <command:parameterValue required="true">NtWaitTimeout</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtWaitTimeout</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Win32Path --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Win32Path</maml:name> <maml:description> <maml:para>Use a Win32 path for lookups. For NT objects this means relative to BNO, for files means a DOS style path.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> </command:syntaxItem> <!-- Parameter set: SdCheck --> <command:syntaxItem> <maml:name>Connect-NtAlpcClient</maml:name> <!-- Parameter: Path --> <command:parameter required="true" globbing="false" pipelineInput="false" position="0"> <maml:name>Path</maml:name> <maml:description> <maml:para>The NT object manager path to the object to use.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: AttributeFlags --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ObjectAttributes,AttributesFlags"> <maml:name>AttributeFlags</maml:name> <maml:description> <maml:para>Object Attribute flags used during Open/Create calls.</maml:para> <maml:para>Possible values: None, ProtectClose, Inherit, AuditObjectClose, Permanent, Exclusive, CaseInsensitive, OpenIf, OpenLink, KernelHandle, ForceAccessCheck, IgnoreImpersonatedDevicemap, DontReparse</maml:para> </maml:description> <command:parameterValue required="true">AttributeFlags</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.AttributeFlags</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>CaseInsensitive</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">ProtectClose</command:parameterValue> <command:parameterValue required="false" variableLength="false">Inherit</command:parameterValue> <command:parameterValue required="false" variableLength="false">AuditObjectClose</command:parameterValue> <command:parameterValue required="false" variableLength="false">Permanent</command:parameterValue> <command:parameterValue required="false" variableLength="false">Exclusive</command:parameterValue> <command:parameterValue required="false" variableLength="false">CaseInsensitive</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenIf</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenLink</command:parameterValue> <command:parameterValue required="false" variableLength="false">KernelHandle</command:parameterValue> <command:parameterValue required="false" variableLength="false">ForceAccessCheck</command:parameterValue> <command:parameterValue required="false" variableLength="false">IgnoreImpersonatedDevicemap</command:parameterValue> <command:parameterValue required="false" variableLength="false">DontReparse</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: Close --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Close</maml:name> <maml:description> <maml:para>Close the object immediately and don't pass to the output. This is useful to create permanent objects without needing to close the handle manually.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: CloseRoot --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CloseRoot</maml:name> <maml:description> <maml:para>Automatically close the Root object when this cmdlet finishes processing. Useful for pipelines.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: ConnectionMessage --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ConnectionMessage</maml:name> <maml:description> <maml:para>Optional initial connection message.</maml:para> </maml:description> <command:parameterValue required="true">AlpcMessage</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.AlpcMessage</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: CreateDirectories --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CreateDirectories</maml:name> <maml:description> <maml:para>Create any necessary NtDirectory objects to create the required object. Will return the created directories as well as the object in the output. The new object will be the first entry in the list. This doesn't work when opening an object or creating keys/files.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: Flags --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Flags</maml:name> <maml:description> <maml:para>Flags for sending the initial message.</maml:para> <maml:para>Possible values: None, ReplyMessage, LpcMode, ReleaseMessage, SyncRequest, TrackPortReferences, WaitUserMode, WaitAlertable, WaitChargePolicy, Unknown1000000, Wow64Call</maml:para> </maml:description> <command:parameterValue required="true">AlpcMessageFlags</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.AlpcMessageFlags</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>SyncRequest</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReplyMessage</command:parameterValue> <command:parameterValue required="false" variableLength="false">LpcMode</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReleaseMessage</command:parameterValue> <command:parameterValue required="false" variableLength="false">SyncRequest</command:parameterValue> <command:parameterValue required="false" variableLength="false">TrackPortReferences</command:parameterValue> <command:parameterValue required="false" variableLength="false">WaitUserMode</command:parameterValue> <command:parameterValue required="false" variableLength="false">WaitAlertable</command:parameterValue> <command:parameterValue required="false" variableLength="false">WaitChargePolicy</command:parameterValue> <command:parameterValue required="false" variableLength="false">Unknown1000000</command:parameterValue> <command:parameterValue required="false" variableLength="false">Wow64Call</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: HandleObjectAttributes --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>HandleObjectAttributes</maml:name> <maml:description> <maml:para>Optional object attributes for the handle.</maml:para> </maml:description> <command:parameterValue required="true">ObjectAttributes</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.ObjectAttributes</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Inherit --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Inherit</maml:name> <maml:description> <maml:para>Set to mark the new handle as inheritable. Can be used with ObjectAttributes.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: InMessageAttributes --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>InMessageAttributes</maml:name> <maml:description> <maml:para>Optional inbound message attributes.</maml:para> </maml:description> <command:parameterValue required="true">AlpcReceiveMessageAttributes</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.AlpcReceiveMessageAttributes</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: OutMessageAttributes --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>OutMessageAttributes</maml:name> <maml:description> <maml:para>Optional outbound message attributes.</maml:para> </maml:description> <command:parameterValue required="true">AlpcSendMessageAttributes</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.AlpcSendMessageAttributes</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: PortAttributes --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>PortAttributes</maml:name> <maml:description> <maml:para>Optional port attributes.</maml:para> </maml:description> <command:parameterValue required="true">AlpcPortAttributes</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.AlpcPortAttributes</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Root --> <command:parameter required="false" globbing="false" pipelineInput="true (ByValue)" position="named"> <maml:name>Root</maml:name> <maml:description> <maml:para>An existing open NT object to use when Path is relative.</maml:para> </maml:description> <command:parameterValue required="true">NtObject</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtObject</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: ScriptBlock --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ScriptBlock</maml:name> <maml:description> <maml:para>Invoke a script block on the created object before writing it to the output. Can be used in combination with the Close to map objects to some value.</maml:para> </maml:description> <command:parameterValue required="true">ScriptBlock</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.ScriptBlock</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Sddl --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Sddl</maml:name> <maml:description> <maml:para>Set to provide an explicit security descriptor to a newly created object in SDDL format.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: SecurityDescriptor --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>SecurityDescriptor</maml:name> <maml:description> <maml:para>Set to provide an explicit security descriptor to a newly created object.</maml:para> </maml:description> <command:parameterValue required="true">SecurityDescriptor</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SecurityDescriptor</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: SecurityQualityOfService --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>SecurityQualityOfService</maml:name> <maml:description> <maml:para>Set to provide an explicit security quality of service when opening files/namedpipes.</maml:para> </maml:description> <command:parameterValue required="true">SecurityQualityOfService</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SecurityQualityOfService</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: ServerSecurityRequirements --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ServerSecurityRequirements</maml:name> <maml:description> <maml:para>Optional security descriptor to verify the server's identity.</maml:para> </maml:description> <command:parameterValue required="true">SecurityDescriptor</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SecurityDescriptor</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Timeout --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Timeout</maml:name> <maml:description> <maml:para>Optional connection timeout.</maml:para> </maml:description> <command:parameterValue required="true">NtWaitTimeout</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtWaitTimeout</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Win32Path --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Win32Path</maml:name> <maml:description> <maml:para>Use a Win32 path for lookups. For NT objects this means relative to BNO, for files means a DOS style path.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <!-- Parameter: Path --> <command:parameter required="true" globbing="false" pipelineInput="false" position="0"> <maml:name>Path</maml:name> <maml:description> <maml:para>The NT object manager path to the object to use.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: HandleObjectAttributes --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>HandleObjectAttributes</maml:name> <maml:description> <maml:para>Optional object attributes for the handle.</maml:para> </maml:description> <command:parameterValue required="true">ObjectAttributes</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.ObjectAttributes</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: PortAttributes --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>PortAttributes</maml:name> <maml:description> <maml:para>Optional port attributes.</maml:para> </maml:description> <command:parameterValue required="true">AlpcPortAttributes</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.AlpcPortAttributes</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Flags --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Flags</maml:name> <maml:description> <maml:para>Flags for sending the initial message.</maml:para> <maml:para>Possible values: None, ReplyMessage, LpcMode, ReleaseMessage, SyncRequest, TrackPortReferences, WaitUserMode, WaitAlertable, WaitChargePolicy, Unknown1000000, Wow64Call</maml:para> </maml:description> <command:parameterValue required="true">AlpcMessageFlags</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.AlpcMessageFlags</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>SyncRequest</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReplyMessage</command:parameterValue> <command:parameterValue required="false" variableLength="false">LpcMode</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReleaseMessage</command:parameterValue> <command:parameterValue required="false" variableLength="false">SyncRequest</command:parameterValue> <command:parameterValue required="false" variableLength="false">TrackPortReferences</command:parameterValue> <command:parameterValue required="false" variableLength="false">WaitUserMode</command:parameterValue> <command:parameterValue required="false" variableLength="false">WaitAlertable</command:parameterValue> <command:parameterValue required="false" variableLength="false">WaitChargePolicy</command:parameterValue> <command:parameterValue required="false" variableLength="false">Unknown1000000</command:parameterValue> <command:parameterValue required="false" variableLength="false">Wow64Call</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: RequiredServerSid --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>RequiredServerSid</maml:name> <maml:description> <maml:para>Optional SID to verify the server's identity.</maml:para> </maml:description> <command:parameterValue required="true">Sid</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.Sid</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: ServerSecurityRequirements --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ServerSecurityRequirements</maml:name> <maml:description> <maml:para>Optional security descriptor to verify the server's identity.</maml:para> </maml:description> <command:parameterValue required="true">SecurityDescriptor</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SecurityDescriptor</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: ConnectionMessage --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ConnectionMessage</maml:name> <maml:description> <maml:para>Optional initial connection message.</maml:para> </maml:description> <command:parameterValue required="true">AlpcMessage</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.AlpcMessage</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: OutMessageAttributes --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>OutMessageAttributes</maml:name> <maml:description> <maml:para>Optional outbound message attributes.</maml:para> </maml:description> <command:parameterValue required="true">AlpcSendMessageAttributes</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.AlpcSendMessageAttributes</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: InMessageAttributes --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>InMessageAttributes</maml:name> <maml:description> <maml:para>Optional inbound message attributes.</maml:para> </maml:description> <command:parameterValue required="true">AlpcReceiveMessageAttributes</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.AlpcReceiveMessageAttributes</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Timeout --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Timeout</maml:name> <maml:description> <maml:para>Optional connection timeout.</maml:para> </maml:description> <command:parameterValue required="true">NtWaitTimeout</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtWaitTimeout</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Root --> <command:parameter required="false" globbing="false" pipelineInput="true (ByValue)" position="named"> <maml:name>Root</maml:name> <maml:description> <maml:para>An existing open NT object to use when Path is relative.</maml:para> </maml:description> <command:parameterValue required="true">NtObject</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtObject</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Win32Path --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Win32Path</maml:name> <maml:description> <maml:para>Use a Win32 path for lookups. For NT objects this means relative to BNO, for files means a DOS style path.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: CloseRoot --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CloseRoot</maml:name> <maml:description> <maml:para>Automatically close the Root object when this cmdlet finishes processing. Useful for pipelines.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: CreateDirectories --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CreateDirectories</maml:name> <maml:description> <maml:para>Create any necessary NtDirectory objects to create the required object. Will return the created directories as well as the object in the output. The new object will be the first entry in the list. This doesn't work when opening an object or creating keys/files.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: AttributeFlags --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ObjectAttributes,AttributesFlags"> <maml:name>AttributeFlags</maml:name> <maml:description> <maml:para>Object Attribute flags used during Open/Create calls.</maml:para> <maml:para>Possible values: None, ProtectClose, Inherit, AuditObjectClose, Permanent, Exclusive, CaseInsensitive, OpenIf, OpenLink, KernelHandle, ForceAccessCheck, IgnoreImpersonatedDevicemap, DontReparse</maml:para> </maml:description> <command:parameterValue required="true">AttributeFlags</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.AttributeFlags</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>CaseInsensitive</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">ProtectClose</command:parameterValue> <command:parameterValue required="false" variableLength="false">Inherit</command:parameterValue> <command:parameterValue required="false" variableLength="false">AuditObjectClose</command:parameterValue> <command:parameterValue required="false" variableLength="false">Permanent</command:parameterValue> <command:parameterValue required="false" variableLength="false">Exclusive</command:parameterValue> <command:parameterValue required="false" variableLength="false">CaseInsensitive</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenIf</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenLink</command:parameterValue> <command:parameterValue required="false" variableLength="false">KernelHandle</command:parameterValue> <command:parameterValue required="false" variableLength="false">ForceAccessCheck</command:parameterValue> <command:parameterValue required="false" variableLength="false">IgnoreImpersonatedDevicemap</command:parameterValue> <command:parameterValue required="false" variableLength="false">DontReparse</command:parameterValue> </command:parameterValueGroup> </command:parameter> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ObjectAttributes,AttributesFlags"> <maml:name>ObjectAttributes</maml:name> <maml:description> <maml:para>Object Attribute flags used during Open/Create calls.</maml:para> <maml:para>Possible values: None, ProtectClose, Inherit, AuditObjectClose, Permanent, Exclusive, CaseInsensitive, OpenIf, OpenLink, KernelHandle, ForceAccessCheck, IgnoreImpersonatedDevicemap, DontReparse</maml:para> <maml:para>This is an alias of the AttributeFlags parameter.</maml:para> </maml:description> <command:parameterValue required="true">AttributeFlags</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.AttributeFlags</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>CaseInsensitive</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">ProtectClose</command:parameterValue> <command:parameterValue required="false" variableLength="false">Inherit</command:parameterValue> <command:parameterValue required="false" variableLength="false">AuditObjectClose</command:parameterValue> <command:parameterValue required="false" variableLength="false">Permanent</command:parameterValue> <command:parameterValue required="false" variableLength="false">Exclusive</command:parameterValue> <command:parameterValue required="false" variableLength="false">CaseInsensitive</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenIf</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenLink</command:parameterValue> <command:parameterValue required="false" variableLength="false">KernelHandle</command:parameterValue> <command:parameterValue required="false" variableLength="false">ForceAccessCheck</command:parameterValue> <command:parameterValue required="false" variableLength="false">IgnoreImpersonatedDevicemap</command:parameterValue> <command:parameterValue required="false" variableLength="false">DontReparse</command:parameterValue> </command:parameterValueGroup> </command:parameter> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ObjectAttributes,AttributesFlags"> <maml:name>AttributesFlags</maml:name> <maml:description> <maml:para>Object Attribute flags used during Open/Create calls.</maml:para> <maml:para>Possible values: None, ProtectClose, Inherit, AuditObjectClose, Permanent, Exclusive, CaseInsensitive, OpenIf, OpenLink, KernelHandle, ForceAccessCheck, IgnoreImpersonatedDevicemap, DontReparse</maml:para> <maml:para>This is an alias of the AttributeFlags parameter.</maml:para> </maml:description> <command:parameterValue required="true">AttributeFlags</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.AttributeFlags</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>CaseInsensitive</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">ProtectClose</command:parameterValue> <command:parameterValue required="false" variableLength="false">Inherit</command:parameterValue> <command:parameterValue required="false" variableLength="false">AuditObjectClose</command:parameterValue> <command:parameterValue required="false" variableLength="false">Permanent</command:parameterValue> <command:parameterValue required="false" variableLength="false">Exclusive</command:parameterValue> <command:parameterValue required="false" variableLength="false">CaseInsensitive</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenIf</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenLink</command:parameterValue> <command:parameterValue required="false" variableLength="false">KernelHandle</command:parameterValue> <command:parameterValue required="false" variableLength="false">ForceAccessCheck</command:parameterValue> <command:parameterValue required="false" variableLength="false">IgnoreImpersonatedDevicemap</command:parameterValue> <command:parameterValue required="false" variableLength="false">DontReparse</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: SecurityDescriptor --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>SecurityDescriptor</maml:name> <maml:description> <maml:para>Set to provide an explicit security descriptor to a newly created object.</maml:para> </maml:description> <command:parameterValue required="true">SecurityDescriptor</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SecurityDescriptor</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Inherit --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Inherit</maml:name> <maml:description> <maml:para>Set to mark the new handle as inheritable. Can be used with ObjectAttributes.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: Sddl --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Sddl</maml:name> <maml:description> <maml:para>Set to provide an explicit security descriptor to a newly created object in SDDL format.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: SecurityQualityOfService --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>SecurityQualityOfService</maml:name> <maml:description> <maml:para>Set to provide an explicit security quality of service when opening files/namedpipes.</maml:para> </maml:description> <command:parameterValue required="true">SecurityQualityOfService</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SecurityQualityOfService</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Close --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Close</maml:name> <maml:description> <maml:para>Close the object immediately and don't pass to the output. This is useful to create permanent objects without needing to close the handle manually.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: ScriptBlock --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ScriptBlock</maml:name> <maml:description> <maml:para>Invoke a script block on the created object before writing it to the output. Can be used in combination with the Close to map objects to some value.</maml:para> </maml:description> <command:parameterValue required="true">ScriptBlock</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.ScriptBlock</maml:name> <maml:uri /> </dev:type> </command:parameter> </command:parameters> <command:inputTypes> <command:inputType> <dev:type> <maml:name>NtApiDotNet.NtObject</maml:name> <maml:uri /> </dev:type> <maml:description> <maml:para>An existing open NT object to use when Path is relative.</maml:para> </maml:description> </command:inputType> </command:inputTypes> <command:returnValues> <!-- OutputType: NtAlpcClient --> <command:returnValue> <dev:type> <maml:name>NtApiDotNet.NtAlpcClient</maml:name> <maml:uri /> </dev:type> </command:returnValue> </command:returnValues> <command:examples> <command:example> <maml:title>---------- EXAMPLE 1 ----------</maml:title> <dev:code>$obj = Connect-NtAlpcClient "\RPC Control\ABC"</dev:code> <dev:remarks> <maml:para>Connect to an ALPC object with an absolute path.</maml:para> </dev:remarks> </command:example> </command:examples> <maml:relatedLinks> <maml:navigationLink> <maml:linkText>about_ManagingNtObjectLifetime</maml:linkText> </maml:navigationLink> </maml:relatedLinks> </command:command> <!-- Cmdlet: New-NtAlpcDataView --> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"> <command:details> <command:name>New-NtAlpcDataView</command:name> <command:verb>New</command:verb> <command:noun>NtAlpcDataView</command:noun> <maml:description> <maml:para>Creates a new data view from a port section.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>This cmdlet creates a new data view from a port section specified size and flags.</maml:para> </maml:description> <command:syntax> <!-- Parameter set: __AllParameterSets --> <command:syntaxItem> <maml:name>New-NtAlpcDataView</maml:name> <!-- Parameter: Section --> <command:parameter required="true" globbing="false" pipelineInput="false" position="0"> <maml:name>Section</maml:name> <maml:description> <maml:para>Specify the port to create the port section from.</maml:para> </maml:description> <command:parameterValue required="true">AlpcPortSection</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.AlpcPortSection</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Size --> <command:parameter required="false" globbing="false" pipelineInput="false" position="1"> <maml:name>Size</maml:name> <maml:description> <maml:para>Specify the size of the data view. This will be rounded up to the nearest allocation boundary.</maml:para> </maml:description> <command:parameterValue required="true">long</command:parameterValue> <dev:type> <maml:name>System.Int64</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>0</dev:defaultValue> </command:parameter> <!-- Parameter: Flags --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Flags</maml:name> <maml:description> <maml:para>Specify data view attribute flags.</maml:para> <maml:para>Possible values: None, ReleaseView, AutoRelease, Secure</maml:para> </maml:description> <command:parameterValue required="true">AlpcDataViewAttrFlags</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.AlpcDataViewAttrFlags</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReleaseView</command:parameterValue> <command:parameterValue required="false" variableLength="false">AutoRelease</command:parameterValue> <command:parameterValue required="false" variableLength="false">Secure</command:parameterValue> </command:parameterValueGroup> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <!-- Parameter: Section --> <command:parameter required="true" globbing="false" pipelineInput="false" position="0"> <maml:name>Section</maml:name> <maml:description> <maml:para>Specify the port to create the port section from.</maml:para> </maml:description> <command:parameterValue required="true">AlpcPortSection</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.AlpcPortSection</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Size --> <command:parameter required="false" globbing="false" pipelineInput="false" position="1"> <maml:name>Size</maml:name> <maml:description> <maml:para>Specify the size of the data view. This will be rounded up to the nearest allocation boundary.</maml:para> </maml:description> <command:parameterValue required="true">long</command:parameterValue> <dev:type> <maml:name>System.Int64</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>0</dev:defaultValue> </command:parameter> <!-- Parameter: Flags --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Flags</maml:name> <maml:description> <maml:para>Specify data view attribute flags.</maml:para> <maml:para>Possible values: None, ReleaseView, AutoRelease, Secure</maml:para> </maml:description> <command:parameterValue required="true">AlpcDataViewAttrFlags</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.AlpcDataViewAttrFlags</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReleaseView</command:parameterValue> <command:parameterValue required="false" variableLength="false">AutoRelease</command:parameterValue> <command:parameterValue required="false" variableLength="false">Secure</command:parameterValue> </command:parameterValueGroup> </command:parameter> </command:parameters> <command:inputTypes /> <command:returnValues> <!-- OutputType: SafeAlpcDataViewBuffer --> <command:returnValue> <dev:type> <maml:name>NtApiDotNet.SafeAlpcDataViewBuffer</maml:name> <maml:uri /> </dev:type> </command:returnValue> </command:returnValues> <command:examples> <command:example> <maml:title>---------- EXAMPLE 1 ----------</maml:title> <dev:code>$s = New-NtAlpcDataView -Section $section -Size 10000</dev:code> <dev:remarks> <maml:para>Create a new data view with size 10000.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 2 ----------</maml:title> <dev:code>$s = New-NtAlpcDataView -Size 10000 -Flags Secure</dev:code> <dev:remarks> <maml:para>Create a new secure data view section of size 10000.</maml:para> </dev:remarks> </command:example> </command:examples> <maml:relatedLinks> <maml:navigationLink> <maml:linkText>about_ManagingNtObjectLifetime</maml:linkText> </maml:navigationLink> </maml:relatedLinks> </command:command> <!-- Cmdlet: New-NtAlpcMessage --> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"> <command:details> <command:name>New-NtAlpcMessage</command:name> <command:verb>New</command:verb> <command:noun>NtAlpcMessage</command:noun> <maml:description> <maml:para>Creates a new ALPC message.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>This cmdlet creates a new ALPC message based on a byte array or an length initializer. You can also specify a text encoding which allows you to use the DataString property.</maml:para> </maml:description> <command:syntax> <!-- Parameter set: FromBytes --> <command:syntaxItem> <maml:name>New-NtAlpcMessage</maml:name> <!-- Parameter: Bytes --> <command:parameter required="true" globbing="false" pipelineInput="false" position="0"> <maml:name>Bytes</maml:name> <maml:description> <maml:para>Create the message from a byte array.</maml:para> </maml:description> <command:parameterValue required="true">byte[]</command:parameterValue> <dev:type> <maml:name>System.Byte[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: AllocatedDataLength --> <command:parameter required="false" globbing="false" pipelineInput="false" position="1"> <maml:name>AllocatedDataLength</maml:name> <maml:description> <maml:para>Specify the message with allocated length.</maml:para> </maml:description> <command:parameterValue required="true">int</command:parameterValue> <dev:type> <maml:name>System.Int32</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>65495</dev:defaultValue> </command:parameter> <!-- Parameter: Encoding --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Encoding</maml:name> <maml:description> <maml:para>Get or set the text encoding for this message.</maml:para> <maml:para>Possible values: Binary, Unicode, BigEndianUnicode, UTF8, UTF32, UTF7</maml:para> </maml:description> <command:parameterValue required="true">TextEncodingType</command:parameterValue> <dev:type> <maml:name>NtObjectManager.Utils.TextEncodingType</maml:name> <maml:uri /> <maml:description> <maml:para>Enumeration to specify a text encoding.</maml:para> </maml:description> </dev:type> <dev:defaultValue>Unicode</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">Binary</command:parameterValue> <command:parameterValue required="false" variableLength="false">Unicode</command:parameterValue> <command:parameterValue required="false" variableLength="false">BigEndianUnicode</command:parameterValue> <command:parameterValue required="false" variableLength="false">UTF8</command:parameterValue> <command:parameterValue required="false" variableLength="false">UTF32</command:parameterValue> <command:parameterValue required="false" variableLength="false">UTF7</command:parameterValue> </command:parameterValueGroup> </command:parameter> </command:syntaxItem> <!-- Parameter set: FromString --> <command:syntaxItem> <maml:name>New-NtAlpcMessage</maml:name> <!-- Parameter: String --> <command:parameter required="true" globbing="false" pipelineInput="false" position="0"> <maml:name>String</maml:name> <maml:description> <maml:para>Create the message from a string.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: AllocatedDataLength --> <command:parameter required="false" globbing="false" pipelineInput="false" position="1"> <maml:name>AllocatedDataLength</maml:name> <maml:description> <maml:para>Specify the message with allocated length.</maml:para> </maml:description> <command:parameterValue required="true">int</command:parameterValue> <dev:type> <maml:name>System.Int32</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>65495</dev:defaultValue> </command:parameter> <!-- Parameter: Encoding --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Encoding</maml:name> <maml:description> <maml:para>Get or set the text encoding for this message.</maml:para> <maml:para>Possible values: Binary, Unicode, BigEndianUnicode, UTF8, UTF32, UTF7</maml:para> </maml:description> <command:parameterValue required="true">TextEncodingType</command:parameterValue> <dev:type> <maml:name>NtObjectManager.Utils.TextEncodingType</maml:name> <maml:uri /> <maml:description> <maml:para>Enumeration to specify a text encoding.</maml:para> </maml:description> </dev:type> <dev:defaultValue>Unicode</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">Binary</command:parameterValue> <command:parameterValue required="false" variableLength="false">Unicode</command:parameterValue> <command:parameterValue required="false" variableLength="false">BigEndianUnicode</command:parameterValue> <command:parameterValue required="false" variableLength="false">UTF8</command:parameterValue> <command:parameterValue required="false" variableLength="false">UTF32</command:parameterValue> <command:parameterValue required="false" variableLength="false">UTF7</command:parameterValue> </command:parameterValueGroup> </command:parameter> </command:syntaxItem> <!-- Parameter set: FromLength --> <command:syntaxItem> <maml:name>New-NtAlpcMessage</maml:name> <!-- Parameter: AllocatedDataLength --> <command:parameter required="false" globbing="false" pipelineInput="false" position="0"> <maml:name>AllocatedDataLength</maml:name> <maml:description> <maml:para>Specify the message with allocated length.</maml:para> </maml:description> <command:parameterValue required="true">int</command:parameterValue> <dev:type> <maml:name>System.Int32</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>65495</dev:defaultValue> </command:parameter> <!-- Parameter: Encoding --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Encoding</maml:name> <maml:description> <maml:para>Get or set the text encoding for this message.</maml:para> <maml:para>Possible values: Binary, Unicode, BigEndianUnicode, UTF8, UTF32, UTF7</maml:para> </maml:description> <command:parameterValue required="true">TextEncodingType</command:parameterValue> <dev:type> <maml:name>NtObjectManager.Utils.TextEncodingType</maml:name> <maml:uri /> <maml:description> <maml:para>Enumeration to specify a text encoding.</maml:para> </maml:description> </dev:type> <dev:defaultValue>Unicode</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">Binary</command:parameterValue> <command:parameterValue required="false" variableLength="false">Unicode</command:parameterValue> <command:parameterValue required="false" variableLength="false">BigEndianUnicode</command:parameterValue> <command:parameterValue required="false" variableLength="false">UTF8</command:parameterValue> <command:parameterValue required="false" variableLength="false">UTF32</command:parameterValue> <command:parameterValue required="false" variableLength="false">UTF7</command:parameterValue> </command:parameterValueGroup> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <!-- Parameter: Bytes --> <command:parameter required="true" globbing="false" pipelineInput="false" position="0"> <maml:name>Bytes</maml:name> <maml:description> <maml:para>Create the message from a byte array.</maml:para> </maml:description> <command:parameterValue required="true">byte[]</command:parameterValue> <dev:type> <maml:name>System.Byte[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: String --> <command:parameter required="true" globbing="false" pipelineInput="false" position="0"> <maml:name>String</maml:name> <maml:description> <maml:para>Create the message from a string.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Encoding --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Encoding</maml:name> <maml:description> <maml:para>Get or set the text encoding for this message.</maml:para> <maml:para>Possible values: Binary, Unicode, BigEndianUnicode, UTF8, UTF32, UTF7</maml:para> </maml:description> <command:parameterValue required="true">TextEncodingType</command:parameterValue> <dev:type> <maml:name>NtObjectManager.Utils.TextEncodingType</maml:name> <maml:uri /> <maml:description> <maml:para>Enumeration to specify a text encoding.</maml:para> </maml:description> </dev:type> <dev:defaultValue>Unicode</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">Binary</command:parameterValue> <command:parameterValue required="false" variableLength="false">Unicode</command:parameterValue> <command:parameterValue required="false" variableLength="false">BigEndianUnicode</command:parameterValue> <command:parameterValue required="false" variableLength="false">UTF8</command:parameterValue> <command:parameterValue required="false" variableLength="false">UTF32</command:parameterValue> <command:parameterValue required="false" variableLength="false">UTF7</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: AllocatedDataLength --> <command:parameter required="false" globbing="false" pipelineInput="false" position="0"> <maml:name>AllocatedDataLength</maml:name> <maml:description> <maml:para>Specify the message with allocated length.</maml:para> </maml:description> <command:parameterValue required="true">int</command:parameterValue> <dev:type> <maml:name>System.Int32</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>65495</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes /> <command:returnValues> <!-- OutputType: AlpcMessage --> <command:returnValue> <dev:type> <maml:name>NtApiDotNet.AlpcMessage</maml:name> <maml:uri /> </dev:type> </command:returnValue> </command:returnValues> <command:examples> <command:example> <maml:title>---------- EXAMPLE 1 ----------</maml:title> <dev:code>$msg = New-NtAlpcMessage -Bytes @(0, 1, 2, 3)</dev:code> <dev:remarks> <maml:para>Create a new message from a byte array.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 2 ----------</maml:title> <dev:code>$msg = New-NtAlpcMessage -Bytes @(0, 1, 2, 3) -AllocatedDataLength 1000</dev:code> <dev:remarks> <maml:para>Create a new message from a byte array with an allocated length of 1000 bytes.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 3 ----------</maml:title> <dev:code>$msg = New-NtAlpcMessage -AllocatedDataLength 1000</dev:code> <dev:remarks> <maml:para>Create a new message with an allocated length of 1000 bytes.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 4 ----------</maml:title> <dev:code>$msg = New-NtAlpcMessage -AllocatedDataLength 1000 -Encoding UTF8</dev:code> <dev:remarks> <maml:para>Create a new message with an allocated length of 1000 bytes and the message encoding is UTF8.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 5 ----------</maml:title> <dev:code>$msg = New-NtAlpcMessage -String "Hello World!"</dev:code> <dev:remarks> <maml:para>Create a new message from a unicode string.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 6 ----------</maml:title> <dev:code>$msg = New-NtAlpcMessage -String "Hello World!" -Encoding UTF8</dev:code> <dev:remarks> <maml:para>Create a new message from a UTF8 string.</maml:para> </dev:remarks> </command:example> </command:examples> <maml:relatedLinks> <maml:navigationLink> <maml:linkText>about_ManagingNtObjectLifetime</maml:linkText> </maml:navigationLink> </maml:relatedLinks> </command:command> <!-- Cmdlet: Receive-NtAlpcMessage --> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"> <command:details> <command:name>Receive-NtAlpcMessage</command:name> <command:verb>Receive</command:verb> <command:noun>NtAlpcMessage</command:noun> <maml:description> <maml:para>Receives a message on an ALPC port.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>This cmdlet receives a message on an ALPC port.</maml:para> </maml:description> <command:syntax> <!-- Parameter set: __AllParameterSets --> <command:syntaxItem> <maml:name>Receive-NtAlpcMessage</maml:name> <!-- Parameter: Port --> <command:parameter required="true" globbing="false" pipelineInput="false" position="0"> <maml:name>Port</maml:name> <maml:description> <maml:para>Specify the port to send the message on.</maml:para> </maml:description> <command:parameterValue required="true">NtAlpc</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtAlpc</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: ReceiveLength --> <command:parameter required="false" globbing="false" pipelineInput="false" position="1"> <maml:name>ReceiveLength</maml:name> <maml:description> <maml:para>Specify the maximum length of message to receive.</maml:para> </maml:description> <command:parameterValue required="true">int</command:parameterValue> <dev:type> <maml:name>System.Int32</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>65495</dev:defaultValue> </command:parameter> <!-- Parameter: Flags --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Flags</maml:name> <maml:description> <maml:para>Specify send flags.</maml:para> <maml:para>Possible values: None, ReplyMessage, LpcMode, ReleaseMessage, SyncRequest, TrackPortReferences, WaitUserMode, WaitAlertable, WaitChargePolicy, Unknown1000000, Wow64Call</maml:para> </maml:description> <command:parameterValue required="true">AlpcMessageFlags</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.AlpcMessageFlags</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>ReleaseMessage</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReplyMessage</command:parameterValue> <command:parameterValue required="false" variableLength="false">LpcMode</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReleaseMessage</command:parameterValue> <command:parameterValue required="false" variableLength="false">SyncRequest</command:parameterValue> <command:parameterValue required="false" variableLength="false">TrackPortReferences</command:parameterValue> <command:parameterValue required="false" variableLength="false">WaitUserMode</command:parameterValue> <command:parameterValue required="false" variableLength="false">WaitAlertable</command:parameterValue> <command:parameterValue required="false" variableLength="false">WaitChargePolicy</command:parameterValue> <command:parameterValue required="false" variableLength="false">Unknown1000000</command:parameterValue> <command:parameterValue required="false" variableLength="false">Wow64Call</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: ReceiveAttributes --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ReceiveAttributes</maml:name> <maml:description> <maml:para>Specify receive attributes.</maml:para> </maml:description> <command:parameterValue required="true">AlpcReceiveMessageAttributes</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.AlpcReceiveMessageAttributes</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: TimeoutMs --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>TimeoutMs</maml:name> <maml:description> <maml:para>Specify optional timeout in MS.</maml:para> </maml:description> <command:parameterValue required="true">long</command:parameterValue> <dev:type> <maml:name>System.Int64</maml:name> <maml:uri /> </dev:type> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <!-- Parameter: Port --> <command:parameter required="true" globbing="false" pipelineInput="false" position="0"> <maml:name>Port</maml:name> <maml:description> <maml:para>Specify the port to send the message on.</maml:para> </maml:description> <command:parameterValue required="true">NtAlpc</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtAlpc</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Flags --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Flags</maml:name> <maml:description> <maml:para>Specify send flags.</maml:para> <maml:para>Possible values: None, ReplyMessage, LpcMode, ReleaseMessage, SyncRequest, TrackPortReferences, WaitUserMode, WaitAlertable, WaitChargePolicy, Unknown1000000, Wow64Call</maml:para> </maml:description> <command:parameterValue required="true">AlpcMessageFlags</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.AlpcMessageFlags</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>ReleaseMessage</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReplyMessage</command:parameterValue> <command:parameterValue required="false" variableLength="false">LpcMode</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReleaseMessage</command:parameterValue> <command:parameterValue required="false" variableLength="false">SyncRequest</command:parameterValue> <command:parameterValue required="false" variableLength="false">TrackPortReferences</command:parameterValue> <command:parameterValue required="false" variableLength="false">WaitUserMode</command:parameterValue> <command:parameterValue required="false" variableLength="false">WaitAlertable</command:parameterValue> <command:parameterValue required="false" variableLength="false">WaitChargePolicy</command:parameterValue> <command:parameterValue required="false" variableLength="false">Unknown1000000</command:parameterValue> <command:parameterValue required="false" variableLength="false">Wow64Call</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: TimeoutMs --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>TimeoutMs</maml:name> <maml:description> <maml:para>Specify optional timeout in MS.</maml:para> </maml:description> <command:parameterValue required="true">long</command:parameterValue> <dev:type> <maml:name>System.Int64</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: ReceiveLength --> <command:parameter required="false" globbing="false" pipelineInput="false" position="1"> <maml:name>ReceiveLength</maml:name> <maml:description> <maml:para>Specify the maximum length of message to receive.</maml:para> </maml:description> <command:parameterValue required="true">int</command:parameterValue> <dev:type> <maml:name>System.Int32</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>65495</dev:defaultValue> </command:parameter> <!-- Parameter: ReceiveAttributes --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ReceiveAttributes</maml:name> <maml:description> <maml:para>Specify receive attributes.</maml:para> </maml:description> <command:parameterValue required="true">AlpcReceiveMessageAttributes</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.AlpcReceiveMessageAttributes</maml:name> <maml:uri /> </dev:type> </command:parameter> </command:parameters> <command:inputTypes /> <command:returnValues /> <command:examples> <command:example> <maml:title>---------- EXAMPLE 1 ----------</maml:title> <dev:code>$recv_msg = Receive-NtAlpcMessage -Port $port -ReceiveLength 80</dev:code> <dev:remarks> <maml:para>Receive a message of up to 80 bytes.</maml:para> </dev:remarks> </command:example> </command:examples> <maml:relatedLinks> <maml:navigationLink> <maml:linkText>about_ManagingNtObjectLifetime</maml:linkText> </maml:navigationLink> </maml:relatedLinks> </command:command> <!-- Cmdlet: Send-NtAlpcMessage --> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"> <command:details> <command:name>Send-NtAlpcMessage</command:name> <command:verb>Send</command:verb> <command:noun>NtAlpcMessage</command:noun> <maml:description> <maml:para>Sends a message on an ALPC port and optionally receives one as well.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>This cmdlet sends a message on an ALPC port and optionally receives ones.</maml:para> </maml:description> <command:syntax> <!-- Parameter set: FromBytes --> <command:syntaxItem> <maml:name>Send-NtAlpcMessage</maml:name> <!-- Parameter: Port --> <command:parameter required="true" globbing="false" pipelineInput="false" position="0"> <maml:name>Port</maml:name> <maml:description> <maml:para>Specify the port to send the message on.</maml:para> </maml:description> <command:parameterValue required="true">NtAlpc</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtAlpc</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Bytes --> <command:parameter required="true" globbing="false" pipelineInput="false" position="1"> <maml:name>Bytes</maml:name> <maml:description> <maml:para>Specify message to send from a byte array.</maml:para> </maml:description> <command:parameterValue required="true">byte[]</command:parameterValue> <dev:type> <maml:name>System.Byte[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Flags --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Flags</maml:name> <maml:description> <maml:para>Specify send flags.</maml:para> <maml:para>Possible values: None, ReplyMessage, LpcMode, ReleaseMessage, SyncRequest, TrackPortReferences, WaitUserMode, WaitAlertable, WaitChargePolicy, Unknown1000000, Wow64Call</maml:para> </maml:description> <command:parameterValue required="true">AlpcMessageFlags</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.AlpcMessageFlags</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>ReleaseMessage</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReplyMessage</command:parameterValue> <command:parameterValue required="false" variableLength="false">LpcMode</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReleaseMessage</command:parameterValue> <command:parameterValue required="false" variableLength="false">SyncRequest</command:parameterValue> <command:parameterValue required="false" variableLength="false">TrackPortReferences</command:parameterValue> <command:parameterValue required="false" variableLength="false">WaitUserMode</command:parameterValue> <command:parameterValue required="false" variableLength="false">WaitAlertable</command:parameterValue> <command:parameterValue required="false" variableLength="false">WaitChargePolicy</command:parameterValue> <command:parameterValue required="false" variableLength="false">Unknown1000000</command:parameterValue> <command:parameterValue required="false" variableLength="false">Wow64Call</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: ReceiveAttributes --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ReceiveAttributes</maml:name> <maml:description> <maml:para>Specify receive attributes.</maml:para> </maml:description> <command:parameterValue required="true">AlpcReceiveMessageAttributes</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.AlpcReceiveMessageAttributes</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: ReceiveLength --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ReceiveLength</maml:name> <maml:description> <maml:para>Specify optional length of message to receive.</maml:para> </maml:description> <command:parameterValue required="true">int</command:parameterValue> <dev:type> <maml:name>System.Int32</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: SendAttributes --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>SendAttributes</maml:name> <maml:description> <maml:para>Specify send attributes.</maml:para> </maml:description> <command:parameterValue required="true">AlpcSendMessageAttributes</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.AlpcSendMessageAttributes</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: TimeoutMs --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>TimeoutMs</maml:name> <maml:description> <maml:para>Specify optional timeout in MS.</maml:para> </maml:description> <command:parameterValue required="true">long</command:parameterValue> <dev:type> <maml:name>System.Int64</maml:name> <maml:uri /> </dev:type> </command:parameter> </command:syntaxItem> <!-- Parameter set: FromMsg --> <command:syntaxItem> <maml:name>Send-NtAlpcMessage</maml:name> <!-- Parameter: Port --> <command:parameter required="true" globbing="false" pipelineInput="false" position="0"> <maml:name>Port</maml:name> <maml:description> <maml:para>Specify the port to send the message on.</maml:para> </maml:description> <command:parameterValue required="true">NtAlpc</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtAlpc</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Message --> <command:parameter required="true" globbing="false" pipelineInput="false" position="1"> <maml:name>Message</maml:name> <maml:description> <maml:para>Specify message to send.</maml:para> </maml:description> <command:parameterValue required="true">AlpcMessage</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.AlpcMessage</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Flags --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Flags</maml:name> <maml:description> <maml:para>Specify send flags.</maml:para> <maml:para>Possible values: None, ReplyMessage, LpcMode, ReleaseMessage, SyncRequest, TrackPortReferences, WaitUserMode, WaitAlertable, WaitChargePolicy, Unknown1000000, Wow64Call</maml:para> </maml:description> <command:parameterValue required="true">AlpcMessageFlags</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.AlpcMessageFlags</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>ReleaseMessage</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReplyMessage</command:parameterValue> <command:parameterValue required="false" variableLength="false">LpcMode</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReleaseMessage</command:parameterValue> <command:parameterValue required="false" variableLength="false">SyncRequest</command:parameterValue> <command:parameterValue required="false" variableLength="false">TrackPortReferences</command:parameterValue> <command:parameterValue required="false" variableLength="false">WaitUserMode</command:parameterValue> <command:parameterValue required="false" variableLength="false">WaitAlertable</command:parameterValue> <command:parameterValue required="false" variableLength="false">WaitChargePolicy</command:parameterValue> <command:parameterValue required="false" variableLength="false">Unknown1000000</command:parameterValue> <command:parameterValue required="false" variableLength="false">Wow64Call</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: ReceiveAttributes --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ReceiveAttributes</maml:name> <maml:description> <maml:para>Specify receive attributes.</maml:para> </maml:description> <command:parameterValue required="true">AlpcReceiveMessageAttributes</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.AlpcReceiveMessageAttributes</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: ReceiveLength --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ReceiveLength</maml:name> <maml:description> <maml:para>Specify optional length of message to receive.</maml:para> </maml:description> <command:parameterValue required="true">int</command:parameterValue> <dev:type> <maml:name>System.Int32</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: SendAttributes --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>SendAttributes</maml:name> <maml:description> <maml:para>Specify send attributes.</maml:para> </maml:description> <command:parameterValue required="true">AlpcSendMessageAttributes</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.AlpcSendMessageAttributes</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: TimeoutMs --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>TimeoutMs</maml:name> <maml:description> <maml:para>Specify optional timeout in MS.</maml:para> </maml:description> <command:parameterValue required="true">long</command:parameterValue> <dev:type> <maml:name>System.Int64</maml:name> <maml:uri /> </dev:type> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <!-- Parameter: Port --> <command:parameter required="true" globbing="false" pipelineInput="false" position="0"> <maml:name>Port</maml:name> <maml:description> <maml:para>Specify the port to send the message on.</maml:para> </maml:description> <command:parameterValue required="true">NtAlpc</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtAlpc</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Bytes --> <command:parameter required="true" globbing="false" pipelineInput="false" position="1"> <maml:name>Bytes</maml:name> <maml:description> <maml:para>Specify message to send from a byte array.</maml:para> </maml:description> <command:parameterValue required="true">byte[]</command:parameterValue> <dev:type> <maml:name>System.Byte[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Message --> <command:parameter required="true" globbing="false" pipelineInput="false" position="1"> <maml:name>Message</maml:name> <maml:description> <maml:para>Specify message to send.</maml:para> </maml:description> <command:parameterValue required="true">AlpcMessage</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.AlpcMessage</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Flags --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Flags</maml:name> <maml:description> <maml:para>Specify send flags.</maml:para> <maml:para>Possible values: None, ReplyMessage, LpcMode, ReleaseMessage, SyncRequest, TrackPortReferences, WaitUserMode, WaitAlertable, WaitChargePolicy, Unknown1000000, Wow64Call</maml:para> </maml:description> <command:parameterValue required="true">AlpcMessageFlags</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.AlpcMessageFlags</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>ReleaseMessage</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReplyMessage</command:parameterValue> <command:parameterValue required="false" variableLength="false">LpcMode</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReleaseMessage</command:parameterValue> <command:parameterValue required="false" variableLength="false">SyncRequest</command:parameterValue> <command:parameterValue required="false" variableLength="false">TrackPortReferences</command:parameterValue> <command:parameterValue required="false" variableLength="false">WaitUserMode</command:parameterValue> <command:parameterValue required="false" variableLength="false">WaitAlertable</command:parameterValue> <command:parameterValue required="false" variableLength="false">WaitChargePolicy</command:parameterValue> <command:parameterValue required="false" variableLength="false">Unknown1000000</command:parameterValue> <command:parameterValue required="false" variableLength="false">Wow64Call</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: SendAttributes --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>SendAttributes</maml:name> <maml:description> <maml:para>Specify send attributes.</maml:para> </maml:description> <command:parameterValue required="true">AlpcSendMessageAttributes</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.AlpcSendMessageAttributes</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: TimeoutMs --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>TimeoutMs</maml:name> <maml:description> <maml:para>Specify optional timeout in MS.</maml:para> </maml:description> <command:parameterValue required="true">long</command:parameterValue> <dev:type> <maml:name>System.Int64</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: ReceiveLength --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ReceiveLength</maml:name> <maml:description> <maml:para>Specify optional length of message to receive.</maml:para> </maml:description> <command:parameterValue required="true">int</command:parameterValue> <dev:type> <maml:name>System.Int32</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: ReceiveAttributes --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ReceiveAttributes</maml:name> <maml:description> <maml:para>Specify receive attributes.</maml:para> </maml:description> <command:parameterValue required="true">AlpcReceiveMessageAttributes</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.AlpcReceiveMessageAttributes</maml:name> <maml:uri /> </dev:type> </command:parameter> </command:parameters> <command:inputTypes /> <command:returnValues> <!-- OutputType: AlpcMessage --> <command:returnValue> <dev:type> <maml:name>NtApiDotNet.AlpcMessage</maml:name> <maml:uri /> </dev:type> </command:returnValue> </command:returnValues> <command:examples> <command:example> <maml:title>---------- EXAMPLE 1 ----------</maml:title> <dev:code>Send-NtAlpcMessage -Port $port -Message $msg</dev:code> <dev:remarks> <maml:para>Send a message on a port.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 2 ----------</maml:title> <dev:code>$recv_msg = Send-NtAlpcMessage -Port $port -Message $msg -ReceiveLength 80 -Flags SyncMessage</dev:code> <dev:remarks> <maml:para>Send a message on a port and waits for a message of up to 80 bytes.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 3 ----------</maml:title> <dev:code>Send-NtAlpcMessage -Port $port -Bytes @(0, 1, 2, 3)</dev:code> <dev:remarks> <maml:para>Send a message on a port from a byte array.</maml:para> </dev:remarks> </command:example> </command:examples> <maml:relatedLinks> <maml:navigationLink> <maml:linkText>about_ManagingNtObjectLifetime</maml:linkText> </maml:navigationLink> </maml:relatedLinks> </command:command> <!-- Cmdlet: New-NtAlpcPortAttributes --> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"> <command:details> <command:name>New-NtAlpcPortAttributes</command:name> <command:verb>New</command:verb> <command:noun>NtAlpcPortAttributes</command:noun> <maml:description> <maml:para>Creates a new ALPC port attributes structure.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>This cmdlet creates a new ALPC port attributes structure based on single components.</maml:para> </maml:description> <command:syntax> <!-- Parameter set: __AllParameterSets --> <command:syntaxItem> <maml:name>New-NtAlpcPortAttributes</maml:name> <!-- Parameter: ContextTrackingMode --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ContextTrackingMode</maml:name> <maml:description> <maml:para>Security Quality of Service context tracking mode.</maml:para> <maml:para>Possible values: Static, Dynamic</maml:para> </maml:description> <command:parameterValue required="true">SecurityContextTrackingMode</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SecurityContextTrackingMode</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>Static</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">Static</command:parameterValue> <command:parameterValue required="false" variableLength="false">Dynamic</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: DupObjectTypes --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>DupObjectTypes</maml:name> <maml:description> <maml:para>Duplicate object types..</maml:para> <maml:para>Possible values: None, File, Invalid0002, Thread, Semaphore, Event, Process, Mutex, Section, RegKey, Token, Composition, Job, AllObjects</maml:para> </maml:description> <command:parameterValue required="true">AlpcHandleObjectType</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.AlpcHandleObjectType</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>AllObjects</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">File</command:parameterValue> <command:parameterValue required="false" variableLength="false">Invalid0002</command:parameterValue> <command:parameterValue required="false" variableLength="false">Thread</command:parameterValue> <command:parameterValue required="false" variableLength="false">Semaphore</command:parameterValue> <command:parameterValue required="false" variableLength="false">Event</command:parameterValue> <command:parameterValue required="false" variableLength="false">Process</command:parameterValue> <command:parameterValue required="false" variableLength="false">Mutex</command:parameterValue> <command:parameterValue required="false" variableLength="false">Section</command:parameterValue> <command:parameterValue required="false" variableLength="false">RegKey</command:parameterValue> <command:parameterValue required="false" variableLength="false">Token</command:parameterValue> <command:parameterValue required="false" variableLength="false">Composition</command:parameterValue> <command:parameterValue required="false" variableLength="false">Job</command:parameterValue> <command:parameterValue required="false" variableLength="false">AllObjects</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: EffectiveOnly --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>EffectiveOnly</maml:name> <maml:description> <maml:para>Security Quality of Service effective only.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: Flags --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Flags</maml:name> <maml:description> <maml:para>Port attributes flags</maml:para> <maml:para>Possible values: None, LpcPort, AllowImpersonation, AllowLpcRequests, WaitablePort, AllowDupObject, SystemProcess, LrpcWakePolicy1, LrpcWakePolicy2, LrpcWakePolicy3, DirectMessage, AllowMultiHandleAttribute</maml:para> </maml:description> <command:parameterValue required="true">AlpcPortAttributeFlags</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.AlpcPortAttributeFlags</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>AllowLpcRequests, AllowDupObject</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">LpcPort</command:parameterValue> <command:parameterValue required="false" variableLength="false">AllowImpersonation</command:parameterValue> <command:parameterValue required="false" variableLength="false">AllowLpcRequests</command:parameterValue> <command:parameterValue required="false" variableLength="false">WaitablePort</command:parameterValue> <command:parameterValue required="false" variableLength="false">AllowDupObject</command:parameterValue> <command:parameterValue required="false" variableLength="false">SystemProcess</command:parameterValue> <command:parameterValue required="false" variableLength="false">LrpcWakePolicy1</command:parameterValue> <command:parameterValue required="false" variableLength="false">LrpcWakePolicy2</command:parameterValue> <command:parameterValue required="false" variableLength="false">LrpcWakePolicy3</command:parameterValue> <command:parameterValue required="false" variableLength="false">DirectMessage</command:parameterValue> <command:parameterValue required="false" variableLength="false">AllowMultiHandleAttribute</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: ImpersonationLevel --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ImpersonationLevel</maml:name> <maml:description> <maml:para>Security Quality of Service impersonation level.</maml:para> <maml:para>Possible values: Anonymous, Identification, Impersonation, Delegation</maml:para> </maml:description> <command:parameterValue required="true">SecurityImpersonationLevel</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SecurityImpersonationLevel</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>Impersonation</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">Anonymous</command:parameterValue> <command:parameterValue required="false" variableLength="false">Identification</command:parameterValue> <command:parameterValue required="false" variableLength="false">Impersonation</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delegation</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: MaxMessageLength --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>MaxMessageLength</maml:name> <maml:description> <maml:para>Maximum message length.</maml:para> </maml:description> <command:parameterValue required="true">IntPtr</command:parameterValue> <dev:type> <maml:name>System.IntPtr</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>32767</dev:defaultValue> </command:parameter> <!-- Parameter: MaxPoolUsage --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>MaxPoolUsage</maml:name> <maml:description> <maml:para>Max pool usage.</maml:para> </maml:description> <command:parameterValue required="true">IntPtr</command:parameterValue> <dev:type> <maml:name>System.IntPtr</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>-1</dev:defaultValue> </command:parameter> <!-- Parameter: MaxSectionSize --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>MaxSectionSize</maml:name> <maml:description> <maml:para>Max section size.</maml:para> </maml:description> <command:parameterValue required="true">IntPtr</command:parameterValue> <dev:type> <maml:name>System.IntPtr</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>-1</dev:defaultValue> </command:parameter> <!-- Parameter: MaxTotalSectionSize --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>MaxTotalSectionSize</maml:name> <maml:description> <maml:para>Max total section size.</maml:para> </maml:description> <command:parameterValue required="true">IntPtr</command:parameterValue> <dev:type> <maml:name>System.IntPtr</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>-1</dev:defaultValue> </command:parameter> <!-- Parameter: MaxViewSize --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>MaxViewSize</maml:name> <maml:description> <maml:para>Max view size.</maml:para> </maml:description> <command:parameterValue required="true">IntPtr</command:parameterValue> <dev:type> <maml:name>System.IntPtr</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>-1</dev:defaultValue> </command:parameter> <!-- Parameter: MemoryBandwidth --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>MemoryBandwidth</maml:name> <maml:description> <maml:para>Memory bandwidth.</maml:para> </maml:description> <command:parameterValue required="true">IntPtr</command:parameterValue> <dev:type> <maml:name>System.IntPtr</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>-1</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <!-- Parameter: Flags --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Flags</maml:name> <maml:description> <maml:para>Port attributes flags</maml:para> <maml:para>Possible values: None, LpcPort, AllowImpersonation, AllowLpcRequests, WaitablePort, AllowDupObject, SystemProcess, LrpcWakePolicy1, LrpcWakePolicy2, LrpcWakePolicy3, DirectMessage, AllowMultiHandleAttribute</maml:para> </maml:description> <command:parameterValue required="true">AlpcPortAttributeFlags</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.AlpcPortAttributeFlags</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>AllowLpcRequests, AllowDupObject</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">LpcPort</command:parameterValue> <command:parameterValue required="false" variableLength="false">AllowImpersonation</command:parameterValue> <command:parameterValue required="false" variableLength="false">AllowLpcRequests</command:parameterValue> <command:parameterValue required="false" variableLength="false">WaitablePort</command:parameterValue> <command:parameterValue required="false" variableLength="false">AllowDupObject</command:parameterValue> <command:parameterValue required="false" variableLength="false">SystemProcess</command:parameterValue> <command:parameterValue required="false" variableLength="false">LrpcWakePolicy1</command:parameterValue> <command:parameterValue required="false" variableLength="false">LrpcWakePolicy2</command:parameterValue> <command:parameterValue required="false" variableLength="false">LrpcWakePolicy3</command:parameterValue> <command:parameterValue required="false" variableLength="false">DirectMessage</command:parameterValue> <command:parameterValue required="false" variableLength="false">AllowMultiHandleAttribute</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: ImpersonationLevel --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ImpersonationLevel</maml:name> <maml:description> <maml:para>Security Quality of Service impersonation level.</maml:para> <maml:para>Possible values: Anonymous, Identification, Impersonation, Delegation</maml:para> </maml:description> <command:parameterValue required="true">SecurityImpersonationLevel</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SecurityImpersonationLevel</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>Impersonation</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">Anonymous</command:parameterValue> <command:parameterValue required="false" variableLength="false">Identification</command:parameterValue> <command:parameterValue required="false" variableLength="false">Impersonation</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delegation</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: ContextTrackingMode --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ContextTrackingMode</maml:name> <maml:description> <maml:para>Security Quality of Service context tracking mode.</maml:para> <maml:para>Possible values: Static, Dynamic</maml:para> </maml:description> <command:parameterValue required="true">SecurityContextTrackingMode</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SecurityContextTrackingMode</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>Static</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">Static</command:parameterValue> <command:parameterValue required="false" variableLength="false">Dynamic</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: EffectiveOnly --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>EffectiveOnly</maml:name> <maml:description> <maml:para>Security Quality of Service effective only.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: MaxMessageLength --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>MaxMessageLength</maml:name> <maml:description> <maml:para>Maximum message length.</maml:para> </maml:description> <command:parameterValue required="true">IntPtr</command:parameterValue> <dev:type> <maml:name>System.IntPtr</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>32767</dev:defaultValue> </command:parameter> <!-- Parameter: MemoryBandwidth --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>MemoryBandwidth</maml:name> <maml:description> <maml:para>Memory bandwidth.</maml:para> </maml:description> <command:parameterValue required="true">IntPtr</command:parameterValue> <dev:type> <maml:name>System.IntPtr</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>-1</dev:defaultValue> </command:parameter> <!-- Parameter: MaxPoolUsage --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>MaxPoolUsage</maml:name> <maml:description> <maml:para>Max pool usage.</maml:para> </maml:description> <command:parameterValue required="true">IntPtr</command:parameterValue> <dev:type> <maml:name>System.IntPtr</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>-1</dev:defaultValue> </command:parameter> <!-- Parameter: MaxSectionSize --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>MaxSectionSize</maml:name> <maml:description> <maml:para>Max section size.</maml:para> </maml:description> <command:parameterValue required="true">IntPtr</command:parameterValue> <dev:type> <maml:name>System.IntPtr</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>-1</dev:defaultValue> </command:parameter> <!-- Parameter: MaxViewSize --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>MaxViewSize</maml:name> <maml:description> <maml:para>Max view size.</maml:para> </maml:description> <command:parameterValue required="true">IntPtr</command:parameterValue> <dev:type> <maml:name>System.IntPtr</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>-1</dev:defaultValue> </command:parameter> <!-- Parameter: MaxTotalSectionSize --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>MaxTotalSectionSize</maml:name> <maml:description> <maml:para>Max total section size.</maml:para> </maml:description> <command:parameterValue required="true">IntPtr</command:parameterValue> <dev:type> <maml:name>System.IntPtr</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>-1</dev:defaultValue> </command:parameter> <!-- Parameter: DupObjectTypes --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>DupObjectTypes</maml:name> <maml:description> <maml:para>Duplicate object types..</maml:para> <maml:para>Possible values: None, File, Invalid0002, Thread, Semaphore, Event, Process, Mutex, Section, RegKey, Token, Composition, Job, AllObjects</maml:para> </maml:description> <command:parameterValue required="true">AlpcHandleObjectType</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.AlpcHandleObjectType</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>AllObjects</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">File</command:parameterValue> <command:parameterValue required="false" variableLength="false">Invalid0002</command:parameterValue> <command:parameterValue required="false" variableLength="false">Thread</command:parameterValue> <command:parameterValue required="false" variableLength="false">Semaphore</command:parameterValue> <command:parameterValue required="false" variableLength="false">Event</command:parameterValue> <command:parameterValue required="false" variableLength="false">Process</command:parameterValue> <command:parameterValue required="false" variableLength="false">Mutex</command:parameterValue> <command:parameterValue required="false" variableLength="false">Section</command:parameterValue> <command:parameterValue required="false" variableLength="false">RegKey</command:parameterValue> <command:parameterValue required="false" variableLength="false">Token</command:parameterValue> <command:parameterValue required="false" variableLength="false">Composition</command:parameterValue> <command:parameterValue required="false" variableLength="false">Job</command:parameterValue> <command:parameterValue required="false" variableLength="false">AllObjects</command:parameterValue> </command:parameterValueGroup> </command:parameter> </command:parameters> <command:inputTypes /> <command:returnValues> <!-- OutputType: AlpcPortAttributes --> <command:returnValue> <dev:type> <maml:name>NtApiDotNet.AlpcPortAttributes</maml:name> <maml:uri /> </dev:type> </command:returnValue> </command:returnValues> <command:examples> <command:example> <maml:title>---------- EXAMPLE 1 ----------</maml:title> <dev:code>$attr = New-NtAlpcPortAttributes</dev:code> <dev:remarks> <maml:para>Create a new ALPC port attributes structure with default values.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 2 ----------</maml:title> <dev:code>$attr = New-NtAlpcPortAttributes -Flags None</dev:code> <dev:remarks> <maml:para>Create a new ALPC port attributes structure.</maml:para> </dev:remarks> </command:example> </command:examples> <maml:relatedLinks> <maml:navigationLink> <maml:linkText>about_ManagingNtObjectLifetime</maml:linkText> </maml:navigationLink> </maml:relatedLinks> </command:command> <!-- Cmdlet: New-NtAlpcPortSection --> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"> <command:details> <command:name>New-NtAlpcPortSection</command:name> <command:verb>New</command:verb> <command:noun>NtAlpcPortSection</command:noun> <maml:description> <maml:para>Creates a new port section from a port.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>This cmdlet creates a new port section with a specified size and flags for a port. You can then write to buffer and pass it as a view attribute.</maml:para> </maml:description> <command:syntax> <!-- Parameter set: FromSize --> <command:syntaxItem> <maml:name>New-NtAlpcPortSection</maml:name> <!-- Parameter: Port --> <command:parameter required="true" globbing="false" pipelineInput="false" position="0"> <maml:name>Port</maml:name> <maml:description> <maml:para>Specify the port to create the port section from.</maml:para> </maml:description> <command:parameterValue required="true">NtAlpc</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtAlpc</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Size --> <command:parameter required="true" globbing="false" pipelineInput="false" position="1"> <maml:name>Size</maml:name> <maml:description> <maml:para>Specify the size of the port section. This will be rounded up to the nearest allocation boundary.</maml:para> </maml:description> <command:parameterValue required="true">long</command:parameterValue> <dev:type> <maml:name>System.Int64</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>0</dev:defaultValue> </command:parameter> <!-- Parameter: Secure --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Secure</maml:name> <maml:description> <maml:para>Create a secure section.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> </command:syntaxItem> <!-- Parameter set: FromSection --> <command:syntaxItem> <maml:name>New-NtAlpcPortSection</maml:name> <!-- Parameter: Port --> <command:parameter required="true" globbing="false" pipelineInput="false" position="0"> <maml:name>Port</maml:name> <maml:description> <maml:para>Specify the port to create the port section from.</maml:para> </maml:description> <command:parameterValue required="true">NtAlpc</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtAlpc</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Section --> <command:parameter required="true" globbing="false" pipelineInput="false" position="1"> <maml:name>Section</maml:name> <maml:description> <maml:para>Specify an existing section to back the port section.</maml:para> </maml:description> <command:parameterValue required="true">NtSection</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtSection</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Size --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Size</maml:name> <maml:description> <maml:para>Specify the size of the port section. This will be rounded up to the nearest allocation boundary.</maml:para> </maml:description> <command:parameterValue required="true">long</command:parameterValue> <dev:type> <maml:name>System.Int64</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>0</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <!-- Parameter: Port --> <command:parameter required="true" globbing="false" pipelineInput="false" position="0"> <maml:name>Port</maml:name> <maml:description> <maml:para>Specify the port to create the port section from.</maml:para> </maml:description> <command:parameterValue required="true">NtAlpc</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtAlpc</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Size --> <command:parameter required="true" globbing="false" pipelineInput="false" position="1"> <maml:name>Size</maml:name> <maml:description> <maml:para>Specify the size of the port section. This will be rounded up to the nearest allocation boundary.</maml:para> </maml:description> <command:parameterValue required="true">long</command:parameterValue> <dev:type> <maml:name>System.Int64</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>0</dev:defaultValue> </command:parameter> <!-- Parameter: Secure --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Secure</maml:name> <maml:description> <maml:para>Create a secure section.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: Section --> <command:parameter required="true" globbing="false" pipelineInput="false" position="1"> <maml:name>Section</maml:name> <maml:description> <maml:para>Specify an existing section to back the port section.</maml:para> </maml:description> <command:parameterValue required="true">NtSection</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtSection</maml:name> <maml:uri /> </dev:type> </command:parameter> </command:parameters> <command:inputTypes /> <command:returnValues> <!-- OutputType: AlpcPortSection --> <command:returnValue> <dev:type> <maml:name>NtApiDotNet.AlpcPortSection</maml:name> <maml:uri /> </dev:type> </command:returnValue> </command:returnValues> <command:examples> <command:example> <maml:title>---------- EXAMPLE 1 ----------</maml:title> <dev:code>$s = New-NtAlpcPortSection -Size 10000</dev:code> <dev:remarks> <maml:para>Create a new port section of size 10000.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 2 ----------</maml:title> <dev:code>$s = New-NtAlpcPortSection -Size 10000 -Secure</dev:code> <dev:remarks> <maml:para>Create a new secure port section of size 10000.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 3 ----------</maml:title> <dev:code>$s = New-NtAlpcPortSection -Section $sect</dev:code> <dev:remarks> <maml:para>>Create a new port section backed by an existing section.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 4 ----------</maml:title> <dev:code>$s = New-NtAlpcPortSection -Section $sect -Size 10000</dev:code> <dev:remarks> <maml:para>>Create a new port section backed by an existing section with an explicit view size.</maml:para> </dev:remarks> </command:example> </command:examples> <maml:relatedLinks> <maml:navigationLink> <maml:linkText>about_ManagingNtObjectLifetime</maml:linkText> </maml:navigationLink> </maml:relatedLinks> </command:command> <!-- Cmdlet: New-NtAlpcReceiveAttributes --> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"> <command:details> <command:name>New-NtAlpcReceiveAttributes</command:name> <command:verb>New</command:verb> <command:noun>NtAlpcReceiveAttributes</command:noun> <maml:description> <maml:para>Creates a new receive attributes buffer.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>This cmdlet creates a new receive attributes buffer for the specified set of attributes. This defaults to all known attributes.</maml:para> </maml:description> <command:syntax> <!-- Parameter set: __AllParameterSets --> <command:syntaxItem> <maml:name>New-NtAlpcReceiveAttributes</maml:name> <!-- Parameter: Attributes --> <command:parameter required="false" globbing="false" pipelineInput="false" position="0"> <maml:name>Attributes</maml:name> <maml:description> <maml:para>Specify the list of attributes for the receive buffer.</maml:para> <maml:para>Possible values: None, WorkOnBehalfOf, Direct, Token, Handle, Context, View, Security, AllAttributes</maml:para> </maml:description> <command:parameterValue required="true">AlpcMessageAttributeFlags</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.AlpcMessageAttributeFlags</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>AllAttributes</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">WorkOnBehalfOf</command:parameterValue> <command:parameterValue required="false" variableLength="false">Direct</command:parameterValue> <command:parameterValue required="false" variableLength="false">Token</command:parameterValue> <command:parameterValue required="false" variableLength="false">Handle</command:parameterValue> <command:parameterValue required="false" variableLength="false">Context</command:parameterValue> <command:parameterValue required="false" variableLength="false">View</command:parameterValue> <command:parameterValue required="false" variableLength="false">Security</command:parameterValue> <command:parameterValue required="false" variableLength="false">AllAttributes</command:parameterValue> </command:parameterValueGroup> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <!-- Parameter: Attributes --> <command:parameter required="false" globbing="false" pipelineInput="false" position="0"> <maml:name>Attributes</maml:name> <maml:description> <maml:para>Specify the list of attributes for the receive buffer.</maml:para> <maml:para>Possible values: None, WorkOnBehalfOf, Direct, Token, Handle, Context, View, Security, AllAttributes</maml:para> </maml:description> <command:parameterValue required="true">AlpcMessageAttributeFlags</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.AlpcMessageAttributeFlags</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>AllAttributes</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">WorkOnBehalfOf</command:parameterValue> <command:parameterValue required="false" variableLength="false">Direct</command:parameterValue> <command:parameterValue required="false" variableLength="false">Token</command:parameterValue> <command:parameterValue required="false" variableLength="false">Handle</command:parameterValue> <command:parameterValue required="false" variableLength="false">Context</command:parameterValue> <command:parameterValue required="false" variableLength="false">View</command:parameterValue> <command:parameterValue required="false" variableLength="false">Security</command:parameterValue> <command:parameterValue required="false" variableLength="false">AllAttributes</command:parameterValue> </command:parameterValueGroup> </command:parameter> </command:parameters> <command:inputTypes /> <command:returnValues> <!-- OutputType: AlpcReceiveMessageAttributes --> <command:returnValue> <dev:type> <maml:name>NtApiDotNet.AlpcReceiveMessageAttributes</maml:name> <maml:uri /> </dev:type> </command:returnValue> </command:returnValues> <command:examples> <command:example> <maml:title>---------- EXAMPLE 1 ----------</maml:title> <dev:code>$attrs = New-NtAlpcReceiveAttributes</dev:code> <dev:remarks> <maml:para>Create a new receive attributes buffer with space for all known attributes.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 2 ----------</maml:title> <dev:code>$attrs = New-NtAlpcReceiveAttributes -Attributes View, Context</dev:code> <dev:remarks> <maml:para>Create a new receive attributes buffer with space for only View and Context attributes.</maml:para> </dev:remarks> </command:example> </command:examples> <maml:relatedLinks> <maml:navigationLink> <maml:linkText>about_ManagingNtObjectLifetime</maml:linkText> </maml:navigationLink> </maml:relatedLinks> </command:command> <!-- Cmdlet: New-NtAlpcSecurityContext --> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"> <command:details> <command:name>New-NtAlpcSecurityContext</command:name> <command:verb>New</command:verb> <command:noun>NtAlpcSecurityContext</command:noun> <maml:description> <maml:para>Creates a new ALPC security context.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>This cmdlet creates a new ALPC security context pages of a specified security quality of serice..</maml:para> </maml:description> <command:syntax> <!-- Parameter set: FromParts --> <command:syntaxItem> <maml:name>New-NtAlpcSecurityContext</maml:name> <!-- Parameter: Port --> <command:parameter required="true" globbing="false" pipelineInput="false" position="0"> <maml:name>Port</maml:name> <maml:description> <maml:para>Specify the port to create the context from.</maml:para> </maml:description> <command:parameterValue required="true">NtAlpc</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtAlpc</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: ImpersonationLevel --> <command:parameter required="false" globbing="false" pipelineInput="false" position="1" aliases="imp"> <maml:name>ImpersonationLevel</maml:name> <maml:description> <maml:para>Specify the impersonation level.</maml:para> <maml:para>Possible values: Anonymous, Identification, Impersonation, Delegation</maml:para> </maml:description> <command:parameterValue required="true">SecurityImpersonationLevel</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SecurityImpersonationLevel</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>Impersonation</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">Anonymous</command:parameterValue> <command:parameterValue required="false" variableLength="false">Identification</command:parameterValue> <command:parameterValue required="false" variableLength="false">Impersonation</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delegation</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: ContextTrackingMode --> <command:parameter required="false" globbing="false" pipelineInput="false" position="2" aliases="ctx"> <maml:name>ContextTrackingMode</maml:name> <maml:description> <maml:para>Specify the list of attributes for the receive buffer.</maml:para> <maml:para>Possible values: Static, Dynamic</maml:para> </maml:description> <command:parameterValue required="true">SecurityContextTrackingMode</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SecurityContextTrackingMode</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>Static</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">Static</command:parameterValue> <command:parameterValue required="false" variableLength="false">Dynamic</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: EffectiveOnly --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="eo"> <maml:name>EffectiveOnly</maml:name> <maml:description> <maml:para>Specify the list of attributes for the receive buffer.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: Flags --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Flags</maml:name> <maml:description> <maml:para>Specify the creation flags.</maml:para> <maml:para>Possible values: None</maml:para> </maml:description> <command:parameterValue required="true">AlpcCreateSecurityContextFlags</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.AlpcCreateSecurityContextFlags</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> </command:parameterValueGroup> </command:parameter> </command:syntaxItem> <!-- Parameter set: FromSqos --> <command:syntaxItem> <maml:name>New-NtAlpcSecurityContext</maml:name> <!-- Parameter: Port --> <command:parameter required="true" globbing="false" pipelineInput="false" position="0"> <maml:name>Port</maml:name> <maml:description> <maml:para>Specify the port to create the context from.</maml:para> </maml:description> <command:parameterValue required="true">NtAlpc</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtAlpc</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Flags --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Flags</maml:name> <maml:description> <maml:para>Specify the creation flags.</maml:para> <maml:para>Possible values: None</maml:para> </maml:description> <command:parameterValue required="true">AlpcCreateSecurityContextFlags</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.AlpcCreateSecurityContextFlags</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: SecurityQualityOfService --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="sqos"> <maml:name>SecurityQualityOfService</maml:name> <maml:description> <maml:para>Specify the list of attributes for the receive buffer.</maml:para> </maml:description> <command:parameterValue required="true">SecurityQualityOfService</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SecurityQualityOfService</maml:name> <maml:uri /> </dev:type> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <!-- Parameter: Port --> <command:parameter required="true" globbing="false" pipelineInput="false" position="0"> <maml:name>Port</maml:name> <maml:description> <maml:para>Specify the port to create the context from.</maml:para> </maml:description> <command:parameterValue required="true">NtAlpc</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtAlpc</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Flags --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Flags</maml:name> <maml:description> <maml:para>Specify the creation flags.</maml:para> <maml:para>Possible values: None</maml:para> </maml:description> <command:parameterValue required="true">AlpcCreateSecurityContextFlags</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.AlpcCreateSecurityContextFlags</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: ImpersonationLevel --> <command:parameter required="false" globbing="false" pipelineInput="false" position="1" aliases="imp"> <maml:name>ImpersonationLevel</maml:name> <maml:description> <maml:para>Specify the impersonation level.</maml:para> <maml:para>Possible values: Anonymous, Identification, Impersonation, Delegation</maml:para> </maml:description> <command:parameterValue required="true">SecurityImpersonationLevel</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SecurityImpersonationLevel</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>Impersonation</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">Anonymous</command:parameterValue> <command:parameterValue required="false" variableLength="false">Identification</command:parameterValue> <command:parameterValue required="false" variableLength="false">Impersonation</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delegation</command:parameterValue> </command:parameterValueGroup> </command:parameter> <command:parameter required="false" globbing="false" pipelineInput="false" position="1" aliases="imp"> <maml:name>imp</maml:name> <maml:description> <maml:para>Specify the impersonation level.</maml:para> <maml:para>Possible values: Anonymous, Identification, Impersonation, Delegation</maml:para> <maml:para>This is an alias of the ImpersonationLevel parameter.</maml:para> </maml:description> <command:parameterValue required="true">SecurityImpersonationLevel</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SecurityImpersonationLevel</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>Impersonation</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">Anonymous</command:parameterValue> <command:parameterValue required="false" variableLength="false">Identification</command:parameterValue> <command:parameterValue required="false" variableLength="false">Impersonation</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delegation</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: ContextTrackingMode --> <command:parameter required="false" globbing="false" pipelineInput="false" position="2" aliases="ctx"> <maml:name>ContextTrackingMode</maml:name> <maml:description> <maml:para>Specify the list of attributes for the receive buffer.</maml:para> <maml:para>Possible values: Static, Dynamic</maml:para> </maml:description> <command:parameterValue required="true">SecurityContextTrackingMode</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SecurityContextTrackingMode</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>Static</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">Static</command:parameterValue> <command:parameterValue required="false" variableLength="false">Dynamic</command:parameterValue> </command:parameterValueGroup> </command:parameter> <command:parameter required="false" globbing="false" pipelineInput="false" position="2" aliases="ctx"> <maml:name>ctx</maml:name> <maml:description> <maml:para>Specify the list of attributes for the receive buffer.</maml:para> <maml:para>Possible values: Static, Dynamic</maml:para> <maml:para>This is an alias of the ContextTrackingMode parameter.</maml:para> </maml:description> <command:parameterValue required="true">SecurityContextTrackingMode</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SecurityContextTrackingMode</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>Static</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">Static</command:parameterValue> <command:parameterValue required="false" variableLength="false">Dynamic</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: EffectiveOnly --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="eo"> <maml:name>EffectiveOnly</maml:name> <maml:description> <maml:para>Specify the list of attributes for the receive buffer.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="eo"> <maml:name>eo</maml:name> <maml:description> <maml:para>Specify the list of attributes for the receive buffer.</maml:para> <maml:para>This is an alias of the EffectiveOnly parameter.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: SecurityQualityOfService --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="sqos"> <maml:name>SecurityQualityOfService</maml:name> <maml:description> <maml:para>Specify the list of attributes for the receive buffer.</maml:para> </maml:description> <command:parameterValue required="true">SecurityQualityOfService</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SecurityQualityOfService</maml:name> <maml:uri /> </dev:type> </command:parameter> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="sqos"> <maml:name>sqos</maml:name> <maml:description> <maml:para>Specify the list of attributes for the receive buffer.</maml:para> <maml:para>This is an alias of the SecurityQualityOfService parameter.</maml:para> </maml:description> <command:parameterValue required="true">SecurityQualityOfService</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SecurityQualityOfService</maml:name> <maml:uri /> </dev:type> </command:parameter> </command:parameters> <command:inputTypes /> <command:returnValues> <!-- OutputType: SafeAlpcSecurityContextHandle --> <command:returnValue> <dev:type> <maml:name>NtApiDotNet.SafeAlpcSecurityContextHandle</maml:name> <maml:uri /> </dev:type> </command:returnValue> </command:returnValues> <command:examples> <command:example> <maml:title>---------- EXAMPLE 1 ----------</maml:title> <dev:code>$ctx = New-NtAlpcSecurityContext -Port $port</dev:code> <dev:remarks> <maml:para>Create a new security context with default values.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 2 ----------</maml:title> <dev:code>$ctx = New-NtAlpcSecurityContext -Port $port -ImpersonationLevel Identification</dev:code> <dev:remarks> <maml:para>Create a new security context with impersonation level of Identitification.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 3 ----------</maml:title> <dev:code>$ctx = New-NtAlpcSecurityContext -Port $port -SecurityQualityOfService $sqos</dev:code> <dev:remarks> <maml:para>Create a new security context from a security quality of service.</maml:para> </dev:remarks> </command:example> </command:examples> <maml:relatedLinks> <maml:navigationLink> <maml:linkText>about_ManagingNtObjectLifetime</maml:linkText> </maml:navigationLink> </maml:relatedLinks> </command:command> <!-- Cmdlet: New-NtAlpcSendAttributes --> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"> <command:details> <command:name>New-NtAlpcSendAttributes</command:name> <command:verb>New</command:verb> <command:noun>NtAlpcSendAttributes</command:noun> <maml:description> <maml:para>Creates a new send attributes buffer.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>This cmdlet creates a new send attributes buffer. The buffer can be initialized with a list of attributes or by specifying specific values.</maml:para> </maml:description> <command:syntax> <!-- Parameter set: FromAttributes --> <command:syntaxItem> <maml:name>New-NtAlpcSendAttributes</maml:name> <!-- Parameter: Attributes --> <command:parameter required="false" globbing="false" pipelineInput="false" position="0"> <maml:name>Attributes</maml:name> <maml:description> <maml:para>Specify the list of attributes for the send buffer.</maml:para> </maml:description> <command:parameterValue required="true">AlpcMessageAttribute[]</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.AlpcMessageAttribute[]</maml:name> <maml:uri /> </dev:type> </command:parameter> </command:syntaxItem> <!-- Parameter set: FromParts --> <command:syntaxItem> <maml:name>New-NtAlpcSendAttributes</maml:name> <!-- Parameter: DataView --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="dv"> <maml:name>DataView</maml:name> <maml:description> <maml:para>Add a data view attribute.</maml:para> </maml:description> <command:parameterValue required="true">SafeAlpcDataViewBuffer</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SafeAlpcDataViewBuffer</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Handle --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="hs"> <maml:name>Handle</maml:name> <maml:description> <maml:para>Create a handle attribute from a list of handle entries.</maml:para> </maml:description> <command:parameterValue required="true">AlpcHandleMessageAttributeEntry[]</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.AlpcHandleMessageAttributeEntry[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Object --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="os"> <maml:name>Object</maml:name> <maml:description> <maml:para>Create a handle attribute from a list of objects.</maml:para> </maml:description> <command:parameterValue required="true">NtObject[]</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtObject[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: SecurityContext --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="sctx"> <maml:name>SecurityContext</maml:name> <maml:description> <maml:para>Specify a security context attribute.</maml:para> </maml:description> <command:parameterValue required="true">SafeAlpcSecurityContextHandle</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SafeAlpcSecurityContextHandle</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: SecurityQualityOfService --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="sqos"> <maml:name>SecurityQualityOfService</maml:name> <maml:description> <maml:para>Automatically create a security context attribute with a specified security quality of service.</maml:para> </maml:description> <command:parameterValue required="true">SecurityQualityOfService</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SecurityQualityOfService</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: WorkOnBehalfOf --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>WorkOnBehalfOf</maml:name> <maml:description> <maml:para>Add a Work on Behalf of attribute.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <!-- Parameter: Attributes --> <command:parameter required="false" globbing="false" pipelineInput="false" position="0"> <maml:name>Attributes</maml:name> <maml:description> <maml:para>Specify the list of attributes for the send buffer.</maml:para> </maml:description> <command:parameterValue required="true">AlpcMessageAttribute[]</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.AlpcMessageAttribute[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Object --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="os"> <maml:name>Object</maml:name> <maml:description> <maml:para>Create a handle attribute from a list of objects.</maml:para> </maml:description> <command:parameterValue required="true">NtObject[]</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtObject[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="os"> <maml:name>os</maml:name> <maml:description> <maml:para>Create a handle attribute from a list of objects.</maml:para> <maml:para>This is an alias of the Object parameter.</maml:para> </maml:description> <command:parameterValue required="true">NtObject[]</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtObject[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Handle --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="hs"> <maml:name>Handle</maml:name> <maml:description> <maml:para>Create a handle attribute from a list of handle entries.</maml:para> </maml:description> <command:parameterValue required="true">AlpcHandleMessageAttributeEntry[]</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.AlpcHandleMessageAttributeEntry[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="hs"> <maml:name>hs</maml:name> <maml:description> <maml:para>Create a handle attribute from a list of handle entries.</maml:para> <maml:para>This is an alias of the Handle parameter.</maml:para> </maml:description> <command:parameterValue required="true">AlpcHandleMessageAttributeEntry[]</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.AlpcHandleMessageAttributeEntry[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: WorkOnBehalfOf --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>WorkOnBehalfOf</maml:name> <maml:description> <maml:para>Add a Work on Behalf of attribute.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: DataView --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="dv"> <maml:name>DataView</maml:name> <maml:description> <maml:para>Add a data view attribute.</maml:para> </maml:description> <command:parameterValue required="true">SafeAlpcDataViewBuffer</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SafeAlpcDataViewBuffer</maml:name> <maml:uri /> </dev:type> </command:parameter> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="dv"> <maml:name>dv</maml:name> <maml:description> <maml:para>Add a data view attribute.</maml:para> <maml:para>This is an alias of the DataView parameter.</maml:para> </maml:description> <command:parameterValue required="true">SafeAlpcDataViewBuffer</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SafeAlpcDataViewBuffer</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: SecurityQualityOfService --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="sqos"> <maml:name>SecurityQualityOfService</maml:name> <maml:description> <maml:para>Automatically create a security context attribute with a specified security quality of service.</maml:para> </maml:description> <command:parameterValue required="true">SecurityQualityOfService</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SecurityQualityOfService</maml:name> <maml:uri /> </dev:type> </command:parameter> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="sqos"> <maml:name>sqos</maml:name> <maml:description> <maml:para>Automatically create a security context attribute with a specified security quality of service.</maml:para> <maml:para>This is an alias of the SecurityQualityOfService parameter.</maml:para> </maml:description> <command:parameterValue required="true">SecurityQualityOfService</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SecurityQualityOfService</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: SecurityContext --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="sctx"> <maml:name>SecurityContext</maml:name> <maml:description> <maml:para>Specify a security context attribute.</maml:para> </maml:description> <command:parameterValue required="true">SafeAlpcSecurityContextHandle</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SafeAlpcSecurityContextHandle</maml:name> <maml:uri /> </dev:type> </command:parameter> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="sctx"> <maml:name>sctx</maml:name> <maml:description> <maml:para>Specify a security context attribute.</maml:para> <maml:para>This is an alias of the SecurityContext parameter.</maml:para> </maml:description> <command:parameterValue required="true">SafeAlpcSecurityContextHandle</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SafeAlpcSecurityContextHandle</maml:name> <maml:uri /> </dev:type> </command:parameter> </command:parameters> <command:inputTypes /> <command:returnValues> <!-- OutputType: AlpcSendMessageAttributes --> <command:returnValue> <dev:type> <maml:name>NtApiDotNet.AlpcSendMessageAttributes</maml:name> <maml:uri /> </dev:type> </command:returnValue> </command:returnValues> <command:examples> <command:example> <maml:title>---------- EXAMPLE 1 ----------</maml:title> <dev:code>$attrs = New-NtAlpcSendAttributes</dev:code> <dev:remarks> <maml:para>Create a new empty send attributes buffer.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 2 ----------</maml:title> <dev:code>$attrs = New-NtAlpcSendAttributes -Attributes $view, $handle</dev:code> <dev:remarks> <maml:para>Create a new send attributes buffer with view and handle attribute objects.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 3 ----------</maml:title> <dev:code>$attrs = New-NtAlpcSendAttributes -Object $proc</dev:code> <dev:remarks> <maml:para>Create a new send attributes buffer with a handle attribute from a process handle.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 4 ----------</maml:title> <dev:code>$attrs = New-NtAlpcSendAttributes -WorkOnBehalfOf</dev:code> <dev:remarks> <maml:para>Create a new send attributes buffer with a Work on Behalf of attribute.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 5 ----------</maml:title> <dev:code>$attrs = New-NtAlpcSendAttributes -DataView $dataview</dev:code> <dev:remarks> <maml:para>Create a new send attributes buffer with data view.</maml:para> </dev:remarks> </command:example> </command:examples> </command:command> <!-- Cmdlet: Connect-NtAlpcServer --> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"> <command:details> <command:name>Connect-NtAlpcServer</command:name> <command:verb>Connect</command:verb> <command:noun>NtAlpcServer</command:noun> <maml:description> <maml:para>Accepts a connection on an ALPC server port.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>This cmdlet accepts a connection on an ALPC server port and returns the new server port to communicate with the client.</maml:para> </maml:description> <command:syntax> <!-- Parameter set: __AllParameterSets --> <command:syntaxItem> <maml:name>Connect-NtAlpcServer</maml:name> <!-- Parameter: Port --> <command:parameter required="true" globbing="false" pipelineInput="false" position="0"> <maml:name>Port</maml:name> <maml:description> <maml:para>The server port to accept the connection.</maml:para> </maml:description> <command:parameterValue required="true">NtAlpcServer</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtAlpcServer</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: ConnectionMessage --> <command:parameter required="true" globbing="false" pipelineInput="false" position="1"> <maml:name>ConnectionMessage</maml:name> <maml:description> <maml:para>Initial connection message from the initial receive call.</maml:para> </maml:description> <command:parameterValue required="true">AlpcMessage</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.AlpcMessage</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: AttributeFlags --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ObjectAttributes,AttributesFlags"> <maml:name>AttributeFlags</maml:name> <maml:description> <maml:para>Object Attribute flags used during Open/Create calls.</maml:para> <maml:para>Possible values: None, ProtectClose, Inherit, AuditObjectClose, Permanent, Exclusive, CaseInsensitive, OpenIf, OpenLink, KernelHandle, ForceAccessCheck, IgnoreImpersonatedDevicemap, DontReparse</maml:para> </maml:description> <command:parameterValue required="true">AttributeFlags</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.AttributeFlags</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>CaseInsensitive</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">ProtectClose</command:parameterValue> <command:parameterValue required="false" variableLength="false">Inherit</command:parameterValue> <command:parameterValue required="false" variableLength="false">AuditObjectClose</command:parameterValue> <command:parameterValue required="false" variableLength="false">Permanent</command:parameterValue> <command:parameterValue required="false" variableLength="false">Exclusive</command:parameterValue> <command:parameterValue required="false" variableLength="false">CaseInsensitive</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenIf</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenLink</command:parameterValue> <command:parameterValue required="false" variableLength="false">KernelHandle</command:parameterValue> <command:parameterValue required="false" variableLength="false">ForceAccessCheck</command:parameterValue> <command:parameterValue required="false" variableLength="false">IgnoreImpersonatedDevicemap</command:parameterValue> <command:parameterValue required="false" variableLength="false">DontReparse</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: Close --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Close</maml:name> <maml:description> <maml:para>Close the object immediately and don't pass to the output. This is useful to create permanent objects without needing to close the handle manually.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: ConnectionAttributes --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ConnectionAttributes</maml:name> <maml:description> <maml:para>Optional connection message attributes.</maml:para> </maml:description> <command:parameterValue required="true">AlpcSendMessageAttributes</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.AlpcSendMessageAttributes</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Flags --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Flags</maml:name> <maml:description> <maml:para>Flags for sending the initial message.</maml:para> <maml:para>Possible values: None, ReplyMessage, LpcMode, ReleaseMessage, SyncRequest, TrackPortReferences, WaitUserMode, WaitAlertable, WaitChargePolicy, Unknown1000000, Wow64Call</maml:para> </maml:description> <command:parameterValue required="true">AlpcMessageFlags</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.AlpcMessageFlags</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReplyMessage</command:parameterValue> <command:parameterValue required="false" variableLength="false">LpcMode</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReleaseMessage</command:parameterValue> <command:parameterValue required="false" variableLength="false">SyncRequest</command:parameterValue> <command:parameterValue required="false" variableLength="false">TrackPortReferences</command:parameterValue> <command:parameterValue required="false" variableLength="false">WaitUserMode</command:parameterValue> <command:parameterValue required="false" variableLength="false">WaitAlertable</command:parameterValue> <command:parameterValue required="false" variableLength="false">WaitChargePolicy</command:parameterValue> <command:parameterValue required="false" variableLength="false">Unknown1000000</command:parameterValue> <command:parameterValue required="false" variableLength="false">Wow64Call</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: Inherit --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Inherit</maml:name> <maml:description> <maml:para>Set to mark the new handle as inheritable. Can be used with ObjectAttributes.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: PortAttributes --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>PortAttributes</maml:name> <maml:description> <maml:para>Optional port attributes.</maml:para> </maml:description> <command:parameterValue required="true">AlpcPortAttributes</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.AlpcPortAttributes</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: PortContext --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>PortContext</maml:name> <maml:description> <maml:para>Optional context value for the new port.</maml:para> </maml:description> <command:parameterValue required="true">IntPtr</command:parameterValue> <dev:type> <maml:name>System.IntPtr</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>0</dev:defaultValue> </command:parameter> <!-- Parameter: Reject --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Reject</maml:name> <maml:description> <maml:para>Specify to reject the client connection.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: ScriptBlock --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ScriptBlock</maml:name> <maml:description> <maml:para>Invoke a script block on the created object before writing it to the output. Can be used in combination with the Close to map objects to some value.</maml:para> </maml:description> <command:parameterValue required="true">ScriptBlock</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.ScriptBlock</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Sddl --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Sddl</maml:name> <maml:description> <maml:para>Set to provide an explicit security descriptor to a newly created object in SDDL format.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: SecurityDescriptor --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>SecurityDescriptor</maml:name> <maml:description> <maml:para>Set to provide an explicit security descriptor to a newly created object.</maml:para> </maml:description> <command:parameterValue required="true">SecurityDescriptor</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SecurityDescriptor</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: SecurityQualityOfService --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>SecurityQualityOfService</maml:name> <maml:description> <maml:para>Set to provide an explicit security quality of service when opening files/namedpipes.</maml:para> </maml:description> <command:parameterValue required="true">SecurityQualityOfService</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SecurityQualityOfService</maml:name> <maml:uri /> </dev:type> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <!-- Parameter: Port --> <command:parameter required="true" globbing="false" pipelineInput="false" position="0"> <maml:name>Port</maml:name> <maml:description> <maml:para>The server port to accept the connection.</maml:para> </maml:description> <command:parameterValue required="true">NtAlpcServer</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtAlpcServer</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: ConnectionMessage --> <command:parameter required="true" globbing="false" pipelineInput="false" position="1"> <maml:name>ConnectionMessage</maml:name> <maml:description> <maml:para>Initial connection message from the initial receive call.</maml:para> </maml:description> <command:parameterValue required="true">AlpcMessage</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.AlpcMessage</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: PortContext --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>PortContext</maml:name> <maml:description> <maml:para>Optional context value for the new port.</maml:para> </maml:description> <command:parameterValue required="true">IntPtr</command:parameterValue> <dev:type> <maml:name>System.IntPtr</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>0</dev:defaultValue> </command:parameter> <!-- Parameter: PortAttributes --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>PortAttributes</maml:name> <maml:description> <maml:para>Optional port attributes.</maml:para> </maml:description> <command:parameterValue required="true">AlpcPortAttributes</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.AlpcPortAttributes</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Flags --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Flags</maml:name> <maml:description> <maml:para>Flags for sending the initial message.</maml:para> <maml:para>Possible values: None, ReplyMessage, LpcMode, ReleaseMessage, SyncRequest, TrackPortReferences, WaitUserMode, WaitAlertable, WaitChargePolicy, Unknown1000000, Wow64Call</maml:para> </maml:description> <command:parameterValue required="true">AlpcMessageFlags</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.AlpcMessageFlags</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReplyMessage</command:parameterValue> <command:parameterValue required="false" variableLength="false">LpcMode</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReleaseMessage</command:parameterValue> <command:parameterValue required="false" variableLength="false">SyncRequest</command:parameterValue> <command:parameterValue required="false" variableLength="false">TrackPortReferences</command:parameterValue> <command:parameterValue required="false" variableLength="false">WaitUserMode</command:parameterValue> <command:parameterValue required="false" variableLength="false">WaitAlertable</command:parameterValue> <command:parameterValue required="false" variableLength="false">WaitChargePolicy</command:parameterValue> <command:parameterValue required="false" variableLength="false">Unknown1000000</command:parameterValue> <command:parameterValue required="false" variableLength="false">Wow64Call</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: ConnectionAttributes --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ConnectionAttributes</maml:name> <maml:description> <maml:para>Optional connection message attributes.</maml:para> </maml:description> <command:parameterValue required="true">AlpcSendMessageAttributes</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.AlpcSendMessageAttributes</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Reject --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Reject</maml:name> <maml:description> <maml:para>Specify to reject the client connection.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: AttributeFlags --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ObjectAttributes,AttributesFlags"> <maml:name>AttributeFlags</maml:name> <maml:description> <maml:para>Object Attribute flags used during Open/Create calls.</maml:para> <maml:para>Possible values: None, ProtectClose, Inherit, AuditObjectClose, Permanent, Exclusive, CaseInsensitive, OpenIf, OpenLink, KernelHandle, ForceAccessCheck, IgnoreImpersonatedDevicemap, DontReparse</maml:para> </maml:description> <command:parameterValue required="true">AttributeFlags</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.AttributeFlags</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>CaseInsensitive</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">ProtectClose</command:parameterValue> <command:parameterValue required="false" variableLength="false">Inherit</command:parameterValue> <command:parameterValue required="false" variableLength="false">AuditObjectClose</command:parameterValue> <command:parameterValue required="false" variableLength="false">Permanent</command:parameterValue> <command:parameterValue required="false" variableLength="false">Exclusive</command:parameterValue> <command:parameterValue required="false" variableLength="false">CaseInsensitive</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenIf</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenLink</command:parameterValue> <command:parameterValue required="false" variableLength="false">KernelHandle</command:parameterValue> <command:parameterValue required="false" variableLength="false">ForceAccessCheck</command:parameterValue> <command:parameterValue required="false" variableLength="false">IgnoreImpersonatedDevicemap</command:parameterValue> <command:parameterValue required="false" variableLength="false">DontReparse</command:parameterValue> </command:parameterValueGroup> </command:parameter> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ObjectAttributes,AttributesFlags"> <maml:name>ObjectAttributes</maml:name> <maml:description> <maml:para>Object Attribute flags used during Open/Create calls.</maml:para> <maml:para>Possible values: None, ProtectClose, Inherit, AuditObjectClose, Permanent, Exclusive, CaseInsensitive, OpenIf, OpenLink, KernelHandle, ForceAccessCheck, IgnoreImpersonatedDevicemap, DontReparse</maml:para> <maml:para>This is an alias of the AttributeFlags parameter.</maml:para> </maml:description> <command:parameterValue required="true">AttributeFlags</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.AttributeFlags</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>CaseInsensitive</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">ProtectClose</command:parameterValue> <command:parameterValue required="false" variableLength="false">Inherit</command:parameterValue> <command:parameterValue required="false" variableLength="false">AuditObjectClose</command:parameterValue> <command:parameterValue required="false" variableLength="false">Permanent</command:parameterValue> <command:parameterValue required="false" variableLength="false">Exclusive</command:parameterValue> <command:parameterValue required="false" variableLength="false">CaseInsensitive</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenIf</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenLink</command:parameterValue> <command:parameterValue required="false" variableLength="false">KernelHandle</command:parameterValue> <command:parameterValue required="false" variableLength="false">ForceAccessCheck</command:parameterValue> <command:parameterValue required="false" variableLength="false">IgnoreImpersonatedDevicemap</command:parameterValue> <command:parameterValue required="false" variableLength="false">DontReparse</command:parameterValue> </command:parameterValueGroup> </command:parameter> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ObjectAttributes,AttributesFlags"> <maml:name>AttributesFlags</maml:name> <maml:description> <maml:para>Object Attribute flags used during Open/Create calls.</maml:para> <maml:para>Possible values: None, ProtectClose, Inherit, AuditObjectClose, Permanent, Exclusive, CaseInsensitive, OpenIf, OpenLink, KernelHandle, ForceAccessCheck, IgnoreImpersonatedDevicemap, DontReparse</maml:para> <maml:para>This is an alias of the AttributeFlags parameter.</maml:para> </maml:description> <command:parameterValue required="true">AttributeFlags</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.AttributeFlags</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>CaseInsensitive</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">ProtectClose</command:parameterValue> <command:parameterValue required="false" variableLength="false">Inherit</command:parameterValue> <command:parameterValue required="false" variableLength="false">AuditObjectClose</command:parameterValue> <command:parameterValue required="false" variableLength="false">Permanent</command:parameterValue> <command:parameterValue required="false" variableLength="false">Exclusive</command:parameterValue> <command:parameterValue required="false" variableLength="false">CaseInsensitive</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenIf</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenLink</command:parameterValue> <command:parameterValue required="false" variableLength="false">KernelHandle</command:parameterValue> <command:parameterValue required="false" variableLength="false">ForceAccessCheck</command:parameterValue> <command:parameterValue required="false" variableLength="false">IgnoreImpersonatedDevicemap</command:parameterValue> <command:parameterValue required="false" variableLength="false">DontReparse</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: SecurityDescriptor --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>SecurityDescriptor</maml:name> <maml:description> <maml:para>Set to provide an explicit security descriptor to a newly created object.</maml:para> </maml:description> <command:parameterValue required="true">SecurityDescriptor</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SecurityDescriptor</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Inherit --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Inherit</maml:name> <maml:description> <maml:para>Set to mark the new handle as inheritable. Can be used with ObjectAttributes.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: Sddl --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Sddl</maml:name> <maml:description> <maml:para>Set to provide an explicit security descriptor to a newly created object in SDDL format.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: SecurityQualityOfService --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>SecurityQualityOfService</maml:name> <maml:description> <maml:para>Set to provide an explicit security quality of service when opening files/namedpipes.</maml:para> </maml:description> <command:parameterValue required="true">SecurityQualityOfService</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SecurityQualityOfService</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Close --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Close</maml:name> <maml:description> <maml:para>Close the object immediately and don't pass to the output. This is useful to create permanent objects without needing to close the handle manually.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: ScriptBlock --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ScriptBlock</maml:name> <maml:description> <maml:para>Invoke a script block on the created object before writing it to the output. Can be used in combination with the Close to map objects to some value.</maml:para> </maml:description> <command:parameterValue required="true">ScriptBlock</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.ScriptBlock</maml:name> <maml:uri /> </dev:type> </command:parameter> </command:parameters> <command:inputTypes /> <command:returnValues> <!-- OutputType: NtAlpcServer --> <command:returnValue> <dev:type> <maml:name>NtApiDotNet.NtAlpcServer</maml:name> <maml:uri /> </dev:type> </command:returnValue> </command:returnValues> <command:examples> <command:example> <maml:title>---------- EXAMPLE 1 ----------</maml:title> <dev:code>$conn = Connect-NtAlpcServer -Port $port -ConnectionMessage $msg</dev:code> <dev:remarks> <maml:para>Accepts a connection on an ALPC server port.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 2 ----------</maml:title> <dev:code>$conn = Connect-NtAlpcServer -Port $port -ConnectionMessage $msg -Reject</dev:code> <dev:remarks> <maml:para>Reject a connection on an ALPC server port.</maml:para> </dev:remarks> </command:example> </command:examples> <maml:relatedLinks> <maml:navigationLink> <maml:linkText>about_ManagingNtObjectLifetime</maml:linkText> </maml:navigationLink> </maml:relatedLinks> </command:command> <!-- Cmdlet: New-NtAlpcServer --> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"> <command:details> <command:name>New-NtAlpcServer</command:name> <command:verb>New</command:verb> <command:noun>NtAlpcServer</command:noun> <maml:description> <maml:para>Creates a new ALPC server by path.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>This cmdlet creates a new NT ALPC server. The absolute path to the object in the NT object manager name space must be specified.</maml:para> </maml:description> <command:syntax> <!-- Parameter set: __AllParameterSets --> <command:syntaxItem> <maml:name>New-NtAlpcServer</maml:name> <!-- Parameter: Path --> <command:parameter required="true" globbing="false" pipelineInput="false" position="0"> <maml:name>Path</maml:name> <maml:description> <maml:para>The NT object manager path to the object to use.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: AttributeFlags --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ObjectAttributes,AttributesFlags"> <maml:name>AttributeFlags</maml:name> <maml:description> <maml:para>Object Attribute flags used during Open/Create calls.</maml:para> <maml:para>Possible values: None, ProtectClose, Inherit, AuditObjectClose, Permanent, Exclusive, CaseInsensitive, OpenIf, OpenLink, KernelHandle, ForceAccessCheck, IgnoreImpersonatedDevicemap, DontReparse</maml:para> </maml:description> <command:parameterValue required="true">AttributeFlags</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.AttributeFlags</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>CaseInsensitive</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">ProtectClose</command:parameterValue> <command:parameterValue required="false" variableLength="false">Inherit</command:parameterValue> <command:parameterValue required="false" variableLength="false">AuditObjectClose</command:parameterValue> <command:parameterValue required="false" variableLength="false">Permanent</command:parameterValue> <command:parameterValue required="false" variableLength="false">Exclusive</command:parameterValue> <command:parameterValue required="false" variableLength="false">CaseInsensitive</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenIf</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenLink</command:parameterValue> <command:parameterValue required="false" variableLength="false">KernelHandle</command:parameterValue> <command:parameterValue required="false" variableLength="false">ForceAccessCheck</command:parameterValue> <command:parameterValue required="false" variableLength="false">IgnoreImpersonatedDevicemap</command:parameterValue> <command:parameterValue required="false" variableLength="false">DontReparse</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: Close --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Close</maml:name> <maml:description> <maml:para>Close the object immediately and don't pass to the output. This is useful to create permanent objects without needing to close the handle manually.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: CloseRoot --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CloseRoot</maml:name> <maml:description> <maml:para>Automatically close the Root object when this cmdlet finishes processing. Useful for pipelines.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: CreateDirectories --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CreateDirectories</maml:name> <maml:description> <maml:para>Create any necessary NtDirectory objects to create the required object. Will return the created directories as well as the object in the output. The new object will be the first entry in the list. This doesn't work when opening an object or creating keys/files.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: Inherit --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Inherit</maml:name> <maml:description> <maml:para>Set to mark the new handle as inheritable. Can be used with ObjectAttributes.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: PortAttributes --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>PortAttributes</maml:name> <maml:description> <maml:para>Optional port attributes.</maml:para> </maml:description> <command:parameterValue required="true">AlpcPortAttributes</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.AlpcPortAttributes</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Root --> <command:parameter required="false" globbing="false" pipelineInput="true (ByValue)" position="named"> <maml:name>Root</maml:name> <maml:description> <maml:para>An existing open NT object to use when Path is relative.</maml:para> </maml:description> <command:parameterValue required="true">NtObject</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtObject</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: ScriptBlock --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ScriptBlock</maml:name> <maml:description> <maml:para>Invoke a script block on the created object before writing it to the output. Can be used in combination with the Close to map objects to some value.</maml:para> </maml:description> <command:parameterValue required="true">ScriptBlock</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.ScriptBlock</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Sddl --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Sddl</maml:name> <maml:description> <maml:para>Set to provide an explicit security descriptor to a newly created object in SDDL format.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: SecurityDescriptor --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>SecurityDescriptor</maml:name> <maml:description> <maml:para>Set to provide an explicit security descriptor to a newly created object.</maml:para> </maml:description> <command:parameterValue required="true">SecurityDescriptor</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SecurityDescriptor</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: SecurityQualityOfService --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>SecurityQualityOfService</maml:name> <maml:description> <maml:para>Set to provide an explicit security quality of service when opening files/namedpipes.</maml:para> </maml:description> <command:parameterValue required="true">SecurityQualityOfService</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SecurityQualityOfService</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Win32Path --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Win32Path</maml:name> <maml:description> <maml:para>Use a Win32 path for lookups. For NT objects this means relative to BNO, for files means a DOS style path.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <!-- Parameter: Path --> <command:parameter required="true" globbing="false" pipelineInput="false" position="0"> <maml:name>Path</maml:name> <maml:description> <maml:para>The NT object manager path to the object to use.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: PortAttributes --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>PortAttributes</maml:name> <maml:description> <maml:para>Optional port attributes.</maml:para> </maml:description> <command:parameterValue required="true">AlpcPortAttributes</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.AlpcPortAttributes</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Root --> <command:parameter required="false" globbing="false" pipelineInput="true (ByValue)" position="named"> <maml:name>Root</maml:name> <maml:description> <maml:para>An existing open NT object to use when Path is relative.</maml:para> </maml:description> <command:parameterValue required="true">NtObject</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtObject</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Win32Path --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Win32Path</maml:name> <maml:description> <maml:para>Use a Win32 path for lookups. For NT objects this means relative to BNO, for files means a DOS style path.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: CloseRoot --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CloseRoot</maml:name> <maml:description> <maml:para>Automatically close the Root object when this cmdlet finishes processing. Useful for pipelines.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: CreateDirectories --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CreateDirectories</maml:name> <maml:description> <maml:para>Create any necessary NtDirectory objects to create the required object. Will return the created directories as well as the object in the output. The new object will be the first entry in the list. This doesn't work when opening an object or creating keys/files.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: AttributeFlags --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ObjectAttributes,AttributesFlags"> <maml:name>AttributeFlags</maml:name> <maml:description> <maml:para>Object Attribute flags used during Open/Create calls.</maml:para> <maml:para>Possible values: None, ProtectClose, Inherit, AuditObjectClose, Permanent, Exclusive, CaseInsensitive, OpenIf, OpenLink, KernelHandle, ForceAccessCheck, IgnoreImpersonatedDevicemap, DontReparse</maml:para> </maml:description> <command:parameterValue required="true">AttributeFlags</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.AttributeFlags</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>CaseInsensitive</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">ProtectClose</command:parameterValue> <command:parameterValue required="false" variableLength="false">Inherit</command:parameterValue> <command:parameterValue required="false" variableLength="false">AuditObjectClose</command:parameterValue> <command:parameterValue required="false" variableLength="false">Permanent</command:parameterValue> <command:parameterValue required="false" variableLength="false">Exclusive</command:parameterValue> <command:parameterValue required="false" variableLength="false">CaseInsensitive</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenIf</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenLink</command:parameterValue> <command:parameterValue required="false" variableLength="false">KernelHandle</command:parameterValue> <command:parameterValue required="false" variableLength="false">ForceAccessCheck</command:parameterValue> <command:parameterValue required="false" variableLength="false">IgnoreImpersonatedDevicemap</command:parameterValue> <command:parameterValue required="false" variableLength="false">DontReparse</command:parameterValue> </command:parameterValueGroup> </command:parameter> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ObjectAttributes,AttributesFlags"> <maml:name>ObjectAttributes</maml:name> <maml:description> <maml:para>Object Attribute flags used during Open/Create calls.</maml:para> <maml:para>Possible values: None, ProtectClose, Inherit, AuditObjectClose, Permanent, Exclusive, CaseInsensitive, OpenIf, OpenLink, KernelHandle, ForceAccessCheck, IgnoreImpersonatedDevicemap, DontReparse</maml:para> <maml:para>This is an alias of the AttributeFlags parameter.</maml:para> </maml:description> <command:parameterValue required="true">AttributeFlags</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.AttributeFlags</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>CaseInsensitive</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">ProtectClose</command:parameterValue> <command:parameterValue required="false" variableLength="false">Inherit</command:parameterValue> <command:parameterValue required="false" variableLength="false">AuditObjectClose</command:parameterValue> <command:parameterValue required="false" variableLength="false">Permanent</command:parameterValue> <command:parameterValue required="false" variableLength="false">Exclusive</command:parameterValue> <command:parameterValue required="false" variableLength="false">CaseInsensitive</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenIf</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenLink</command:parameterValue> <command:parameterValue required="false" variableLength="false">KernelHandle</command:parameterValue> <command:parameterValue required="false" variableLength="false">ForceAccessCheck</command:parameterValue> <command:parameterValue required="false" variableLength="false">IgnoreImpersonatedDevicemap</command:parameterValue> <command:parameterValue required="false" variableLength="false">DontReparse</command:parameterValue> </command:parameterValueGroup> </command:parameter> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ObjectAttributes,AttributesFlags"> <maml:name>AttributesFlags</maml:name> <maml:description> <maml:para>Object Attribute flags used during Open/Create calls.</maml:para> <maml:para>Possible values: None, ProtectClose, Inherit, AuditObjectClose, Permanent, Exclusive, CaseInsensitive, OpenIf, OpenLink, KernelHandle, ForceAccessCheck, IgnoreImpersonatedDevicemap, DontReparse</maml:para> <maml:para>This is an alias of the AttributeFlags parameter.</maml:para> </maml:description> <command:parameterValue required="true">AttributeFlags</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.AttributeFlags</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>CaseInsensitive</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">ProtectClose</command:parameterValue> <command:parameterValue required="false" variableLength="false">Inherit</command:parameterValue> <command:parameterValue required="false" variableLength="false">AuditObjectClose</command:parameterValue> <command:parameterValue required="false" variableLength="false">Permanent</command:parameterValue> <command:parameterValue required="false" variableLength="false">Exclusive</command:parameterValue> <command:parameterValue required="false" variableLength="false">CaseInsensitive</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenIf</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenLink</command:parameterValue> <command:parameterValue required="false" variableLength="false">KernelHandle</command:parameterValue> <command:parameterValue required="false" variableLength="false">ForceAccessCheck</command:parameterValue> <command:parameterValue required="false" variableLength="false">IgnoreImpersonatedDevicemap</command:parameterValue> <command:parameterValue required="false" variableLength="false">DontReparse</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: SecurityDescriptor --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>SecurityDescriptor</maml:name> <maml:description> <maml:para>Set to provide an explicit security descriptor to a newly created object.</maml:para> </maml:description> <command:parameterValue required="true">SecurityDescriptor</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SecurityDescriptor</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Inherit --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Inherit</maml:name> <maml:description> <maml:para>Set to mark the new handle as inheritable. Can be used with ObjectAttributes.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: Sddl --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Sddl</maml:name> <maml:description> <maml:para>Set to provide an explicit security descriptor to a newly created object in SDDL format.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: SecurityQualityOfService --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>SecurityQualityOfService</maml:name> <maml:description> <maml:para>Set to provide an explicit security quality of service when opening files/namedpipes.</maml:para> </maml:description> <command:parameterValue required="true">SecurityQualityOfService</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SecurityQualityOfService</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Close --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Close</maml:name> <maml:description> <maml:para>Close the object immediately and don't pass to the output. This is useful to create permanent objects without needing to close the handle manually.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: ScriptBlock --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ScriptBlock</maml:name> <maml:description> <maml:para>Invoke a script block on the created object before writing it to the output. Can be used in combination with the Close to map objects to some value.</maml:para> </maml:description> <command:parameterValue required="true">ScriptBlock</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.ScriptBlock</maml:name> <maml:uri /> </dev:type> </command:parameter> </command:parameters> <command:inputTypes> <command:inputType> <dev:type> <maml:name>NtApiDotNet.NtObject</maml:name> <maml:uri /> </dev:type> <maml:description> <maml:para>An existing open NT object to use when Path is relative.</maml:para> </maml:description> </command:inputType> </command:inputTypes> <command:returnValues> <!-- OutputType: NtAlpcServer --> <command:returnValue> <dev:type> <maml:name>NtApiDotNet.NtAlpcServer</maml:name> <maml:uri /> </dev:type> </command:returnValue> </command:returnValues> <command:examples> <command:example> <maml:title>---------- EXAMPLE 1 ----------</maml:title> <dev:code>$obj = New-NtAlpcServer "\RPC Control\ABC"</dev:code> <dev:remarks> <maml:para>Create a new ALPC server with an absolute path.</maml:para> </dev:remarks> </command:example> </command:examples> <maml:relatedLinks> <maml:navigationLink> <maml:linkText>about_ManagingNtObjectLifetime</maml:linkText> </maml:navigationLink> </maml:relatedLinks> </command:command> <!-- Cmdlet: Write-NtAudit --> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"> <command:details> <command:name>Write-NtAudit</command:name> <command:verb>Write</command:verb> <command:noun>NtAudit</command:noun> <maml:description> <maml:para>Write manual security audit events.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>This cmdlet allows you to write manual audit events. You must be SeAuditPrivilege for this to work.</maml:para> </maml:description> <command:syntax> <!-- Parameter set: OpenObject --> <command:syntaxItem> <maml:name>Write-NtAudit</maml:name> <!-- Parameter: Name --> <command:parameter required="true" globbing="false" pipelineInput="false" position="named"> <maml:name>Name</maml:name> <maml:description> <maml:para>Specify the name of the object.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Open --> <command:parameter required="true" globbing="false" pipelineInput="false" position="named"> <maml:name>Open</maml:name> <maml:description> <maml:para>Specify to generate a open audit event.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: SecurityDescriptor --> <command:parameter required="true" globbing="false" pipelineInput="false" position="named"> <maml:name>SecurityDescriptor</maml:name> <maml:description> <maml:para>Specify the security descriptor for the object.</maml:para> </maml:description> <command:parameterValue required="true">SecurityDescriptor</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SecurityDescriptor</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: SubsystemName --> <command:parameter required="true" globbing="false" pipelineInput="false" position="named"> <maml:name>SubsystemName</maml:name> <maml:description> <maml:para>Specify the name of the subsystem.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: AccessGranted --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>AccessGranted</maml:name> <maml:description> <maml:para>Specify if access granted was granted.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: Creation --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Creation</maml:name> <maml:description> <maml:para>Specify the object was created.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: DesiredAccess --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>DesiredAccess</maml:name> <maml:description> <maml:para>Specify the desired access.</maml:para> </maml:description> <command:parameterValue required="true">AccessMask</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.AccessMask</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>00000000</dev:defaultValue> </command:parameter> <!-- Parameter: GrantedAccess --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>GrantedAccess</maml:name> <maml:description> <maml:para>Specify the granted access.</maml:para> </maml:description> <command:parameterValue required="true">AccessMask</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.AccessMask</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>00000000</dev:defaultValue> </command:parameter> <!-- Parameter: HandleId --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>HandleId</maml:name> <maml:description> <maml:para>Specify the handle ID.</maml:para> </maml:description> <command:parameterValue required="true">IntPtr</command:parameterValue> <dev:type> <maml:name>System.IntPtr</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>0</dev:defaultValue> </command:parameter> <!-- Parameter: Privileges --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Privileges</maml:name> <maml:description> <maml:para>Specify privileges.</maml:para> <maml:para>Possible values: SeCreateTokenPrivilege, SeAssignPrimaryTokenPrivilege, SeLockMemoryPrivilege, SeIncreaseQuotaPrivilege, SeMachineAccountPrivilege, SeTcbPrivilege, SeSecurityPrivilege, SeTakeOwnershipPrivilege, SeLoadDriverPrivilege, SeSystemProfilePrivilege, SeSystemTimePrivilege, SeProfileSingleProcessPrivilege, SeIncreaseBasePriorityPrivilege, SeCreatePageFilePrivilege, SeCreatePermanentPrivilege, SeBackupPrivilege, SeRestorePrivilege, SeShutdownPrivilege, SeDebugPrivilege, SeAuditPrivilege, SeSystemEnvironmentPrivilege, SeChangeNotifyPrivilege, SeRemoteShutdownPrivilege, SeUndockPrivilege, SeSyncAgentPrivilege, SeEnableDelegationPrivilege, SeManageVolumePrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege, SeTrustedCredmanAccessPrivilege, SeRelabelPrivilege, SeIncreaseWorkingSetPrivilege, SeTimeZonePrivilege, SeCreateSymbolicLinkPrivilege, SeDelegateSessionUserImpersonatePrivilege</maml:para> </maml:description> <command:parameterValue required="true">TokenPrivilegeValue[]</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.TokenPrivilegeValue[]</maml:name> <maml:uri /> </dev:type> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">SeCreateTokenPrivilege</command:parameterValue> <command:parameterValue required="false" variableLength="false">SeAssignPrimaryTokenPrivilege</command:parameterValue> <command:parameterValue required="false" variableLength="false">SeLockMemoryPrivilege</command:parameterValue> <command:parameterValue required="false" variableLength="false">SeIncreaseQuotaPrivilege</command:parameterValue> <command:parameterValue required="false" variableLength="false">SeMachineAccountPrivilege</command:parameterValue> <command:parameterValue required="false" variableLength="false">SeTcbPrivilege</command:parameterValue> <command:parameterValue required="false" variableLength="false">SeSecurityPrivilege</command:parameterValue> <command:parameterValue required="false" variableLength="false">SeTakeOwnershipPrivilege</command:parameterValue> <command:parameterValue required="false" variableLength="false">SeLoadDriverPrivilege</command:parameterValue> <command:parameterValue required="false" variableLength="false">SeSystemProfilePrivilege</command:parameterValue> <command:parameterValue required="false" variableLength="false">SeSystemTimePrivilege</command:parameterValue> <command:parameterValue required="false" variableLength="false">SeProfileSingleProcessPrivilege</command:parameterValue> <command:parameterValue required="false" variableLength="false">SeIncreaseBasePriorityPrivilege</command:parameterValue> <command:parameterValue required="false" variableLength="false">SeCreatePageFilePrivilege</command:parameterValue> <command:parameterValue required="false" variableLength="false">SeCreatePermanentPrivilege</command:parameterValue> <command:parameterValue required="false" variableLength="false">SeBackupPrivilege</command:parameterValue> <command:parameterValue required="false" variableLength="false">SeRestorePrivilege</command:parameterValue> <command:parameterValue required="false" variableLength="false">SeShutdownPrivilege</command:parameterValue> <command:parameterValue required="false" variableLength="false">SeDebugPrivilege</command:parameterValue> <command:parameterValue required="false" variableLength="false">SeAuditPrivilege</command:parameterValue> <command:parameterValue required="false" variableLength="false">SeSystemEnvironmentPrivilege</command:parameterValue> <command:parameterValue required="false" variableLength="false">SeChangeNotifyPrivilege</command:parameterValue> <command:parameterValue required="false" variableLength="false">SeRemoteShutdownPrivilege</command:parameterValue> <command:parameterValue required="false" variableLength="false">SeUndockPrivilege</command:parameterValue> <command:parameterValue required="false" variableLength="false">SeSyncAgentPrivilege</command:parameterValue> <command:parameterValue required="false" variableLength="false">SeEnableDelegationPrivilege</command:parameterValue> <command:parameterValue required="false" variableLength="false">SeManageVolumePrivilege</command:parameterValue> <command:parameterValue required="false" variableLength="false">SeImpersonatePrivilege</command:parameterValue> <command:parameterValue required="false" variableLength="false">SeCreateGlobalPrivilege</command:parameterValue> <command:parameterValue required="false" variableLength="false">SeTrustedCredmanAccessPrivilege</command:parameterValue> <command:parameterValue required="false" variableLength="false">SeRelabelPrivilege</command:parameterValue> <command:parameterValue required="false" variableLength="false">SeIncreaseWorkingSetPrivilege</command:parameterValue> <command:parameterValue required="false" variableLength="false">SeTimeZonePrivilege</command:parameterValue> <command:parameterValue required="false" variableLength="false">SeCreateSymbolicLinkPrivilege</command:parameterValue> <command:parameterValue required="false" variableLength="false">SeDelegateSessionUserImpersonatePrivilege</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: Token --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Token</maml:name> <maml:description> <maml:para>Specify a token object for the audit event. If not specified then current effective token is used.</maml:para> </maml:description> <command:parameterValue required="true">NtToken</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtToken</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: TypeName --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>TypeName</maml:name> <maml:description> <maml:para>Specify the name of the object type.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> </command:syntaxItem> <!-- Parameter set: CloseObject --> <command:syntaxItem> <maml:name>Write-NtAudit</maml:name> <!-- Parameter: Close --> <command:parameter required="true" globbing="false" pipelineInput="false" position="named"> <maml:name>Close</maml:name> <maml:description> <maml:para>Specify to generate a close audit event.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: SubsystemName --> <command:parameter required="true" globbing="false" pipelineInput="false" position="named"> <maml:name>SubsystemName</maml:name> <maml:description> <maml:para>Specify the name of the subsystem.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: GenerateOnClose --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>GenerateOnClose</maml:name> <maml:description> <maml:para>Specify the generate on close flag.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: HandleId --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>HandleId</maml:name> <maml:description> <maml:para>Specify the handle ID.</maml:para> </maml:description> <command:parameterValue required="true">IntPtr</command:parameterValue> <dev:type> <maml:name>System.IntPtr</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>0</dev:defaultValue> </command:parameter> </command:syntaxItem> <!-- Parameter set: DeleteObject --> <command:syntaxItem> <maml:name>Write-NtAudit</maml:name> <!-- Parameter: Delete --> <command:parameter required="true" globbing="false" pipelineInput="false" position="named"> <maml:name>Delete</maml:name> <maml:description> <maml:para>Specify to generate a delete audit event.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: SubsystemName --> <command:parameter required="true" globbing="false" pipelineInput="false" position="named"> <maml:name>SubsystemName</maml:name> <maml:description> <maml:para>Specify the name of the subsystem.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: GenerateOnClose --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>GenerateOnClose</maml:name> <maml:description> <maml:para>Specify the generate on close flag.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: HandleId --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>HandleId</maml:name> <maml:description> <maml:para>Specify the handle ID.</maml:para> </maml:description> <command:parameterValue required="true">IntPtr</command:parameterValue> <dev:type> <maml:name>System.IntPtr</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>0</dev:defaultValue> </command:parameter> </command:syntaxItem> <!-- Parameter set: PrivilegeObject --> <command:syntaxItem> <maml:name>Write-NtAudit</maml:name> <!-- Parameter: PrivilegeObject --> <command:parameter required="true" globbing="false" pipelineInput="false" position="named"> <maml:name>PrivilegeObject</maml:name> <maml:description> <maml:para>Specify to generate a privilege object audit event.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: Privileges --> <command:parameter required="true" globbing="false" pipelineInput="false" position="named"> <maml:name>Privileges</maml:name> <maml:description> <maml:para>Specify privileges.</maml:para> <maml:para>Possible values: SeCreateTokenPrivilege, SeAssignPrimaryTokenPrivilege, SeLockMemoryPrivilege, SeIncreaseQuotaPrivilege, SeMachineAccountPrivilege, SeTcbPrivilege, SeSecurityPrivilege, SeTakeOwnershipPrivilege, SeLoadDriverPrivilege, SeSystemProfilePrivilege, SeSystemTimePrivilege, SeProfileSingleProcessPrivilege, SeIncreaseBasePriorityPrivilege, SeCreatePageFilePrivilege, SeCreatePermanentPrivilege, SeBackupPrivilege, SeRestorePrivilege, SeShutdownPrivilege, SeDebugPrivilege, SeAuditPrivilege, SeSystemEnvironmentPrivilege, SeChangeNotifyPrivilege, SeRemoteShutdownPrivilege, SeUndockPrivilege, SeSyncAgentPrivilege, SeEnableDelegationPrivilege, SeManageVolumePrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege, SeTrustedCredmanAccessPrivilege, SeRelabelPrivilege, SeIncreaseWorkingSetPrivilege, SeTimeZonePrivilege, SeCreateSymbolicLinkPrivilege, SeDelegateSessionUserImpersonatePrivilege</maml:para> </maml:description> <command:parameterValue required="true">TokenPrivilegeValue[]</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.TokenPrivilegeValue[]</maml:name> <maml:uri /> </dev:type> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">SeCreateTokenPrivilege</command:parameterValue> <command:parameterValue required="false" variableLength="false">SeAssignPrimaryTokenPrivilege</command:parameterValue> <command:parameterValue required="false" variableLength="false">SeLockMemoryPrivilege</command:parameterValue> <command:parameterValue required="false" variableLength="false">SeIncreaseQuotaPrivilege</command:parameterValue> <command:parameterValue required="false" variableLength="false">SeMachineAccountPrivilege</command:parameterValue> <command:parameterValue required="false" variableLength="false">SeTcbPrivilege</command:parameterValue> <command:parameterValue required="false" variableLength="false">SeSecurityPrivilege</command:parameterValue> <command:parameterValue required="false" variableLength="false">SeTakeOwnershipPrivilege</command:parameterValue> <command:parameterValue required="false" variableLength="false">SeLoadDriverPrivilege</command:parameterValue> <command:parameterValue required="false" variableLength="false">SeSystemProfilePrivilege</command:parameterValue> <command:parameterValue required="false" variableLength="false">SeSystemTimePrivilege</command:parameterValue> <command:parameterValue required="false" variableLength="false">SeProfileSingleProcessPrivilege</command:parameterValue> <command:parameterValue required="false" variableLength="false">SeIncreaseBasePriorityPrivilege</command:parameterValue> <command:parameterValue required="false" variableLength="false">SeCreatePageFilePrivilege</command:parameterValue> <command:parameterValue required="false" variableLength="false">SeCreatePermanentPrivilege</command:parameterValue> <command:parameterValue required="false" variableLength="false">SeBackupPrivilege</command:parameterValue> <command:parameterValue required="false" variableLength="false">SeRestorePrivilege</command:parameterValue> <command:parameterValue required="false" variableLength="false">SeShutdownPrivilege</command:parameterValue> <command:parameterValue required="false" variableLength="false">SeDebugPrivilege</command:parameterValue> <command:parameterValue required="false" variableLength="false">SeAuditPrivilege</command:parameterValue> <command:parameterValue required="false" variableLength="false">SeSystemEnvironmentPrivilege</command:parameterValue> <command:parameterValue required="false" variableLength="false">SeChangeNotifyPrivilege</command:parameterValue> <command:parameterValue required="false" variableLength="false">SeRemoteShutdownPrivilege</command:parameterValue> <command:parameterValue required="false" variableLength="false">SeUndockPrivilege</command:parameterValue> <command:parameterValue required="false" variableLength="false">SeSyncAgentPrivilege</command:parameterValue> <command:parameterValue required="false" variableLength="false">SeEnableDelegationPrivilege</command:parameterValue> <command:parameterValue required="false" variableLength="false">SeManageVolumePrivilege</command:parameterValue> <command:parameterValue required="false" variableLength="false">SeImpersonatePrivilege</command:parameterValue> <command:parameterValue required="false" variableLength="false">SeCreateGlobalPrivilege</command:parameterValue> <command:parameterValue required="false" variableLength="false">SeTrustedCredmanAccessPrivilege</command:parameterValue> <command:parameterValue required="false" variableLength="false">SeRelabelPrivilege</command:parameterValue> <command:parameterValue required="false" variableLength="false">SeIncreaseWorkingSetPrivilege</command:parameterValue> <command:parameterValue required="false" variableLength="false">SeTimeZonePrivilege</command:parameterValue> <command:parameterValue required="false" variableLength="false">SeCreateSymbolicLinkPrivilege</command:parameterValue> <command:parameterValue required="false" variableLength="false">SeDelegateSessionUserImpersonatePrivilege</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: SubsystemName --> <command:parameter required="true" globbing="false" pipelineInput="false" position="named"> <maml:name>SubsystemName</maml:name> <maml:description> <maml:para>Specify the name of the subsystem.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: AccessGranted --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>AccessGranted</maml:name> <maml:description> <maml:para>Specify if access granted was granted.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: DesiredAccess --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>DesiredAccess</maml:name> <maml:description> <maml:para>Specify the desired access.</maml:para> </maml:description> <command:parameterValue required="true">AccessMask</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.AccessMask</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>00000000</dev:defaultValue> </command:parameter> <!-- Parameter: HandleId --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>HandleId</maml:name> <maml:description> <maml:para>Specify the handle ID.</maml:para> </maml:description> <command:parameterValue required="true">IntPtr</command:parameterValue> <dev:type> <maml:name>System.IntPtr</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>0</dev:defaultValue> </command:parameter> <!-- Parameter: Token --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Token</maml:name> <maml:description> <maml:para>Specify a token object for the audit event. If not specified then current effective token is used.</maml:para> </maml:description> <command:parameterValue required="true">NtToken</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtToken</maml:name> <maml:uri /> </dev:type> </command:parameter> </command:syntaxItem> <!-- Parameter set: PrivilegeService --> <command:syntaxItem> <maml:name>Write-NtAudit</maml:name> <!-- Parameter: Privileges --> <command:parameter required="true" globbing="false" pipelineInput="false" position="named"> <maml:name>Privileges</maml:name> <maml:description> <maml:para>Specify privileges.</maml:para> <maml:para>Possible values: SeCreateTokenPrivilege, SeAssignPrimaryTokenPrivilege, SeLockMemoryPrivilege, SeIncreaseQuotaPrivilege, SeMachineAccountPrivilege, SeTcbPrivilege, SeSecurityPrivilege, SeTakeOwnershipPrivilege, SeLoadDriverPrivilege, SeSystemProfilePrivilege, SeSystemTimePrivilege, SeProfileSingleProcessPrivilege, SeIncreaseBasePriorityPrivilege, SeCreatePageFilePrivilege, SeCreatePermanentPrivilege, SeBackupPrivilege, SeRestorePrivilege, SeShutdownPrivilege, SeDebugPrivilege, SeAuditPrivilege, SeSystemEnvironmentPrivilege, SeChangeNotifyPrivilege, SeRemoteShutdownPrivilege, SeUndockPrivilege, SeSyncAgentPrivilege, SeEnableDelegationPrivilege, SeManageVolumePrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege, SeTrustedCredmanAccessPrivilege, SeRelabelPrivilege, SeIncreaseWorkingSetPrivilege, SeTimeZonePrivilege, SeCreateSymbolicLinkPrivilege, SeDelegateSessionUserImpersonatePrivilege</maml:para> </maml:description> <command:parameterValue required="true">TokenPrivilegeValue[]</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.TokenPrivilegeValue[]</maml:name> <maml:uri /> </dev:type> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">SeCreateTokenPrivilege</command:parameterValue> <command:parameterValue required="false" variableLength="false">SeAssignPrimaryTokenPrivilege</command:parameterValue> <command:parameterValue required="false" variableLength="false">SeLockMemoryPrivilege</command:parameterValue> <command:parameterValue required="false" variableLength="false">SeIncreaseQuotaPrivilege</command:parameterValue> <command:parameterValue required="false" variableLength="false">SeMachineAccountPrivilege</command:parameterValue> <command:parameterValue required="false" variableLength="false">SeTcbPrivilege</command:parameterValue> <command:parameterValue required="false" variableLength="false">SeSecurityPrivilege</command:parameterValue> <command:parameterValue required="false" variableLength="false">SeTakeOwnershipPrivilege</command:parameterValue> <command:parameterValue required="false" variableLength="false">SeLoadDriverPrivilege</command:parameterValue> <command:parameterValue required="false" variableLength="false">SeSystemProfilePrivilege</command:parameterValue> <command:parameterValue required="false" variableLength="false">SeSystemTimePrivilege</command:parameterValue> <command:parameterValue required="false" variableLength="false">SeProfileSingleProcessPrivilege</command:parameterValue> <command:parameterValue required="false" variableLength="false">SeIncreaseBasePriorityPrivilege</command:parameterValue> <command:parameterValue required="false" variableLength="false">SeCreatePageFilePrivilege</command:parameterValue> <command:parameterValue required="false" variableLength="false">SeCreatePermanentPrivilege</command:parameterValue> <command:parameterValue required="false" variableLength="false">SeBackupPrivilege</command:parameterValue> <command:parameterValue required="false" variableLength="false">SeRestorePrivilege</command:parameterValue> <command:parameterValue required="false" variableLength="false">SeShutdownPrivilege</command:parameterValue> <command:parameterValue required="false" variableLength="false">SeDebugPrivilege</command:parameterValue> <command:parameterValue required="false" variableLength="false">SeAuditPrivilege</command:parameterValue> <command:parameterValue required="false" variableLength="false">SeSystemEnvironmentPrivilege</command:parameterValue> <command:parameterValue required="false" variableLength="false">SeChangeNotifyPrivilege</command:parameterValue> <command:parameterValue required="false" variableLength="false">SeRemoteShutdownPrivilege</command:parameterValue> <command:parameterValue required="false" variableLength="false">SeUndockPrivilege</command:parameterValue> <command:parameterValue required="false" variableLength="false">SeSyncAgentPrivilege</command:parameterValue> <command:parameterValue required="false" variableLength="false">SeEnableDelegationPrivilege</command:parameterValue> <command:parameterValue required="false" variableLength="false">SeManageVolumePrivilege</command:parameterValue> <command:parameterValue required="false" variableLength="false">SeImpersonatePrivilege</command:parameterValue> <command:parameterValue required="false" variableLength="false">SeCreateGlobalPrivilege</command:parameterValue> <command:parameterValue required="false" variableLength="false">SeTrustedCredmanAccessPrivilege</command:parameterValue> <command:parameterValue required="false" variableLength="false">SeRelabelPrivilege</command:parameterValue> <command:parameterValue required="false" variableLength="false">SeIncreaseWorkingSetPrivilege</command:parameterValue> <command:parameterValue required="false" variableLength="false">SeTimeZonePrivilege</command:parameterValue> <command:parameterValue required="false" variableLength="false">SeCreateSymbolicLinkPrivilege</command:parameterValue> <command:parameterValue required="false" variableLength="false">SeDelegateSessionUserImpersonatePrivilege</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: PrivilegeService --> <command:parameter required="true" globbing="false" pipelineInput="false" position="named"> <maml:name>PrivilegeService</maml:name> <maml:description> <maml:para>Specify to generate a privilege service audit event.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: ServiceName --> <command:parameter required="true" globbing="false" pipelineInput="false" position="named"> <maml:name>ServiceName</maml:name> <maml:description> <maml:para>Specify the name of the service.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: SubsystemName --> <command:parameter required="true" globbing="false" pipelineInput="false" position="named"> <maml:name>SubsystemName</maml:name> <maml:description> <maml:para>Specify the name of the subsystem.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: AccessGranted --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>AccessGranted</maml:name> <maml:description> <maml:para>Specify if access granted was granted.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: Token --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Token</maml:name> <maml:description> <maml:para>Specify a token object for the audit event. If not specified then current effective token is used.</maml:para> </maml:description> <command:parameterValue required="true">NtToken</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtToken</maml:name> <maml:uri /> </dev:type> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <!-- Parameter: SecurityDescriptor --> <command:parameter required="true" globbing="false" pipelineInput="false" position="named"> <maml:name>SecurityDescriptor</maml:name> <maml:description> <maml:para>Specify the security descriptor for the object.</maml:para> </maml:description> <command:parameterValue required="true">SecurityDescriptor</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SecurityDescriptor</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: SubsystemName --> <command:parameter required="true" globbing="false" pipelineInput="false" position="named"> <maml:name>SubsystemName</maml:name> <maml:description> <maml:para>Specify the name of the subsystem.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: HandleId --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>HandleId</maml:name> <maml:description> <maml:para>Specify the handle ID.</maml:para> </maml:description> <command:parameterValue required="true">IntPtr</command:parameterValue> <dev:type> <maml:name>System.IntPtr</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>0</dev:defaultValue> </command:parameter> <!-- Parameter: TypeName --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>TypeName</maml:name> <maml:description> <maml:para>Specify the name of the object type.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Name --> <command:parameter required="true" globbing="false" pipelineInput="false" position="named"> <maml:name>Name</maml:name> <maml:description> <maml:para>Specify the name of the object.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: ServiceName --> <command:parameter required="true" globbing="false" pipelineInput="false" position="named"> <maml:name>ServiceName</maml:name> <maml:description> <maml:para>Specify the name of the service.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Token --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Token</maml:name> <maml:description> <maml:para>Specify a token object for the audit event. If not specified then current effective token is used.</maml:para> </maml:description> <command:parameterValue required="true">NtToken</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtToken</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: DesiredAccess --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>DesiredAccess</maml:name> <maml:description> <maml:para>Specify the desired access.</maml:para> </maml:description> <command:parameterValue required="true">AccessMask</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.AccessMask</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>00000000</dev:defaultValue> </command:parameter> <!-- Parameter: GrantedAccess --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>GrantedAccess</maml:name> <maml:description> <maml:para>Specify the granted access.</maml:para> </maml:description> <command:parameterValue required="true">AccessMask</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.AccessMask</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>00000000</dev:defaultValue> </command:parameter> <!-- Parameter: Creation --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Creation</maml:name> <maml:description> <maml:para>Specify the object was created.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: AccessGranted --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>AccessGranted</maml:name> <maml:description> <maml:para>Specify if access granted was granted.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: GenerateOnClose --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>GenerateOnClose</maml:name> <maml:description> <maml:para>Specify the generate on close flag.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: Privileges --> <command:parameter required="true" globbing="false" pipelineInput="false" position="named"> <maml:name>Privileges</maml:name> <maml:description> <maml:para>Specify privileges.</maml:para> <maml:para>Possible values: SeCreateTokenPrivilege, SeAssignPrimaryTokenPrivilege, SeLockMemoryPrivilege, SeIncreaseQuotaPrivilege, SeMachineAccountPrivilege, SeTcbPrivilege, SeSecurityPrivilege, SeTakeOwnershipPrivilege, SeLoadDriverPrivilege, SeSystemProfilePrivilege, SeSystemTimePrivilege, SeProfileSingleProcessPrivilege, SeIncreaseBasePriorityPrivilege, SeCreatePageFilePrivilege, SeCreatePermanentPrivilege, SeBackupPrivilege, SeRestorePrivilege, SeShutdownPrivilege, SeDebugPrivilege, SeAuditPrivilege, SeSystemEnvironmentPrivilege, SeChangeNotifyPrivilege, SeRemoteShutdownPrivilege, SeUndockPrivilege, SeSyncAgentPrivilege, SeEnableDelegationPrivilege, SeManageVolumePrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege, SeTrustedCredmanAccessPrivilege, SeRelabelPrivilege, SeIncreaseWorkingSetPrivilege, SeTimeZonePrivilege, SeCreateSymbolicLinkPrivilege, SeDelegateSessionUserImpersonatePrivilege</maml:para> </maml:description> <command:parameterValue required="true">TokenPrivilegeValue[]</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.TokenPrivilegeValue[]</maml:name> <maml:uri /> </dev:type> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">SeCreateTokenPrivilege</command:parameterValue> <command:parameterValue required="false" variableLength="false">SeAssignPrimaryTokenPrivilege</command:parameterValue> <command:parameterValue required="false" variableLength="false">SeLockMemoryPrivilege</command:parameterValue> <command:parameterValue required="false" variableLength="false">SeIncreaseQuotaPrivilege</command:parameterValue> <command:parameterValue required="false" variableLength="false">SeMachineAccountPrivilege</command:parameterValue> <command:parameterValue required="false" variableLength="false">SeTcbPrivilege</command:parameterValue> <command:parameterValue required="false" variableLength="false">SeSecurityPrivilege</command:parameterValue> <command:parameterValue required="false" variableLength="false">SeTakeOwnershipPrivilege</command:parameterValue> <command:parameterValue required="false" variableLength="false">SeLoadDriverPrivilege</command:parameterValue> <command:parameterValue required="false" variableLength="false">SeSystemProfilePrivilege</command:parameterValue> <command:parameterValue required="false" variableLength="false">SeSystemTimePrivilege</command:parameterValue> <command:parameterValue required="false" variableLength="false">SeProfileSingleProcessPrivilege</command:parameterValue> <command:parameterValue required="false" variableLength="false">SeIncreaseBasePriorityPrivilege</command:parameterValue> <command:parameterValue required="false" variableLength="false">SeCreatePageFilePrivilege</command:parameterValue> <command:parameterValue required="false" variableLength="false">SeCreatePermanentPrivilege</command:parameterValue> <command:parameterValue required="false" variableLength="false">SeBackupPrivilege</command:parameterValue> <command:parameterValue required="false" variableLength="false">SeRestorePrivilege</command:parameterValue> <command:parameterValue required="false" variableLength="false">SeShutdownPrivilege</command:parameterValue> <command:parameterValue required="false" variableLength="false">SeDebugPrivilege</command:parameterValue> <command:parameterValue required="false" variableLength="false">SeAuditPrivilege</command:parameterValue> <command:parameterValue required="false" variableLength="false">SeSystemEnvironmentPrivilege</command:parameterValue> <command:parameterValue required="false" variableLength="false">SeChangeNotifyPrivilege</command:parameterValue> <command:parameterValue required="false" variableLength="false">SeRemoteShutdownPrivilege</command:parameterValue> <command:parameterValue required="false" variableLength="false">SeUndockPrivilege</command:parameterValue> <command:parameterValue required="false" variableLength="false">SeSyncAgentPrivilege</command:parameterValue> <command:parameterValue required="false" variableLength="false">SeEnableDelegationPrivilege</command:parameterValue> <command:parameterValue required="false" variableLength="false">SeManageVolumePrivilege</command:parameterValue> <command:parameterValue required="false" variableLength="false">SeImpersonatePrivilege</command:parameterValue> <command:parameterValue required="false" variableLength="false">SeCreateGlobalPrivilege</command:parameterValue> <command:parameterValue required="false" variableLength="false">SeTrustedCredmanAccessPrivilege</command:parameterValue> <command:parameterValue required="false" variableLength="false">SeRelabelPrivilege</command:parameterValue> <command:parameterValue required="false" variableLength="false">SeIncreaseWorkingSetPrivilege</command:parameterValue> <command:parameterValue required="false" variableLength="false">SeTimeZonePrivilege</command:parameterValue> <command:parameterValue required="false" variableLength="false">SeCreateSymbolicLinkPrivilege</command:parameterValue> <command:parameterValue required="false" variableLength="false">SeDelegateSessionUserImpersonatePrivilege</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: Delete --> <command:parameter required="true" globbing="false" pipelineInput="false" position="named"> <maml:name>Delete</maml:name> <maml:description> <maml:para>Specify to generate a delete audit event.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: Close --> <command:parameter required="true" globbing="false" pipelineInput="false" position="named"> <maml:name>Close</maml:name> <maml:description> <maml:para>Specify to generate a close audit event.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: Open --> <command:parameter required="true" globbing="false" pipelineInput="false" position="named"> <maml:name>Open</maml:name> <maml:description> <maml:para>Specify to generate a open audit event.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: PrivilegeObject --> <command:parameter required="true" globbing="false" pipelineInput="false" position="named"> <maml:name>PrivilegeObject</maml:name> <maml:description> <maml:para>Specify to generate a privilege object audit event.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: PrivilegeService --> <command:parameter required="true" globbing="false" pipelineInput="false" position="named"> <maml:name>PrivilegeService</maml:name> <maml:description> <maml:para>Specify to generate a privilege service audit event.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes /> <command:returnValues /> <command:examples> <command:example> <maml:title>---------- EXAMPLE 1 ----------</maml:title> <dev:code>$on_close = Write-NtAudit -Open -SubsystemName "Subsystem" -SecurityDescriptor $sd -Name "ABC" -AccessGranted</dev:code> <dev:remarks> <maml:para>Write an open object audit event.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 2 ----------</maml:title> <dev:code>$on_close = Write-NtAudit -Close -SubsystemName "Subsystem" -HandleId 1234 -GeneratedOnClose</dev:code> <dev:remarks> <maml:para>Write a close object audit event.</maml:para> </dev:remarks> </command:example> </command:examples> </command:command> <!-- Cmdlet: Get-NtDebug --> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"> <command:details> <command:name>Get-NtDebug</command:name> <command:verb>Get</command:verb> <command:noun>NtDebug</command:noun> <maml:description> <maml:para>Open a NT debug object by path.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>This cmdlet opens an existing NT debug object. The absolute path to the object in the NT object manager name space must be specified. It's also possible to create the object relative to an existing object by specified the -Root parameter.</maml:para> </maml:description> <command:syntax> <!-- Parameter set: FromPath --> <command:syntaxItem> <maml:name>Get-NtDebug</maml:name> <!-- Parameter: Path --> <command:parameter required="true" globbing="false" pipelineInput="false" position="0"> <maml:name>Path</maml:name> <maml:description> <maml:para>The NT object manager path to the object to use.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Access --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Access</maml:name> <maml:description> <maml:para>Specify the access rights for a new handle when creating/opening an object.</maml:para> <maml:para>Possible values: ReadEvent, ProcessAssign, SetInformation, QueryInformation, GenericRead, GenericWrite, GenericExecute, GenericAll, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, MaximumAllowed, AccessSystemSecurity</maml:para> </maml:description> <command:parameterValue required="true">DebugAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.DebugAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>MaximumAllowed</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">ReadEvent</command:parameterValue> <command:parameterValue required="false" variableLength="false">ProcessAssign</command:parameterValue> <command:parameterValue required="false" variableLength="false">SetInformation</command:parameterValue> <command:parameterValue required="false" variableLength="false">QueryInformation</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> <command:parameterValue required="false" variableLength="false">AccessSystemSecurity</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: AttributeFlags --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ObjectAttributes,AttributesFlags"> <maml:name>AttributeFlags</maml:name> <maml:description> <maml:para>Object Attribute flags used during Open/Create calls.</maml:para> <maml:para>Possible values: None, ProtectClose, Inherit, AuditObjectClose, Permanent, Exclusive, CaseInsensitive, OpenIf, OpenLink, KernelHandle, ForceAccessCheck, IgnoreImpersonatedDevicemap, DontReparse</maml:para> </maml:description> <command:parameterValue required="true">AttributeFlags</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.AttributeFlags</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>CaseInsensitive</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">ProtectClose</command:parameterValue> <command:parameterValue required="false" variableLength="false">Inherit</command:parameterValue> <command:parameterValue required="false" variableLength="false">AuditObjectClose</command:parameterValue> <command:parameterValue required="false" variableLength="false">Permanent</command:parameterValue> <command:parameterValue required="false" variableLength="false">Exclusive</command:parameterValue> <command:parameterValue required="false" variableLength="false">CaseInsensitive</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenIf</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenLink</command:parameterValue> <command:parameterValue required="false" variableLength="false">KernelHandle</command:parameterValue> <command:parameterValue required="false" variableLength="false">ForceAccessCheck</command:parameterValue> <command:parameterValue required="false" variableLength="false">IgnoreImpersonatedDevicemap</command:parameterValue> <command:parameterValue required="false" variableLength="false">DontReparse</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: Close --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Close</maml:name> <maml:description> <maml:para>Close the object immediately and don't pass to the output. This is useful to create permanent objects without needing to close the handle manually.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: CloseRoot --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CloseRoot</maml:name> <maml:description> <maml:para>Automatically close the Root object when this cmdlet finishes processing. Useful for pipelines.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: CreateDirectories --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CreateDirectories</maml:name> <maml:description> <maml:para>Create any necessary NtDirectory objects to create the required object. Will return the created directories as well as the object in the output. The new object will be the first entry in the list. This doesn't work when opening an object or creating keys/files.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: Inherit --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Inherit</maml:name> <maml:description> <maml:para>Set to mark the new handle as inheritable. Can be used with ObjectAttributes.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: Root --> <command:parameter required="false" globbing="false" pipelineInput="true (ByValue)" position="named"> <maml:name>Root</maml:name> <maml:description> <maml:para>An existing open NT object to use when Path is relative.</maml:para> </maml:description> <command:parameterValue required="true">NtObject</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtObject</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: ScriptBlock --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ScriptBlock</maml:name> <maml:description> <maml:para>Invoke a script block on the created object before writing it to the output. Can be used in combination with the Close to map objects to some value.</maml:para> </maml:description> <command:parameterValue required="true">ScriptBlock</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.ScriptBlock</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Sddl --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Sddl</maml:name> <maml:description> <maml:para>Set to provide an explicit security descriptor to a newly created object in SDDL format.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: SecurityDescriptor --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>SecurityDescriptor</maml:name> <maml:description> <maml:para>Set to provide an explicit security descriptor to a newly created object.</maml:para> </maml:description> <command:parameterValue required="true">SecurityDescriptor</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SecurityDescriptor</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: SecurityQualityOfService --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>SecurityQualityOfService</maml:name> <maml:description> <maml:para>Set to provide an explicit security quality of service when opening files/namedpipes.</maml:para> </maml:description> <command:parameterValue required="true">SecurityQualityOfService</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SecurityQualityOfService</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Win32Path --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Win32Path</maml:name> <maml:description> <maml:para>Use a Win32 path for lookups. For NT objects this means relative to BNO, for files means a DOS style path.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> </command:syntaxItem> <!-- Parameter set: FromCurrent --> <command:syntaxItem> <maml:name>Get-NtDebug</maml:name> <!-- Parameter: Path --> <command:parameter required="false" globbing="false" pipelineInput="false" position="0"> <maml:name>Path</maml:name> <maml:description> <maml:para>The NT object manager path to the object to use.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Current --> <command:parameter required="true" globbing="false" pipelineInput="false" position="named"> <maml:name>Current</maml:name> <maml:description> <maml:para>Open the current thread's debug object. Most parameters on this cmdlet will be ignored.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: Access --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Access</maml:name> <maml:description> <maml:para>Specify the access rights for a new handle when creating/opening an object.</maml:para> <maml:para>Possible values: ReadEvent, ProcessAssign, SetInformation, QueryInformation, GenericRead, GenericWrite, GenericExecute, GenericAll, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, MaximumAllowed, AccessSystemSecurity</maml:para> </maml:description> <command:parameterValue required="true">DebugAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.DebugAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>MaximumAllowed</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">ReadEvent</command:parameterValue> <command:parameterValue required="false" variableLength="false">ProcessAssign</command:parameterValue> <command:parameterValue required="false" variableLength="false">SetInformation</command:parameterValue> <command:parameterValue required="false" variableLength="false">QueryInformation</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> <command:parameterValue required="false" variableLength="false">AccessSystemSecurity</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: AttributeFlags --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ObjectAttributes,AttributesFlags"> <maml:name>AttributeFlags</maml:name> <maml:description> <maml:para>Object Attribute flags used during Open/Create calls.</maml:para> <maml:para>Possible values: None, ProtectClose, Inherit, AuditObjectClose, Permanent, Exclusive, CaseInsensitive, OpenIf, OpenLink, KernelHandle, ForceAccessCheck, IgnoreImpersonatedDevicemap, DontReparse</maml:para> </maml:description> <command:parameterValue required="true">AttributeFlags</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.AttributeFlags</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>CaseInsensitive</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">ProtectClose</command:parameterValue> <command:parameterValue required="false" variableLength="false">Inherit</command:parameterValue> <command:parameterValue required="false" variableLength="false">AuditObjectClose</command:parameterValue> <command:parameterValue required="false" variableLength="false">Permanent</command:parameterValue> <command:parameterValue required="false" variableLength="false">Exclusive</command:parameterValue> <command:parameterValue required="false" variableLength="false">CaseInsensitive</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenIf</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenLink</command:parameterValue> <command:parameterValue required="false" variableLength="false">KernelHandle</command:parameterValue> <command:parameterValue required="false" variableLength="false">ForceAccessCheck</command:parameterValue> <command:parameterValue required="false" variableLength="false">IgnoreImpersonatedDevicemap</command:parameterValue> <command:parameterValue required="false" variableLength="false">DontReparse</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: Close --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Close</maml:name> <maml:description> <maml:para>Close the object immediately and don't pass to the output. This is useful to create permanent objects without needing to close the handle manually.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: CloseRoot --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CloseRoot</maml:name> <maml:description> <maml:para>Automatically close the Root object when this cmdlet finishes processing. Useful for pipelines.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: CreateDirectories --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CreateDirectories</maml:name> <maml:description> <maml:para>Create any necessary NtDirectory objects to create the required object. Will return the created directories as well as the object in the output. The new object will be the first entry in the list. This doesn't work when opening an object or creating keys/files.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: Inherit --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Inherit</maml:name> <maml:description> <maml:para>Set to mark the new handle as inheritable. Can be used with ObjectAttributes.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: Root --> <command:parameter required="false" globbing="false" pipelineInput="true (ByValue)" position="named"> <maml:name>Root</maml:name> <maml:description> <maml:para>An existing open NT object to use when Path is relative.</maml:para> </maml:description> <command:parameterValue required="true">NtObject</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtObject</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: ScriptBlock --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ScriptBlock</maml:name> <maml:description> <maml:para>Invoke a script block on the created object before writing it to the output. Can be used in combination with the Close to map objects to some value.</maml:para> </maml:description> <command:parameterValue required="true">ScriptBlock</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.ScriptBlock</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Sddl --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Sddl</maml:name> <maml:description> <maml:para>Set to provide an explicit security descriptor to a newly created object in SDDL format.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: SecurityDescriptor --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>SecurityDescriptor</maml:name> <maml:description> <maml:para>Set to provide an explicit security descriptor to a newly created object.</maml:para> </maml:description> <command:parameterValue required="true">SecurityDescriptor</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SecurityDescriptor</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: SecurityQualityOfService --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>SecurityQualityOfService</maml:name> <maml:description> <maml:para>Set to provide an explicit security quality of service when opening files/namedpipes.</maml:para> </maml:description> <command:parameterValue required="true">SecurityQualityOfService</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SecurityQualityOfService</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Win32Path --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Win32Path</maml:name> <maml:description> <maml:para>Use a Win32 path for lookups. For NT objects this means relative to BNO, for files means a DOS style path.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> </command:syntaxItem> <!-- Parameter set: FromProcess --> <command:syntaxItem> <maml:name>Get-NtDebug</maml:name> <!-- Parameter: Path --> <command:parameter required="false" globbing="false" pipelineInput="false" position="0"> <maml:name>Path</maml:name> <maml:description> <maml:para>The NT object manager path to the object to use.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Process --> <command:parameter required="true" globbing="false" pipelineInput="false" position="named"> <maml:name>Process</maml:name> <maml:description> <maml:para>Open the debug object from a process. Most parameters on this cmdlet will be ignored.</maml:para> </maml:description> <command:parameterValue required="true">NtProcess</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtProcess</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Access --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Access</maml:name> <maml:description> <maml:para>Specify the access rights for a new handle when creating/opening an object.</maml:para> <maml:para>Possible values: ReadEvent, ProcessAssign, SetInformation, QueryInformation, GenericRead, GenericWrite, GenericExecute, GenericAll, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, MaximumAllowed, AccessSystemSecurity</maml:para> </maml:description> <command:parameterValue required="true">DebugAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.DebugAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>MaximumAllowed</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">ReadEvent</command:parameterValue> <command:parameterValue required="false" variableLength="false">ProcessAssign</command:parameterValue> <command:parameterValue required="false" variableLength="false">SetInformation</command:parameterValue> <command:parameterValue required="false" variableLength="false">QueryInformation</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> <command:parameterValue required="false" variableLength="false">AccessSystemSecurity</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: AttributeFlags --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ObjectAttributes,AttributesFlags"> <maml:name>AttributeFlags</maml:name> <maml:description> <maml:para>Object Attribute flags used during Open/Create calls.</maml:para> <maml:para>Possible values: None, ProtectClose, Inherit, AuditObjectClose, Permanent, Exclusive, CaseInsensitive, OpenIf, OpenLink, KernelHandle, ForceAccessCheck, IgnoreImpersonatedDevicemap, DontReparse</maml:para> </maml:description> <command:parameterValue required="true">AttributeFlags</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.AttributeFlags</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>CaseInsensitive</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">ProtectClose</command:parameterValue> <command:parameterValue required="false" variableLength="false">Inherit</command:parameterValue> <command:parameterValue required="false" variableLength="false">AuditObjectClose</command:parameterValue> <command:parameterValue required="false" variableLength="false">Permanent</command:parameterValue> <command:parameterValue required="false" variableLength="false">Exclusive</command:parameterValue> <command:parameterValue required="false" variableLength="false">CaseInsensitive</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenIf</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenLink</command:parameterValue> <command:parameterValue required="false" variableLength="false">KernelHandle</command:parameterValue> <command:parameterValue required="false" variableLength="false">ForceAccessCheck</command:parameterValue> <command:parameterValue required="false" variableLength="false">IgnoreImpersonatedDevicemap</command:parameterValue> <command:parameterValue required="false" variableLength="false">DontReparse</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: Close --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Close</maml:name> <maml:description> <maml:para>Close the object immediately and don't pass to the output. This is useful to create permanent objects without needing to close the handle manually.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: CloseRoot --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CloseRoot</maml:name> <maml:description> <maml:para>Automatically close the Root object when this cmdlet finishes processing. Useful for pipelines.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: CreateDirectories --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CreateDirectories</maml:name> <maml:description> <maml:para>Create any necessary NtDirectory objects to create the required object. Will return the created directories as well as the object in the output. The new object will be the first entry in the list. This doesn't work when opening an object or creating keys/files.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: Inherit --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Inherit</maml:name> <maml:description> <maml:para>Set to mark the new handle as inheritable. Can be used with ObjectAttributes.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: Root --> <command:parameter required="false" globbing="false" pipelineInput="true (ByValue)" position="named"> <maml:name>Root</maml:name> <maml:description> <maml:para>An existing open NT object to use when Path is relative.</maml:para> </maml:description> <command:parameterValue required="true">NtObject</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtObject</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: ScriptBlock --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ScriptBlock</maml:name> <maml:description> <maml:para>Invoke a script block on the created object before writing it to the output. Can be used in combination with the Close to map objects to some value.</maml:para> </maml:description> <command:parameterValue required="true">ScriptBlock</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.ScriptBlock</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Sddl --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Sddl</maml:name> <maml:description> <maml:para>Set to provide an explicit security descriptor to a newly created object in SDDL format.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: SecurityDescriptor --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>SecurityDescriptor</maml:name> <maml:description> <maml:para>Set to provide an explicit security descriptor to a newly created object.</maml:para> </maml:description> <command:parameterValue required="true">SecurityDescriptor</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SecurityDescriptor</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: SecurityQualityOfService --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>SecurityQualityOfService</maml:name> <maml:description> <maml:para>Set to provide an explicit security quality of service when opening files/namedpipes.</maml:para> </maml:description> <command:parameterValue required="true">SecurityQualityOfService</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SecurityQualityOfService</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Win32Path --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Win32Path</maml:name> <maml:description> <maml:para>Use a Win32 path for lookups. For NT objects this means relative to BNO, for files means a DOS style path.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <!-- Parameter: Path --> <command:parameter required="true" globbing="false" pipelineInput="false" position="0"> <maml:name>Path</maml:name> <maml:description> <maml:para>The NT object manager path to the object to use.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Current --> <command:parameter required="true" globbing="false" pipelineInput="false" position="named"> <maml:name>Current</maml:name> <maml:description> <maml:para>Open the current thread's debug object. Most parameters on this cmdlet will be ignored.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: Process --> <command:parameter required="true" globbing="false" pipelineInput="false" position="named"> <maml:name>Process</maml:name> <maml:description> <maml:para>Open the debug object from a process. Most parameters on this cmdlet will be ignored.</maml:para> </maml:description> <command:parameterValue required="true">NtProcess</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtProcess</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Access --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Access</maml:name> <maml:description> <maml:para>Specify the access rights for a new handle when creating/opening an object.</maml:para> <maml:para>Possible values: ReadEvent, ProcessAssign, SetInformation, QueryInformation, GenericRead, GenericWrite, GenericExecute, GenericAll, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, MaximumAllowed, AccessSystemSecurity</maml:para> </maml:description> <command:parameterValue required="true">DebugAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.DebugAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>MaximumAllowed</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">ReadEvent</command:parameterValue> <command:parameterValue required="false" variableLength="false">ProcessAssign</command:parameterValue> <command:parameterValue required="false" variableLength="false">SetInformation</command:parameterValue> <command:parameterValue required="false" variableLength="false">QueryInformation</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> <command:parameterValue required="false" variableLength="false">AccessSystemSecurity</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: Root --> <command:parameter required="false" globbing="false" pipelineInput="true (ByValue)" position="named"> <maml:name>Root</maml:name> <maml:description> <maml:para>An existing open NT object to use when Path is relative.</maml:para> </maml:description> <command:parameterValue required="true">NtObject</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtObject</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Win32Path --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Win32Path</maml:name> <maml:description> <maml:para>Use a Win32 path for lookups. For NT objects this means relative to BNO, for files means a DOS style path.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: CloseRoot --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CloseRoot</maml:name> <maml:description> <maml:para>Automatically close the Root object when this cmdlet finishes processing. Useful for pipelines.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: CreateDirectories --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CreateDirectories</maml:name> <maml:description> <maml:para>Create any necessary NtDirectory objects to create the required object. Will return the created directories as well as the object in the output. The new object will be the first entry in the list. This doesn't work when opening an object or creating keys/files.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: AttributeFlags --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ObjectAttributes,AttributesFlags"> <maml:name>AttributeFlags</maml:name> <maml:description> <maml:para>Object Attribute flags used during Open/Create calls.</maml:para> <maml:para>Possible values: None, ProtectClose, Inherit, AuditObjectClose, Permanent, Exclusive, CaseInsensitive, OpenIf, OpenLink, KernelHandle, ForceAccessCheck, IgnoreImpersonatedDevicemap, DontReparse</maml:para> </maml:description> <command:parameterValue required="true">AttributeFlags</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.AttributeFlags</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>CaseInsensitive</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">ProtectClose</command:parameterValue> <command:parameterValue required="false" variableLength="false">Inherit</command:parameterValue> <command:parameterValue required="false" variableLength="false">AuditObjectClose</command:parameterValue> <command:parameterValue required="false" variableLength="false">Permanent</command:parameterValue> <command:parameterValue required="false" variableLength="false">Exclusive</command:parameterValue> <command:parameterValue required="false" variableLength="false">CaseInsensitive</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenIf</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenLink</command:parameterValue> <command:parameterValue required="false" variableLength="false">KernelHandle</command:parameterValue> <command:parameterValue required="false" variableLength="false">ForceAccessCheck</command:parameterValue> <command:parameterValue required="false" variableLength="false">IgnoreImpersonatedDevicemap</command:parameterValue> <command:parameterValue required="false" variableLength="false">DontReparse</command:parameterValue> </command:parameterValueGroup> </command:parameter> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ObjectAttributes,AttributesFlags"> <maml:name>ObjectAttributes</maml:name> <maml:description> <maml:para>Object Attribute flags used during Open/Create calls.</maml:para> <maml:para>Possible values: None, ProtectClose, Inherit, AuditObjectClose, Permanent, Exclusive, CaseInsensitive, OpenIf, OpenLink, KernelHandle, ForceAccessCheck, IgnoreImpersonatedDevicemap, DontReparse</maml:para> <maml:para>This is an alias of the AttributeFlags parameter.</maml:para> </maml:description> <command:parameterValue required="true">AttributeFlags</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.AttributeFlags</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>CaseInsensitive</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">ProtectClose</command:parameterValue> <command:parameterValue required="false" variableLength="false">Inherit</command:parameterValue> <command:parameterValue required="false" variableLength="false">AuditObjectClose</command:parameterValue> <command:parameterValue required="false" variableLength="false">Permanent</command:parameterValue> <command:parameterValue required="false" variableLength="false">Exclusive</command:parameterValue> <command:parameterValue required="false" variableLength="false">CaseInsensitive</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenIf</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenLink</command:parameterValue> <command:parameterValue required="false" variableLength="false">KernelHandle</command:parameterValue> <command:parameterValue required="false" variableLength="false">ForceAccessCheck</command:parameterValue> <command:parameterValue required="false" variableLength="false">IgnoreImpersonatedDevicemap</command:parameterValue> <command:parameterValue required="false" variableLength="false">DontReparse</command:parameterValue> </command:parameterValueGroup> </command:parameter> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ObjectAttributes,AttributesFlags"> <maml:name>AttributesFlags</maml:name> <maml:description> <maml:para>Object Attribute flags used during Open/Create calls.</maml:para> <maml:para>Possible values: None, ProtectClose, Inherit, AuditObjectClose, Permanent, Exclusive, CaseInsensitive, OpenIf, OpenLink, KernelHandle, ForceAccessCheck, IgnoreImpersonatedDevicemap, DontReparse</maml:para> <maml:para>This is an alias of the AttributeFlags parameter.</maml:para> </maml:description> <command:parameterValue required="true">AttributeFlags</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.AttributeFlags</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>CaseInsensitive</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">ProtectClose</command:parameterValue> <command:parameterValue required="false" variableLength="false">Inherit</command:parameterValue> <command:parameterValue required="false" variableLength="false">AuditObjectClose</command:parameterValue> <command:parameterValue required="false" variableLength="false">Permanent</command:parameterValue> <command:parameterValue required="false" variableLength="false">Exclusive</command:parameterValue> <command:parameterValue required="false" variableLength="false">CaseInsensitive</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenIf</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenLink</command:parameterValue> <command:parameterValue required="false" variableLength="false">KernelHandle</command:parameterValue> <command:parameterValue required="false" variableLength="false">ForceAccessCheck</command:parameterValue> <command:parameterValue required="false" variableLength="false">IgnoreImpersonatedDevicemap</command:parameterValue> <command:parameterValue required="false" variableLength="false">DontReparse</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: SecurityDescriptor --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>SecurityDescriptor</maml:name> <maml:description> <maml:para>Set to provide an explicit security descriptor to a newly created object.</maml:para> </maml:description> <command:parameterValue required="true">SecurityDescriptor</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SecurityDescriptor</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Inherit --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Inherit</maml:name> <maml:description> <maml:para>Set to mark the new handle as inheritable. Can be used with ObjectAttributes.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: Sddl --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Sddl</maml:name> <maml:description> <maml:para>Set to provide an explicit security descriptor to a newly created object in SDDL format.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: SecurityQualityOfService --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>SecurityQualityOfService</maml:name> <maml:description> <maml:para>Set to provide an explicit security quality of service when opening files/namedpipes.</maml:para> </maml:description> <command:parameterValue required="true">SecurityQualityOfService</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SecurityQualityOfService</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Close --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Close</maml:name> <maml:description> <maml:para>Close the object immediately and don't pass to the output. This is useful to create permanent objects without needing to close the handle manually.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: ScriptBlock --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ScriptBlock</maml:name> <maml:description> <maml:para>Invoke a script block on the created object before writing it to the output. Can be used in combination with the Close to map objects to some value.</maml:para> </maml:description> <command:parameterValue required="true">ScriptBlock</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.ScriptBlock</maml:name> <maml:uri /> </dev:type> </command:parameter> </command:parameters> <command:inputTypes> <command:inputType> <dev:type> <maml:name>NtApiDotNet.NtObject</maml:name> <maml:uri /> </dev:type> <maml:description> <maml:para>An existing open NT object to use when Path is relative.</maml:para> </maml:description> </command:inputType> </command:inputTypes> <command:returnValues> <!-- OutputType: NtDebug --> <command:returnValue> <dev:type> <maml:name>NtApiDotNet.NtDebug</maml:name> <maml:uri /> </dev:type> </command:returnValue> </command:returnValues> <command:examples> <command:example> <maml:title>---------- EXAMPLE 1 ----------</maml:title> <dev:code>$obj = Get-NtDebug \BaseNamedObjects\ABC</dev:code> <dev:remarks> <maml:para>Get a debug object with an absolute path.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 2 ----------</maml:title> <dev:code>$root = Get-NtDirectory \BaseNamedObjects $obj = Get-NtDebug ABC -Root $root</dev:code> <dev:remarks> <maml:para>Get a debug object with a relative path.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 3 ----------</maml:title> <dev:code>$obj = Get-NtDebug -Path \BaseNamedObjects\ABC $obj.Wait()</dev:code> <dev:remarks> <maml:para>Get a debug object, wait for it to be set.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 4 ----------</maml:title> <dev:code>$obj = Get-NtDebug -Path \BaseNamedObjects\ABC $obj.Set()</dev:code> <dev:remarks> <maml:para>Get a debug object, and set it.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 5 ----------</maml:title> <dev:code>cd NtObject:\BaseNamedObjects $obj = Get-NtDebug ABC</dev:code> <dev:remarks> <maml:para>Get a debug object with a relative path based on the current location.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 6 ----------</maml:title> <dev:code>Get-NtDebug -Current</dev:code> <dev:remarks> <maml:para>Get the current debug object.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 7 ----------</maml:title> <dev:code>Get-NtDebug -Process $p</dev:code> <dev:remarks> <maml:para>Get the debug object from a process.</maml:para> </dev:remarks> </command:example> </command:examples> <maml:relatedLinks> <maml:navigationLink> <maml:linkText>about_ManagingNtObjectLifetime</maml:linkText> </maml:navigationLink> </maml:relatedLinks> </command:command> <!-- Cmdlet: New-NtDebug --> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"> <command:details> <command:name>New-NtDebug</command:name> <command:verb>New</command:verb> <command:noun>NtDebug</command:noun> <maml:description> <maml:para>Create a new NT debug object.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>This cmdlet creates a new NT debug object. The absolute path to the object in the NT object manager name space can be specified. It's also possible to create the object relative to an existing object by specified the -Root parameter. If no path is specified than an unnamed object will be created which can only be duplicated by handle. You can also attach a process to the new debug object immediately after creation.</maml:para> </maml:description> <command:syntax> <!-- Parameter set: AttachPid --> <command:syntaxItem> <maml:name>New-NtDebug</maml:name> <!-- Parameter: Path --> <command:parameter required="false" globbing="false" pipelineInput="false" position="0"> <maml:name>Path</maml:name> <maml:description> <maml:para>The NT object manager path to the object to use.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: ProcessId --> <command:parameter required="true" globbing="false" pipelineInput="false" position="named" aliases="pid"> <maml:name>ProcessId</maml:name> <maml:description> <maml:para>Specify a process ID to attach to after creation.</maml:para> </maml:description> <command:parameterValue required="true">int</command:parameterValue> <dev:type> <maml:name>System.Int32</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>0</dev:defaultValue> </command:parameter> <!-- Parameter: Access --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Access</maml:name> <maml:description> <maml:para>Specify the access rights for a new handle when creating/opening an object.</maml:para> <maml:para>Possible values: ReadEvent, ProcessAssign, SetInformation, QueryInformation, GenericRead, GenericWrite, GenericExecute, GenericAll, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, MaximumAllowed, AccessSystemSecurity</maml:para> </maml:description> <command:parameterValue required="true">DebugAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.DebugAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>MaximumAllowed</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">ReadEvent</command:parameterValue> <command:parameterValue required="false" variableLength="false">ProcessAssign</command:parameterValue> <command:parameterValue required="false" variableLength="false">SetInformation</command:parameterValue> <command:parameterValue required="false" variableLength="false">QueryInformation</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> <command:parameterValue required="false" variableLength="false">AccessSystemSecurity</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: AttributeFlags --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ObjectAttributes,AttributesFlags"> <maml:name>AttributeFlags</maml:name> <maml:description> <maml:para>Object Attribute flags used during Open/Create calls.</maml:para> <maml:para>Possible values: None, ProtectClose, Inherit, AuditObjectClose, Permanent, Exclusive, CaseInsensitive, OpenIf, OpenLink, KernelHandle, ForceAccessCheck, IgnoreImpersonatedDevicemap, DontReparse</maml:para> </maml:description> <command:parameterValue required="true">AttributeFlags</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.AttributeFlags</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>CaseInsensitive</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">ProtectClose</command:parameterValue> <command:parameterValue required="false" variableLength="false">Inherit</command:parameterValue> <command:parameterValue required="false" variableLength="false">AuditObjectClose</command:parameterValue> <command:parameterValue required="false" variableLength="false">Permanent</command:parameterValue> <command:parameterValue required="false" variableLength="false">Exclusive</command:parameterValue> <command:parameterValue required="false" variableLength="false">CaseInsensitive</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenIf</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenLink</command:parameterValue> <command:parameterValue required="false" variableLength="false">KernelHandle</command:parameterValue> <command:parameterValue required="false" variableLength="false">ForceAccessCheck</command:parameterValue> <command:parameterValue required="false" variableLength="false">IgnoreImpersonatedDevicemap</command:parameterValue> <command:parameterValue required="false" variableLength="false">DontReparse</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: Close --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Close</maml:name> <maml:description> <maml:para>Close the object immediately and don't pass to the output. This is useful to create permanent objects without needing to close the handle manually.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: CloseRoot --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CloseRoot</maml:name> <maml:description> <maml:para>Automatically close the Root object when this cmdlet finishes processing. Useful for pipelines.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: CreateDirectories --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CreateDirectories</maml:name> <maml:description> <maml:para>Create any necessary NtDirectory objects to create the required object. Will return the created directories as well as the object in the output. The new object will be the first entry in the list. This doesn't work when opening an object or creating keys/files.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: Flags --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Flags</maml:name> <maml:description> <maml:para>Specify flags for create.</maml:para> <maml:para>Possible values: None, KillOnClose</maml:para> </maml:description> <command:parameterValue required="true">DebugObjectFlags</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.DebugObjectFlags</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">KillOnClose</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: Inherit --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Inherit</maml:name> <maml:description> <maml:para>Set to mark the new handle as inheritable. Can be used with ObjectAttributes.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: Root --> <command:parameter required="false" globbing="false" pipelineInput="true (ByValue)" position="named"> <maml:name>Root</maml:name> <maml:description> <maml:para>An existing open NT object to use when Path is relative.</maml:para> </maml:description> <command:parameterValue required="true">NtObject</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtObject</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: ScriptBlock --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ScriptBlock</maml:name> <maml:description> <maml:para>Invoke a script block on the created object before writing it to the output. Can be used in combination with the Close to map objects to some value.</maml:para> </maml:description> <command:parameterValue required="true">ScriptBlock</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.ScriptBlock</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Sddl --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Sddl</maml:name> <maml:description> <maml:para>Set to provide an explicit security descriptor to a newly created object in SDDL format.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: SecurityDescriptor --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>SecurityDescriptor</maml:name> <maml:description> <maml:para>Set to provide an explicit security descriptor to a newly created object.</maml:para> </maml:description> <command:parameterValue required="true">SecurityDescriptor</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SecurityDescriptor</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: SecurityQualityOfService --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>SecurityQualityOfService</maml:name> <maml:description> <maml:para>Set to provide an explicit security quality of service when opening files/namedpipes.</maml:para> </maml:description> <command:parameterValue required="true">SecurityQualityOfService</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SecurityQualityOfService</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Win32Path --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Win32Path</maml:name> <maml:description> <maml:para>Use a Win32 path for lookups. For NT objects this means relative to BNO, for files means a DOS style path.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> </command:syntaxItem> <!-- Parameter set: AttachProcess --> <command:syntaxItem> <maml:name>New-NtDebug</maml:name> <!-- Parameter: Path --> <command:parameter required="false" globbing="false" pipelineInput="false" position="0"> <maml:name>Path</maml:name> <maml:description> <maml:para>The NT object manager path to the object to use.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Process --> <command:parameter required="true" globbing="false" pipelineInput="false" position="named"> <maml:name>Process</maml:name> <maml:description> <maml:para>Specify a process to attach to after creation.</maml:para> </maml:description> <command:parameterValue required="true">NtProcess</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtProcess</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Access --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Access</maml:name> <maml:description> <maml:para>Specify the access rights for a new handle when creating/opening an object.</maml:para> <maml:para>Possible values: ReadEvent, ProcessAssign, SetInformation, QueryInformation, GenericRead, GenericWrite, GenericExecute, GenericAll, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, MaximumAllowed, AccessSystemSecurity</maml:para> </maml:description> <command:parameterValue required="true">DebugAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.DebugAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>MaximumAllowed</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">ReadEvent</command:parameterValue> <command:parameterValue required="false" variableLength="false">ProcessAssign</command:parameterValue> <command:parameterValue required="false" variableLength="false">SetInformation</command:parameterValue> <command:parameterValue required="false" variableLength="false">QueryInformation</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> <command:parameterValue required="false" variableLength="false">AccessSystemSecurity</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: AttributeFlags --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ObjectAttributes,AttributesFlags"> <maml:name>AttributeFlags</maml:name> <maml:description> <maml:para>Object Attribute flags used during Open/Create calls.</maml:para> <maml:para>Possible values: None, ProtectClose, Inherit, AuditObjectClose, Permanent, Exclusive, CaseInsensitive, OpenIf, OpenLink, KernelHandle, ForceAccessCheck, IgnoreImpersonatedDevicemap, DontReparse</maml:para> </maml:description> <command:parameterValue required="true">AttributeFlags</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.AttributeFlags</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>CaseInsensitive</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">ProtectClose</command:parameterValue> <command:parameterValue required="false" variableLength="false">Inherit</command:parameterValue> <command:parameterValue required="false" variableLength="false">AuditObjectClose</command:parameterValue> <command:parameterValue required="false" variableLength="false">Permanent</command:parameterValue> <command:parameterValue required="false" variableLength="false">Exclusive</command:parameterValue> <command:parameterValue required="false" variableLength="false">CaseInsensitive</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenIf</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenLink</command:parameterValue> <command:parameterValue required="false" variableLength="false">KernelHandle</command:parameterValue> <command:parameterValue required="false" variableLength="false">ForceAccessCheck</command:parameterValue> <command:parameterValue required="false" variableLength="false">IgnoreImpersonatedDevicemap</command:parameterValue> <command:parameterValue required="false" variableLength="false">DontReparse</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: Close --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Close</maml:name> <maml:description> <maml:para>Close the object immediately and don't pass to the output. This is useful to create permanent objects without needing to close the handle manually.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: CloseRoot --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CloseRoot</maml:name> <maml:description> <maml:para>Automatically close the Root object when this cmdlet finishes processing. Useful for pipelines.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: CreateDirectories --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CreateDirectories</maml:name> <maml:description> <maml:para>Create any necessary NtDirectory objects to create the required object. Will return the created directories as well as the object in the output. The new object will be the first entry in the list. This doesn't work when opening an object or creating keys/files.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: Flags --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Flags</maml:name> <maml:description> <maml:para>Specify flags for create.</maml:para> <maml:para>Possible values: None, KillOnClose</maml:para> </maml:description> <command:parameterValue required="true">DebugObjectFlags</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.DebugObjectFlags</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">KillOnClose</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: Inherit --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Inherit</maml:name> <maml:description> <maml:para>Set to mark the new handle as inheritable. Can be used with ObjectAttributes.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: Root --> <command:parameter required="false" globbing="false" pipelineInput="true (ByValue)" position="named"> <maml:name>Root</maml:name> <maml:description> <maml:para>An existing open NT object to use when Path is relative.</maml:para> </maml:description> <command:parameterValue required="true">NtObject</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtObject</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: ScriptBlock --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ScriptBlock</maml:name> <maml:description> <maml:para>Invoke a script block on the created object before writing it to the output. Can be used in combination with the Close to map objects to some value.</maml:para> </maml:description> <command:parameterValue required="true">ScriptBlock</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.ScriptBlock</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Sddl --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Sddl</maml:name> <maml:description> <maml:para>Set to provide an explicit security descriptor to a newly created object in SDDL format.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: SecurityDescriptor --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>SecurityDescriptor</maml:name> <maml:description> <maml:para>Set to provide an explicit security descriptor to a newly created object.</maml:para> </maml:description> <command:parameterValue required="true">SecurityDescriptor</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SecurityDescriptor</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: SecurityQualityOfService --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>SecurityQualityOfService</maml:name> <maml:description> <maml:para>Set to provide an explicit security quality of service when opening files/namedpipes.</maml:para> </maml:description> <command:parameterValue required="true">SecurityQualityOfService</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SecurityQualityOfService</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Win32Path --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Win32Path</maml:name> <maml:description> <maml:para>Use a Win32 path for lookups. For NT objects this means relative to BNO, for files means a DOS style path.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <!-- Parameter: ProcessId --> <command:parameter required="true" globbing="false" pipelineInput="false" position="named" aliases="pid"> <maml:name>ProcessId</maml:name> <maml:description> <maml:para>Specify a process ID to attach to after creation.</maml:para> </maml:description> <command:parameterValue required="true">int</command:parameterValue> <dev:type> <maml:name>System.Int32</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>0</dev:defaultValue> </command:parameter> <command:parameter required="true" globbing="false" pipelineInput="false" position="named" aliases="pid"> <maml:name>pid</maml:name> <maml:description> <maml:para>Specify a process ID to attach to after creation.</maml:para> <maml:para>This is an alias of the ProcessId parameter.</maml:para> </maml:description> <command:parameterValue required="true">int</command:parameterValue> <dev:type> <maml:name>System.Int32</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>0</dev:defaultValue> </command:parameter> <!-- Parameter: Process --> <command:parameter required="true" globbing="false" pipelineInput="false" position="named"> <maml:name>Process</maml:name> <maml:description> <maml:para>Specify a process to attach to after creation.</maml:para> </maml:description> <command:parameterValue required="true">NtProcess</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtProcess</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Flags --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Flags</maml:name> <maml:description> <maml:para>Specify flags for create.</maml:para> <maml:para>Possible values: None, KillOnClose</maml:para> </maml:description> <command:parameterValue required="true">DebugObjectFlags</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.DebugObjectFlags</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">KillOnClose</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: Access --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Access</maml:name> <maml:description> <maml:para>Specify the access rights for a new handle when creating/opening an object.</maml:para> <maml:para>Possible values: ReadEvent, ProcessAssign, SetInformation, QueryInformation, GenericRead, GenericWrite, GenericExecute, GenericAll, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, MaximumAllowed, AccessSystemSecurity</maml:para> </maml:description> <command:parameterValue required="true">DebugAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.DebugAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>MaximumAllowed</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">ReadEvent</command:parameterValue> <command:parameterValue required="false" variableLength="false">ProcessAssign</command:parameterValue> <command:parameterValue required="false" variableLength="false">SetInformation</command:parameterValue> <command:parameterValue required="false" variableLength="false">QueryInformation</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> <command:parameterValue required="false" variableLength="false">AccessSystemSecurity</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: Path --> <command:parameter required="false" globbing="false" pipelineInput="false" position="0"> <maml:name>Path</maml:name> <maml:description> <maml:para>The NT object manager path to the object to use.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Root --> <command:parameter required="false" globbing="false" pipelineInput="true (ByValue)" position="named"> <maml:name>Root</maml:name> <maml:description> <maml:para>An existing open NT object to use when Path is relative.</maml:para> </maml:description> <command:parameterValue required="true">NtObject</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtObject</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Win32Path --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Win32Path</maml:name> <maml:description> <maml:para>Use a Win32 path for lookups. For NT objects this means relative to BNO, for files means a DOS style path.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: CloseRoot --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CloseRoot</maml:name> <maml:description> <maml:para>Automatically close the Root object when this cmdlet finishes processing. Useful for pipelines.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: CreateDirectories --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CreateDirectories</maml:name> <maml:description> <maml:para>Create any necessary NtDirectory objects to create the required object. Will return the created directories as well as the object in the output. The new object will be the first entry in the list. This doesn't work when opening an object or creating keys/files.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: AttributeFlags --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ObjectAttributes,AttributesFlags"> <maml:name>AttributeFlags</maml:name> <maml:description> <maml:para>Object Attribute flags used during Open/Create calls.</maml:para> <maml:para>Possible values: None, ProtectClose, Inherit, AuditObjectClose, Permanent, Exclusive, CaseInsensitive, OpenIf, OpenLink, KernelHandle, ForceAccessCheck, IgnoreImpersonatedDevicemap, DontReparse</maml:para> </maml:description> <command:parameterValue required="true">AttributeFlags</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.AttributeFlags</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>CaseInsensitive</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">ProtectClose</command:parameterValue> <command:parameterValue required="false" variableLength="false">Inherit</command:parameterValue> <command:parameterValue required="false" variableLength="false">AuditObjectClose</command:parameterValue> <command:parameterValue required="false" variableLength="false">Permanent</command:parameterValue> <command:parameterValue required="false" variableLength="false">Exclusive</command:parameterValue> <command:parameterValue required="false" variableLength="false">CaseInsensitive</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenIf</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenLink</command:parameterValue> <command:parameterValue required="false" variableLength="false">KernelHandle</command:parameterValue> <command:parameterValue required="false" variableLength="false">ForceAccessCheck</command:parameterValue> <command:parameterValue required="false" variableLength="false">IgnoreImpersonatedDevicemap</command:parameterValue> <command:parameterValue required="false" variableLength="false">DontReparse</command:parameterValue> </command:parameterValueGroup> </command:parameter> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ObjectAttributes,AttributesFlags"> <maml:name>ObjectAttributes</maml:name> <maml:description> <maml:para>Object Attribute flags used during Open/Create calls.</maml:para> <maml:para>Possible values: None, ProtectClose, Inherit, AuditObjectClose, Permanent, Exclusive, CaseInsensitive, OpenIf, OpenLink, KernelHandle, ForceAccessCheck, IgnoreImpersonatedDevicemap, DontReparse</maml:para> <maml:para>This is an alias of the AttributeFlags parameter.</maml:para> </maml:description> <command:parameterValue required="true">AttributeFlags</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.AttributeFlags</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>CaseInsensitive</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">ProtectClose</command:parameterValue> <command:parameterValue required="false" variableLength="false">Inherit</command:parameterValue> <command:parameterValue required="false" variableLength="false">AuditObjectClose</command:parameterValue> <command:parameterValue required="false" variableLength="false">Permanent</command:parameterValue> <command:parameterValue required="false" variableLength="false">Exclusive</command:parameterValue> <command:parameterValue required="false" variableLength="false">CaseInsensitive</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenIf</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenLink</command:parameterValue> <command:parameterValue required="false" variableLength="false">KernelHandle</command:parameterValue> <command:parameterValue required="false" variableLength="false">ForceAccessCheck</command:parameterValue> <command:parameterValue required="false" variableLength="false">IgnoreImpersonatedDevicemap</command:parameterValue> <command:parameterValue required="false" variableLength="false">DontReparse</command:parameterValue> </command:parameterValueGroup> </command:parameter> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ObjectAttributes,AttributesFlags"> <maml:name>AttributesFlags</maml:name> <maml:description> <maml:para>Object Attribute flags used during Open/Create calls.</maml:para> <maml:para>Possible values: None, ProtectClose, Inherit, AuditObjectClose, Permanent, Exclusive, CaseInsensitive, OpenIf, OpenLink, KernelHandle, ForceAccessCheck, IgnoreImpersonatedDevicemap, DontReparse</maml:para> <maml:para>This is an alias of the AttributeFlags parameter.</maml:para> </maml:description> <command:parameterValue required="true">AttributeFlags</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.AttributeFlags</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>CaseInsensitive</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">ProtectClose</command:parameterValue> <command:parameterValue required="false" variableLength="false">Inherit</command:parameterValue> <command:parameterValue required="false" variableLength="false">AuditObjectClose</command:parameterValue> <command:parameterValue required="false" variableLength="false">Permanent</command:parameterValue> <command:parameterValue required="false" variableLength="false">Exclusive</command:parameterValue> <command:parameterValue required="false" variableLength="false">CaseInsensitive</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenIf</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenLink</command:parameterValue> <command:parameterValue required="false" variableLength="false">KernelHandle</command:parameterValue> <command:parameterValue required="false" variableLength="false">ForceAccessCheck</command:parameterValue> <command:parameterValue required="false" variableLength="false">IgnoreImpersonatedDevicemap</command:parameterValue> <command:parameterValue required="false" variableLength="false">DontReparse</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: SecurityDescriptor --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>SecurityDescriptor</maml:name> <maml:description> <maml:para>Set to provide an explicit security descriptor to a newly created object.</maml:para> </maml:description> <command:parameterValue required="true">SecurityDescriptor</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SecurityDescriptor</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Inherit --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Inherit</maml:name> <maml:description> <maml:para>Set to mark the new handle as inheritable. Can be used with ObjectAttributes.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: Sddl --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Sddl</maml:name> <maml:description> <maml:para>Set to provide an explicit security descriptor to a newly created object in SDDL format.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: SecurityQualityOfService --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>SecurityQualityOfService</maml:name> <maml:description> <maml:para>Set to provide an explicit security quality of service when opening files/namedpipes.</maml:para> </maml:description> <command:parameterValue required="true">SecurityQualityOfService</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SecurityQualityOfService</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Close --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Close</maml:name> <maml:description> <maml:para>Close the object immediately and don't pass to the output. This is useful to create permanent objects without needing to close the handle manually.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: ScriptBlock --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ScriptBlock</maml:name> <maml:description> <maml:para>Invoke a script block on the created object before writing it to the output. Can be used in combination with the Close to map objects to some value.</maml:para> </maml:description> <command:parameterValue required="true">ScriptBlock</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.ScriptBlock</maml:name> <maml:uri /> </dev:type> </command:parameter> </command:parameters> <command:inputTypes> <command:inputType> <dev:type> <maml:name>NtApiDotNet.NtObject</maml:name> <maml:uri /> </dev:type> <maml:description> <maml:para>An existing open NT object to use when Path is relative.</maml:para> </maml:description> </command:inputType> </command:inputTypes> <command:returnValues> <!-- OutputType: NtDebug --> <command:returnValue> <dev:type> <maml:name>NtApiDotNet.NtDebug</maml:name> <maml:uri /> </dev:type> </command:returnValue> </command:returnValues> <command:examples> <command:example> <maml:title>---------- EXAMPLE 1 ----------</maml:title> <dev:code>$obj = New-NtDebug</dev:code> <dev:remarks> <maml:para>Create a new anonymous debug object.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 2 ----------</maml:title> <dev:code>$obj = New-NtDebug \BaseNamedObjects\ABC</dev:code> <dev:remarks> <maml:para>Create a new debug object with an absolute path.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 3 ----------</maml:title> <dev:code>$root = Get-NtDirectory \BaseNamedObjects $obj = New-NtDebug ABC -Root $root</dev:code> <dev:remarks> <maml:para>Create a new debug object with a relative path.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 4 ----------</maml:title> <dev:code>cd NtObject:\BaseNamedObjects $obj = New-NtDebug ABC</dev:code> <dev:remarks> <maml:para>Create a new debug object with a relative path based on the current location.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 5 ----------</maml:title> <dev:code>$obj = New-NtDebug -ProcessId 12345</dev:code> <dev:remarks> <maml:para>Create a new anonymous debug object and attach to PID 12345.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 6 ----------</maml:title> <dev:code>$obj = New-NtDebug -Process $proc</dev:code> <dev:remarks> <maml:para>Create a new anonymous debug object and attach to a process object.</maml:para> </dev:remarks> </command:example> </command:examples> <maml:relatedLinks> <maml:navigationLink> <maml:linkText>about_ManagingNtObjectLifetime</maml:linkText> </maml:navigationLink> </maml:relatedLinks> </command:command> <!-- Cmdlet: Add-NtDebugProcess --> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"> <command:details> <command:name>Add-NtDebugProcess</command:name> <command:verb>Add</command:verb> <command:noun>NtDebugProcess</command:noun> <maml:description> <maml:para>Attach a process to a debug object.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>This cmdlet attaches a process to a debug object. You can remove it again using Remove-NtDebugProcess.</maml:para> </maml:description> <command:syntax> <!-- Parameter set: AttachPid --> <command:syntaxItem> <maml:name>Add-NtDebugProcess</maml:name> <!-- Parameter: DebugObject --> <command:parameter required="true" globbing="false" pipelineInput="false" position="0"> <maml:name>DebugObject</maml:name> <maml:description> <maml:para>Specify the debug object to attach the process to.</maml:para> </maml:description> <command:parameterValue required="true">NtDebug</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtDebug</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: ProcessId --> <command:parameter required="true" globbing="false" pipelineInput="false" position="named" aliases="pid"> <maml:name>ProcessId</maml:name> <maml:description> <maml:para>Specify a process ID to attach to .</maml:para> </maml:description> <command:parameterValue required="true">int</command:parameterValue> <dev:type> <maml:name>System.Int32</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>0</dev:defaultValue> </command:parameter> </command:syntaxItem> <!-- Parameter set: AttachProcess --> <command:syntaxItem> <maml:name>Add-NtDebugProcess</maml:name> <!-- Parameter: DebugObject --> <command:parameter required="true" globbing="false" pipelineInput="false" position="0"> <maml:name>DebugObject</maml:name> <maml:description> <maml:para>Specify the debug object to attach the process to.</maml:para> </maml:description> <command:parameterValue required="true">NtDebug</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtDebug</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Process --> <command:parameter required="true" globbing="false" pipelineInput="false" position="named"> <maml:name>Process</maml:name> <maml:description> <maml:para>Specify a process to attach to.</maml:para> </maml:description> <command:parameterValue required="true">NtProcess</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtProcess</maml:name> <maml:uri /> </dev:type> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <!-- Parameter: DebugObject --> <command:parameter required="true" globbing="false" pipelineInput="false" position="0"> <maml:name>DebugObject</maml:name> <maml:description> <maml:para>Specify the debug object to attach the process to.</maml:para> </maml:description> <command:parameterValue required="true">NtDebug</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtDebug</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: ProcessId --> <command:parameter required="true" globbing="false" pipelineInput="false" position="named" aliases="pid"> <maml:name>ProcessId</maml:name> <maml:description> <maml:para>Specify a process ID to attach to .</maml:para> </maml:description> <command:parameterValue required="true">int</command:parameterValue> <dev:type> <maml:name>System.Int32</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>0</dev:defaultValue> </command:parameter> <command:parameter required="true" globbing="false" pipelineInput="false" position="named" aliases="pid"> <maml:name>pid</maml:name> <maml:description> <maml:para>Specify a process ID to attach to .</maml:para> <maml:para>This is an alias of the ProcessId parameter.</maml:para> </maml:description> <command:parameterValue required="true">int</command:parameterValue> <dev:type> <maml:name>System.Int32</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>0</dev:defaultValue> </command:parameter> <!-- Parameter: Process --> <command:parameter required="true" globbing="false" pipelineInput="false" position="named"> <maml:name>Process</maml:name> <maml:description> <maml:para>Specify a process to attach to.</maml:para> </maml:description> <command:parameterValue required="true">NtProcess</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtProcess</maml:name> <maml:uri /> </dev:type> </command:parameter> </command:parameters> <command:inputTypes /> <command:returnValues /> <command:examples> <command:example> <maml:title>---------- EXAMPLE 1 ----------</maml:title> <dev:code>Add-NtDebugProcess $dbg -ProcessId 12345</dev:code> <dev:remarks> <maml:para>Attach process 12345 to the debug object..</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 2 ----------</maml:title> <dev:code>Add-NtDebugProcess $dbg -Process $proc</dev:code> <dev:remarks> <maml:para>Attach a process object to the debug object..</maml:para> </dev:remarks> </command:example> </command:examples> </command:command> <!-- Cmdlet: Remove-NtDebugProcess --> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"> <command:details> <command:name>Remove-NtDebugProcess</command:name> <command:verb>Remove</command:verb> <command:noun>NtDebugProcess</command:noun> <maml:description> <maml:para>Detach a process from a debug object.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>This cmdlet detachs a process remove a debug object.</maml:para> </maml:description> <command:syntax> <!-- Parameter set: DetachPid --> <command:syntaxItem> <maml:name>Remove-NtDebugProcess</maml:name> <!-- Parameter: DebugObject --> <command:parameter required="true" globbing="false" pipelineInput="false" position="0"> <maml:name>DebugObject</maml:name> <maml:description> <maml:para>Specify the debug object to debug the process from.</maml:para> </maml:description> <command:parameterValue required="true">NtDebug</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtDebug</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: ProcessId --> <command:parameter required="true" globbing="false" pipelineInput="false" position="named" aliases="pid"> <maml:name>ProcessId</maml:name> <maml:description> <maml:para>Specify a process ID to detach.</maml:para> </maml:description> <command:parameterValue required="true">int</command:parameterValue> <dev:type> <maml:name>System.Int32</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>0</dev:defaultValue> </command:parameter> </command:syntaxItem> <!-- Parameter set: DetachProcess --> <command:syntaxItem> <maml:name>Remove-NtDebugProcess</maml:name> <!-- Parameter: DebugObject --> <command:parameter required="true" globbing="false" pipelineInput="false" position="0"> <maml:name>DebugObject</maml:name> <maml:description> <maml:para>Specify the debug object to debug the process from.</maml:para> </maml:description> <command:parameterValue required="true">NtDebug</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtDebug</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Process --> <command:parameter required="true" globbing="false" pipelineInput="false" position="named"> <maml:name>Process</maml:name> <maml:description> <maml:para>Specify a process to detach.</maml:para> </maml:description> <command:parameterValue required="true">NtProcess</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtProcess</maml:name> <maml:uri /> </dev:type> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <!-- Parameter: DebugObject --> <command:parameter required="true" globbing="false" pipelineInput="false" position="0"> <maml:name>DebugObject</maml:name> <maml:description> <maml:para>Specify the debug object to debug the process from.</maml:para> </maml:description> <command:parameterValue required="true">NtDebug</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtDebug</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: ProcessId --> <command:parameter required="true" globbing="false" pipelineInput="false" position="named" aliases="pid"> <maml:name>ProcessId</maml:name> <maml:description> <maml:para>Specify a process ID to detach.</maml:para> </maml:description> <command:parameterValue required="true">int</command:parameterValue> <dev:type> <maml:name>System.Int32</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>0</dev:defaultValue> </command:parameter> <command:parameter required="true" globbing="false" pipelineInput="false" position="named" aliases="pid"> <maml:name>pid</maml:name> <maml:description> <maml:para>Specify a process ID to detach.</maml:para> <maml:para>This is an alias of the ProcessId parameter.</maml:para> </maml:description> <command:parameterValue required="true">int</command:parameterValue> <dev:type> <maml:name>System.Int32</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>0</dev:defaultValue> </command:parameter> <!-- Parameter: Process --> <command:parameter required="true" globbing="false" pipelineInput="false" position="named"> <maml:name>Process</maml:name> <maml:description> <maml:para>Specify a process to detach.</maml:para> </maml:description> <command:parameterValue required="true">NtProcess</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtProcess</maml:name> <maml:uri /> </dev:type> </command:parameter> </command:parameters> <command:inputTypes /> <command:returnValues /> <command:examples> <command:example> <maml:title>---------- EXAMPLE 1 ----------</maml:title> <dev:code>Remove-NtDebugProcess $dbg -ProcessId 12345</dev:code> <dev:remarks> <maml:para>Detach process 12345 from the debug object..</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 2 ----------</maml:title> <dev:code>Remove-NtDebugProcess $dbg -Process $proc</dev:code> <dev:remarks> <maml:para>Detach process object from the debug object..</maml:para> </dev:remarks> </command:example> </command:examples> </command:command> <!-- Cmdlet: Start-NtDebugWait --> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"> <command:details> <command:name>Start-NtDebugWait</command:name> <command:verb>Start</command:verb> <command:noun>NtDebugWait</command:noun> <maml:description> <maml:para>Wait for an event on a debug object.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>This cmdlet allows you to issue a wait for on a debug object. The timeout value is a combination of all the allowed time parameters, e.g. if you specify 1 second and 1000 milliseconds it will actually wait 2 seconds in total. Specifying -Infinite overrides the time parameters and will wait indefinitely.</maml:para> </maml:description> <command:syntax> <!-- Parameter set: time --> <command:syntaxItem> <maml:name>Start-NtDebugWait</maml:name> <!-- Parameter: DebugObject --> <command:parameter required="true" globbing="false" pipelineInput="false" position="0"> <maml:name>DebugObject</maml:name> <maml:description> <maml:para>Specify the debug object to wait on.</maml:para> </maml:description> <command:parameterValue required="true">NtDebug</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtDebug</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Alertable --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Alertable</maml:name> <maml:description> <maml:para>Specify the wait should be alertable.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: ContinueEvent --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ContinueEvent</maml:name> <maml:description> <maml:para>Specify an event to continue before waiting.</maml:para> </maml:description> <command:parameterValue required="true">DebugEvent</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.DebugEvent</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: ContinueStatus --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ContinueStatus</maml:name> <maml:description> <maml:para>If continue event specified then this is the status to use.</maml:para> <maml:para>Possible values: DBG_EXCEPTION_HANDLED, DBG_CONTINUE, DBG_EXCEPTION_NOT_HANDLED, DBG_REPLY_LATER, DBG_TERMINATE_THREAD, DBG_TERMINATE_PROCESS</maml:para> </maml:description> <command:parameterValue required="true">DbgContinueStatus</command:parameterValue> <dev:type> <maml:name>NtObjectManager.Cmdlets.Object.DbgContinueStatus</maml:name> <maml:uri /> <maml:description> <maml:para>The allowed set of continue status</maml:para> </maml:description> </dev:type> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">DBG_EXCEPTION_HANDLED</command:parameterValue> <command:parameterValue required="false" variableLength="false">DBG_CONTINUE</command:parameterValue> <command:parameterValue required="false" variableLength="false">DBG_EXCEPTION_NOT_HANDLED</command:parameterValue> <command:parameterValue required="false" variableLength="false">DBG_REPLY_LATER</command:parameterValue> <command:parameterValue required="false" variableLength="false">DBG_TERMINATE_THREAD</command:parameterValue> <command:parameterValue required="false" variableLength="false">DBG_TERMINATE_PROCESS</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: Hour --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="h,Hours"> <maml:name>Hour</maml:name> <maml:description> <maml:para>Specify a wait time in hours.</maml:para> </maml:description> <command:parameterValue required="true">int</command:parameterValue> <dev:type> <maml:name>System.Int32</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>0</dev:defaultValue> </command:parameter> <!-- Parameter: MilliSecond --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ms,MilliSeconds"> <maml:name>MilliSecond</maml:name> <maml:description> <maml:para>Specify a wait time in milliseconds.</maml:para> </maml:description> <command:parameterValue required="true">long</command:parameterValue> <dev:type> <maml:name>System.Int64</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>0</dev:defaultValue> </command:parameter> <!-- Parameter: Minute --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="m,Minutes"> <maml:name>Minute</maml:name> <maml:description> <maml:para>Specify a wait time in minutes.</maml:para> </maml:description> <command:parameterValue required="true">int</command:parameterValue> <dev:type> <maml:name>System.Int32</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>0</dev:defaultValue> </command:parameter> <!-- Parameter: Second --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="s,Seconds"> <maml:name>Second</maml:name> <maml:description> <maml:para>Specify a wait time in seconds.</maml:para> </maml:description> <command:parameterValue required="true">int</command:parameterValue> <dev:type> <maml:name>System.Int32</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>0</dev:defaultValue> </command:parameter> </command:syntaxItem> <!-- Parameter set: infinite --> <command:syntaxItem> <maml:name>Start-NtDebugWait</maml:name> <!-- Parameter: DebugObject --> <command:parameter required="true" globbing="false" pipelineInput="false" position="0"> <maml:name>DebugObject</maml:name> <maml:description> <maml:para>Specify the debug object to wait on.</maml:para> </maml:description> <command:parameterValue required="true">NtDebug</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtDebug</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Alertable --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Alertable</maml:name> <maml:description> <maml:para>Specify the wait should be alertable.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: ContinueEvent --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ContinueEvent</maml:name> <maml:description> <maml:para>Specify an event to continue before waiting.</maml:para> </maml:description> <command:parameterValue required="true">DebugEvent</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.DebugEvent</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: ContinueStatus --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ContinueStatus</maml:name> <maml:description> <maml:para>If continue event specified then this is the status to use.</maml:para> <maml:para>Possible values: DBG_EXCEPTION_HANDLED, DBG_CONTINUE, DBG_EXCEPTION_NOT_HANDLED, DBG_REPLY_LATER, DBG_TERMINATE_THREAD, DBG_TERMINATE_PROCESS</maml:para> </maml:description> <command:parameterValue required="true">DbgContinueStatus</command:parameterValue> <dev:type> <maml:name>NtObjectManager.Cmdlets.Object.DbgContinueStatus</maml:name> <maml:uri /> <maml:description> <maml:para>The allowed set of continue status</maml:para> </maml:description> </dev:type> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">DBG_EXCEPTION_HANDLED</command:parameterValue> <command:parameterValue required="false" variableLength="false">DBG_CONTINUE</command:parameterValue> <command:parameterValue required="false" variableLength="false">DBG_EXCEPTION_NOT_HANDLED</command:parameterValue> <command:parameterValue required="false" variableLength="false">DBG_REPLY_LATER</command:parameterValue> <command:parameterValue required="false" variableLength="false">DBG_TERMINATE_THREAD</command:parameterValue> <command:parameterValue required="false" variableLength="false">DBG_TERMINATE_PROCESS</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: Infinite --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Infinite</maml:name> <maml:description> <maml:para>Specify an infinite wait time.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <!-- Parameter: DebugObject --> <command:parameter required="true" globbing="false" pipelineInput="false" position="0"> <maml:name>DebugObject</maml:name> <maml:description> <maml:para>Specify the debug object to wait on.</maml:para> </maml:description> <command:parameterValue required="true">NtDebug</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtDebug</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Alertable --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Alertable</maml:name> <maml:description> <maml:para>Specify the wait should be alertable.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: ContinueEvent --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ContinueEvent</maml:name> <maml:description> <maml:para>Specify an event to continue before waiting.</maml:para> </maml:description> <command:parameterValue required="true">DebugEvent</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.DebugEvent</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: ContinueStatus --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ContinueStatus</maml:name> <maml:description> <maml:para>If continue event specified then this is the status to use.</maml:para> <maml:para>Possible values: DBG_EXCEPTION_HANDLED, DBG_CONTINUE, DBG_EXCEPTION_NOT_HANDLED, DBG_REPLY_LATER, DBG_TERMINATE_THREAD, DBG_TERMINATE_PROCESS</maml:para> </maml:description> <command:parameterValue required="true">DbgContinueStatus</command:parameterValue> <dev:type> <maml:name>NtObjectManager.Cmdlets.Object.DbgContinueStatus</maml:name> <maml:uri /> <maml:description> <maml:para>The allowed set of continue status</maml:para> </maml:description> </dev:type> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">DBG_EXCEPTION_HANDLED</command:parameterValue> <command:parameterValue required="false" variableLength="false">DBG_CONTINUE</command:parameterValue> <command:parameterValue required="false" variableLength="false">DBG_EXCEPTION_NOT_HANDLED</command:parameterValue> <command:parameterValue required="false" variableLength="false">DBG_REPLY_LATER</command:parameterValue> <command:parameterValue required="false" variableLength="false">DBG_TERMINATE_THREAD</command:parameterValue> <command:parameterValue required="false" variableLength="false">DBG_TERMINATE_PROCESS</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: Second --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="s,Seconds"> <maml:name>Second</maml:name> <maml:description> <maml:para>Specify a wait time in seconds.</maml:para> </maml:description> <command:parameterValue required="true">int</command:parameterValue> <dev:type> <maml:name>System.Int32</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>0</dev:defaultValue> </command:parameter> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="s,Seconds"> <maml:name>s</maml:name> <maml:description> <maml:para>Specify a wait time in seconds.</maml:para> <maml:para>This is an alias of the Second parameter.</maml:para> </maml:description> <command:parameterValue required="true">int</command:parameterValue> <dev:type> <maml:name>System.Int32</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>0</dev:defaultValue> </command:parameter> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="s,Seconds"> <maml:name>Seconds</maml:name> <maml:description> <maml:para>Specify a wait time in seconds.</maml:para> <maml:para>This is an alias of the Second parameter.</maml:para> </maml:description> <command:parameterValue required="true">int</command:parameterValue> <dev:type> <maml:name>System.Int32</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>0</dev:defaultValue> </command:parameter> <!-- Parameter: MilliSecond --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ms,MilliSeconds"> <maml:name>MilliSecond</maml:name> <maml:description> <maml:para>Specify a wait time in milliseconds.</maml:para> </maml:description> <command:parameterValue required="true">long</command:parameterValue> <dev:type> <maml:name>System.Int64</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>0</dev:defaultValue> </command:parameter> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ms,MilliSeconds"> <maml:name>ms</maml:name> <maml:description> <maml:para>Specify a wait time in milliseconds.</maml:para> <maml:para>This is an alias of the MilliSecond parameter.</maml:para> </maml:description> <command:parameterValue required="true">long</command:parameterValue> <dev:type> <maml:name>System.Int64</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>0</dev:defaultValue> </command:parameter> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ms,MilliSeconds"> <maml:name>MilliSeconds</maml:name> <maml:description> <maml:para>Specify a wait time in milliseconds.</maml:para> <maml:para>This is an alias of the MilliSecond parameter.</maml:para> </maml:description> <command:parameterValue required="true">long</command:parameterValue> <dev:type> <maml:name>System.Int64</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>0</dev:defaultValue> </command:parameter> <!-- Parameter: Minute --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="m,Minutes"> <maml:name>Minute</maml:name> <maml:description> <maml:para>Specify a wait time in minutes.</maml:para> </maml:description> <command:parameterValue required="true">int</command:parameterValue> <dev:type> <maml:name>System.Int32</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>0</dev:defaultValue> </command:parameter> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="m,Minutes"> <maml:name>m</maml:name> <maml:description> <maml:para>Specify a wait time in minutes.</maml:para> <maml:para>This is an alias of the Minute parameter.</maml:para> </maml:description> <command:parameterValue required="true">int</command:parameterValue> <dev:type> <maml:name>System.Int32</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>0</dev:defaultValue> </command:parameter> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="m,Minutes"> <maml:name>Minutes</maml:name> <maml:description> <maml:para>Specify a wait time in minutes.</maml:para> <maml:para>This is an alias of the Minute parameter.</maml:para> </maml:description> <command:parameterValue required="true">int</command:parameterValue> <dev:type> <maml:name>System.Int32</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>0</dev:defaultValue> </command:parameter> <!-- Parameter: Hour --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="h,Hours"> <maml:name>Hour</maml:name> <maml:description> <maml:para>Specify a wait time in hours.</maml:para> </maml:description> <command:parameterValue required="true">int</command:parameterValue> <dev:type> <maml:name>System.Int32</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>0</dev:defaultValue> </command:parameter> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="h,Hours"> <maml:name>h</maml:name> <maml:description> <maml:para>Specify a wait time in hours.</maml:para> <maml:para>This is an alias of the Hour parameter.</maml:para> </maml:description> <command:parameterValue required="true">int</command:parameterValue> <dev:type> <maml:name>System.Int32</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>0</dev:defaultValue> </command:parameter> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="h,Hours"> <maml:name>Hours</maml:name> <maml:description> <maml:para>Specify a wait time in hours.</maml:para> <maml:para>This is an alias of the Hour parameter.</maml:para> </maml:description> <command:parameterValue required="true">int</command:parameterValue> <dev:type> <maml:name>System.Int32</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>0</dev:defaultValue> </command:parameter> <!-- Parameter: Infinite --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Infinite</maml:name> <maml:description> <maml:para>Specify an infinite wait time.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes /> <command:returnValues> <!-- OutputType: DebugEvent --> <command:returnValue> <dev:type> <maml:name>NtApiDotNet.DebugEvent</maml:name> <maml:uri /> </dev:type> </command:returnValue> <!-- OutputType: NtStatus --> <command:returnValue> <dev:type> <maml:name>NtApiDotNet.NtStatus</maml:name> <maml:uri /> </dev:type> </command:returnValue> </command:returnValues> <command:examples> <command:example> <maml:title>---------- EXAMPLE 1 ----------</maml:title> <dev:code>$ev = Start-NtDebugWait $dbg</dev:code> <dev:remarks> <maml:para>Check for a debug event and return immediately.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 2 ----------</maml:title> <dev:code>$ev = Start-NtDebugWait $dbg -Seconds 10</dev:code> <dev:remarks> <maml:para>Wait for 10 seconds for a debug event to be returned.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 3 ----------</maml:title> <dev:code>$ev = Start-NtDebugWait $dbg -Infinite</dev:code> <dev:remarks> <maml:para>Wait indefinitely for a debug event to be returned.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 4 ----------</maml:title> <dev:code>$ev = Start-NtDebugWait $dbg -Infinite -Alterable</dev:code> <dev:remarks> <maml:para>Wait indefinitely for a debug event to be returned in an alertable state.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 5 ----------</maml:title> <dev:code>$ev = Start-NtDebugWait $dbg -Infinite -ContinueEvent $ev</dev:code> <dev:remarks> <maml:para>Continue a previous event with an explicit continue state for the event and wait indefinitely for a debug event to be returned.</maml:para> </dev:remarks> </command:example> </command:examples> <maml:relatedLinks> <maml:navigationLink> <maml:linkText>about_ManagingNtObjectLifetime</maml:linkText> </maml:navigationLink> </maml:relatedLinks> </command:command> <!-- Cmdlet: Get-NtDesktop --> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"> <command:details> <command:name>Get-NtDesktop</command:name> <command:verb>Get</command:verb> <command:noun>NtDesktop</command:noun> <maml:description> <maml:para>Open a Desktop object by path.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>This cmdlet opens an existing Desktop object. The absolute path to the object in the NT object manager name space must be specified. It's also possible to create the object relative to an existing object by specified the -Root parameter.</maml:para> </maml:description> <command:syntax> <!-- Parameter set: FromPath --> <command:syntaxItem> <maml:name>Get-NtDesktop</maml:name> <!-- Parameter: Path --> <command:parameter required="true" globbing="false" pipelineInput="false" position="0"> <maml:name>Path</maml:name> <maml:description> <maml:para>The NT object manager path to the object to use.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Access --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Access</maml:name> <maml:description> <maml:para>Specify the access rights for a new handle when creating/opening an object.</maml:para> <maml:para>Possible values: ReadObjects, CreateWindow, CreateMenu, HookControl, JournalRecord, JournalPlayback, Enumerate, WriteObjects, SwitchDesktop, GenericRead, GenericWrite, GenericExecute, GenericAll, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, MaximumAllowed, AccessSystemSecurity</maml:para> </maml:description> <command:parameterValue required="true">DesktopAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.DesktopAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>MaximumAllowed</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">ReadObjects</command:parameterValue> <command:parameterValue required="false" variableLength="false">CreateWindow</command:parameterValue> <command:parameterValue required="false" variableLength="false">CreateMenu</command:parameterValue> <command:parameterValue required="false" variableLength="false">HookControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">JournalRecord</command:parameterValue> <command:parameterValue required="false" variableLength="false">JournalPlayback</command:parameterValue> <command:parameterValue required="false" variableLength="false">Enumerate</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteObjects</command:parameterValue> <command:parameterValue required="false" variableLength="false">SwitchDesktop</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> <command:parameterValue required="false" variableLength="false">AccessSystemSecurity</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: AttributeFlags --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ObjectAttributes,AttributesFlags"> <maml:name>AttributeFlags</maml:name> <maml:description> <maml:para>Object Attribute flags used during Open/Create calls.</maml:para> <maml:para>Possible values: None, ProtectClose, Inherit, AuditObjectClose, Permanent, Exclusive, CaseInsensitive, OpenIf, OpenLink, KernelHandle, ForceAccessCheck, IgnoreImpersonatedDevicemap, DontReparse</maml:para> </maml:description> <command:parameterValue required="true">AttributeFlags</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.AttributeFlags</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>CaseInsensitive</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">ProtectClose</command:parameterValue> <command:parameterValue required="false" variableLength="false">Inherit</command:parameterValue> <command:parameterValue required="false" variableLength="false">AuditObjectClose</command:parameterValue> <command:parameterValue required="false" variableLength="false">Permanent</command:parameterValue> <command:parameterValue required="false" variableLength="false">Exclusive</command:parameterValue> <command:parameterValue required="false" variableLength="false">CaseInsensitive</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenIf</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenLink</command:parameterValue> <command:parameterValue required="false" variableLength="false">KernelHandle</command:parameterValue> <command:parameterValue required="false" variableLength="false">ForceAccessCheck</command:parameterValue> <command:parameterValue required="false" variableLength="false">IgnoreImpersonatedDevicemap</command:parameterValue> <command:parameterValue required="false" variableLength="false">DontReparse</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: Close --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Close</maml:name> <maml:description> <maml:para>Close the object immediately and don't pass to the output. This is useful to create permanent objects without needing to close the handle manually.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: CloseRoot --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CloseRoot</maml:name> <maml:description> <maml:para>Automatically close the Root object when this cmdlet finishes processing. Useful for pipelines.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: CreateDirectories --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CreateDirectories</maml:name> <maml:description> <maml:para>Create any necessary NtDirectory objects to create the required object. Will return the created directories as well as the object in the output. The new object will be the first entry in the list. This doesn't work when opening an object or creating keys/files.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: Inherit --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Inherit</maml:name> <maml:description> <maml:para>Set to mark the new handle as inheritable. Can be used with ObjectAttributes.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: Root --> <command:parameter required="false" globbing="false" pipelineInput="true (ByValue)" position="named"> <maml:name>Root</maml:name> <maml:description> <maml:para>An existing open NT object to use when Path is relative.</maml:para> </maml:description> <command:parameterValue required="true">NtObject</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtObject</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: ScriptBlock --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ScriptBlock</maml:name> <maml:description> <maml:para>Invoke a script block on the created object before writing it to the output. Can be used in combination with the Close to map objects to some value.</maml:para> </maml:description> <command:parameterValue required="true">ScriptBlock</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.ScriptBlock</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Sddl --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Sddl</maml:name> <maml:description> <maml:para>Set to provide an explicit security descriptor to a newly created object in SDDL format.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: SecurityDescriptor --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>SecurityDescriptor</maml:name> <maml:description> <maml:para>Set to provide an explicit security descriptor to a newly created object.</maml:para> </maml:description> <command:parameterValue required="true">SecurityDescriptor</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SecurityDescriptor</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: SecurityQualityOfService --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>SecurityQualityOfService</maml:name> <maml:description> <maml:para>Set to provide an explicit security quality of service when opening files/namedpipes.</maml:para> </maml:description> <command:parameterValue required="true">SecurityQualityOfService</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SecurityQualityOfService</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Win32Path --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Win32Path</maml:name> <maml:description> <maml:para>Use a Win32 path for lookups. For NT objects this means relative to BNO, for files means a DOS style path.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> </command:syntaxItem> <!-- Parameter set: FromCurrent --> <command:syntaxItem> <maml:name>Get-NtDesktop</maml:name> <!-- Parameter: Path --> <command:parameter required="false" globbing="false" pipelineInput="false" position="0"> <maml:name>Path</maml:name> <maml:description> <maml:para>The NT object manager path to the object to use.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Current --> <command:parameter required="true" globbing="false" pipelineInput="false" position="named"> <maml:name>Current</maml:name> <maml:description> <maml:para>The current Desktop.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: Access --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Access</maml:name> <maml:description> <maml:para>Specify the access rights for a new handle when creating/opening an object.</maml:para> <maml:para>Possible values: ReadObjects, CreateWindow, CreateMenu, HookControl, JournalRecord, JournalPlayback, Enumerate, WriteObjects, SwitchDesktop, GenericRead, GenericWrite, GenericExecute, GenericAll, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, MaximumAllowed, AccessSystemSecurity</maml:para> </maml:description> <command:parameterValue required="true">DesktopAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.DesktopAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>MaximumAllowed</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">ReadObjects</command:parameterValue> <command:parameterValue required="false" variableLength="false">CreateWindow</command:parameterValue> <command:parameterValue required="false" variableLength="false">CreateMenu</command:parameterValue> <command:parameterValue required="false" variableLength="false">HookControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">JournalRecord</command:parameterValue> <command:parameterValue required="false" variableLength="false">JournalPlayback</command:parameterValue> <command:parameterValue required="false" variableLength="false">Enumerate</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteObjects</command:parameterValue> <command:parameterValue required="false" variableLength="false">SwitchDesktop</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> <command:parameterValue required="false" variableLength="false">AccessSystemSecurity</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: AttributeFlags --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ObjectAttributes,AttributesFlags"> <maml:name>AttributeFlags</maml:name> <maml:description> <maml:para>Object Attribute flags used during Open/Create calls.</maml:para> <maml:para>Possible values: None, ProtectClose, Inherit, AuditObjectClose, Permanent, Exclusive, CaseInsensitive, OpenIf, OpenLink, KernelHandle, ForceAccessCheck, IgnoreImpersonatedDevicemap, DontReparse</maml:para> </maml:description> <command:parameterValue required="true">AttributeFlags</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.AttributeFlags</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>CaseInsensitive</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">ProtectClose</command:parameterValue> <command:parameterValue required="false" variableLength="false">Inherit</command:parameterValue> <command:parameterValue required="false" variableLength="false">AuditObjectClose</command:parameterValue> <command:parameterValue required="false" variableLength="false">Permanent</command:parameterValue> <command:parameterValue required="false" variableLength="false">Exclusive</command:parameterValue> <command:parameterValue required="false" variableLength="false">CaseInsensitive</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenIf</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenLink</command:parameterValue> <command:parameterValue required="false" variableLength="false">KernelHandle</command:parameterValue> <command:parameterValue required="false" variableLength="false">ForceAccessCheck</command:parameterValue> <command:parameterValue required="false" variableLength="false">IgnoreImpersonatedDevicemap</command:parameterValue> <command:parameterValue required="false" variableLength="false">DontReparse</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: Close --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Close</maml:name> <maml:description> <maml:para>Close the object immediately and don't pass to the output. This is useful to create permanent objects without needing to close the handle manually.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: CloseRoot --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CloseRoot</maml:name> <maml:description> <maml:para>Automatically close the Root object when this cmdlet finishes processing. Useful for pipelines.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: CreateDirectories --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CreateDirectories</maml:name> <maml:description> <maml:para>Create any necessary NtDirectory objects to create the required object. Will return the created directories as well as the object in the output. The new object will be the first entry in the list. This doesn't work when opening an object or creating keys/files.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: Inherit --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Inherit</maml:name> <maml:description> <maml:para>Set to mark the new handle as inheritable. Can be used with ObjectAttributes.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: Root --> <command:parameter required="false" globbing="false" pipelineInput="true (ByValue)" position="named"> <maml:name>Root</maml:name> <maml:description> <maml:para>An existing open NT object to use when Path is relative.</maml:para> </maml:description> <command:parameterValue required="true">NtObject</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtObject</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: ScriptBlock --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ScriptBlock</maml:name> <maml:description> <maml:para>Invoke a script block on the created object before writing it to the output. Can be used in combination with the Close to map objects to some value.</maml:para> </maml:description> <command:parameterValue required="true">ScriptBlock</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.ScriptBlock</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Sddl --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Sddl</maml:name> <maml:description> <maml:para>Set to provide an explicit security descriptor to a newly created object in SDDL format.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: SecurityDescriptor --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>SecurityDescriptor</maml:name> <maml:description> <maml:para>Set to provide an explicit security descriptor to a newly created object.</maml:para> </maml:description> <command:parameterValue required="true">SecurityDescriptor</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SecurityDescriptor</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: SecurityQualityOfService --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>SecurityQualityOfService</maml:name> <maml:description> <maml:para>Set to provide an explicit security quality of service when opening files/namedpipes.</maml:para> </maml:description> <command:parameterValue required="true">SecurityQualityOfService</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SecurityQualityOfService</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Win32Path --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Win32Path</maml:name> <maml:description> <maml:para>Use a Win32 path for lookups. For NT objects this means relative to BNO, for files means a DOS style path.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <!-- Parameter: Path --> <command:parameter required="true" globbing="false" pipelineInput="false" position="0"> <maml:name>Path</maml:name> <maml:description> <maml:para>The NT object manager path to the object to use.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Current --> <command:parameter required="true" globbing="false" pipelineInput="false" position="named"> <maml:name>Current</maml:name> <maml:description> <maml:para>The current Desktop.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: Access --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Access</maml:name> <maml:description> <maml:para>Specify the access rights for a new handle when creating/opening an object.</maml:para> <maml:para>Possible values: ReadObjects, CreateWindow, CreateMenu, HookControl, JournalRecord, JournalPlayback, Enumerate, WriteObjects, SwitchDesktop, GenericRead, GenericWrite, GenericExecute, GenericAll, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, MaximumAllowed, AccessSystemSecurity</maml:para> </maml:description> <command:parameterValue required="true">DesktopAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.DesktopAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>MaximumAllowed</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">ReadObjects</command:parameterValue> <command:parameterValue required="false" variableLength="false">CreateWindow</command:parameterValue> <command:parameterValue required="false" variableLength="false">CreateMenu</command:parameterValue> <command:parameterValue required="false" variableLength="false">HookControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">JournalRecord</command:parameterValue> <command:parameterValue required="false" variableLength="false">JournalPlayback</command:parameterValue> <command:parameterValue required="false" variableLength="false">Enumerate</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteObjects</command:parameterValue> <command:parameterValue required="false" variableLength="false">SwitchDesktop</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> <command:parameterValue required="false" variableLength="false">AccessSystemSecurity</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: Root --> <command:parameter required="false" globbing="false" pipelineInput="true (ByValue)" position="named"> <maml:name>Root</maml:name> <maml:description> <maml:para>An existing open NT object to use when Path is relative.</maml:para> </maml:description> <command:parameterValue required="true">NtObject</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtObject</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Win32Path --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Win32Path</maml:name> <maml:description> <maml:para>Use a Win32 path for lookups. For NT objects this means relative to BNO, for files means a DOS style path.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: CloseRoot --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CloseRoot</maml:name> <maml:description> <maml:para>Automatically close the Root object when this cmdlet finishes processing. Useful for pipelines.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: CreateDirectories --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CreateDirectories</maml:name> <maml:description> <maml:para>Create any necessary NtDirectory objects to create the required object. Will return the created directories as well as the object in the output. The new object will be the first entry in the list. This doesn't work when opening an object or creating keys/files.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: AttributeFlags --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ObjectAttributes,AttributesFlags"> <maml:name>AttributeFlags</maml:name> <maml:description> <maml:para>Object Attribute flags used during Open/Create calls.</maml:para> <maml:para>Possible values: None, ProtectClose, Inherit, AuditObjectClose, Permanent, Exclusive, CaseInsensitive, OpenIf, OpenLink, KernelHandle, ForceAccessCheck, IgnoreImpersonatedDevicemap, DontReparse</maml:para> </maml:description> <command:parameterValue required="true">AttributeFlags</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.AttributeFlags</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>CaseInsensitive</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">ProtectClose</command:parameterValue> <command:parameterValue required="false" variableLength="false">Inherit</command:parameterValue> <command:parameterValue required="false" variableLength="false">AuditObjectClose</command:parameterValue> <command:parameterValue required="false" variableLength="false">Permanent</command:parameterValue> <command:parameterValue required="false" variableLength="false">Exclusive</command:parameterValue> <command:parameterValue required="false" variableLength="false">CaseInsensitive</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenIf</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenLink</command:parameterValue> <command:parameterValue required="false" variableLength="false">KernelHandle</command:parameterValue> <command:parameterValue required="false" variableLength="false">ForceAccessCheck</command:parameterValue> <command:parameterValue required="false" variableLength="false">IgnoreImpersonatedDevicemap</command:parameterValue> <command:parameterValue required="false" variableLength="false">DontReparse</command:parameterValue> </command:parameterValueGroup> </command:parameter> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ObjectAttributes,AttributesFlags"> <maml:name>ObjectAttributes</maml:name> <maml:description> <maml:para>Object Attribute flags used during Open/Create calls.</maml:para> <maml:para>Possible values: None, ProtectClose, Inherit, AuditObjectClose, Permanent, Exclusive, CaseInsensitive, OpenIf, OpenLink, KernelHandle, ForceAccessCheck, IgnoreImpersonatedDevicemap, DontReparse</maml:para> <maml:para>This is an alias of the AttributeFlags parameter.</maml:para> </maml:description> <command:parameterValue required="true">AttributeFlags</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.AttributeFlags</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>CaseInsensitive</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">ProtectClose</command:parameterValue> <command:parameterValue required="false" variableLength="false">Inherit</command:parameterValue> <command:parameterValue required="false" variableLength="false">AuditObjectClose</command:parameterValue> <command:parameterValue required="false" variableLength="false">Permanent</command:parameterValue> <command:parameterValue required="false" variableLength="false">Exclusive</command:parameterValue> <command:parameterValue required="false" variableLength="false">CaseInsensitive</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenIf</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenLink</command:parameterValue> <command:parameterValue required="false" variableLength="false">KernelHandle</command:parameterValue> <command:parameterValue required="false" variableLength="false">ForceAccessCheck</command:parameterValue> <command:parameterValue required="false" variableLength="false">IgnoreImpersonatedDevicemap</command:parameterValue> <command:parameterValue required="false" variableLength="false">DontReparse</command:parameterValue> </command:parameterValueGroup> </command:parameter> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ObjectAttributes,AttributesFlags"> <maml:name>AttributesFlags</maml:name> <maml:description> <maml:para>Object Attribute flags used during Open/Create calls.</maml:para> <maml:para>Possible values: None, ProtectClose, Inherit, AuditObjectClose, Permanent, Exclusive, CaseInsensitive, OpenIf, OpenLink, KernelHandle, ForceAccessCheck, IgnoreImpersonatedDevicemap, DontReparse</maml:para> <maml:para>This is an alias of the AttributeFlags parameter.</maml:para> </maml:description> <command:parameterValue required="true">AttributeFlags</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.AttributeFlags</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>CaseInsensitive</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">ProtectClose</command:parameterValue> <command:parameterValue required="false" variableLength="false">Inherit</command:parameterValue> <command:parameterValue required="false" variableLength="false">AuditObjectClose</command:parameterValue> <command:parameterValue required="false" variableLength="false">Permanent</command:parameterValue> <command:parameterValue required="false" variableLength="false">Exclusive</command:parameterValue> <command:parameterValue required="false" variableLength="false">CaseInsensitive</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenIf</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenLink</command:parameterValue> <command:parameterValue required="false" variableLength="false">KernelHandle</command:parameterValue> <command:parameterValue required="false" variableLength="false">ForceAccessCheck</command:parameterValue> <command:parameterValue required="false" variableLength="false">IgnoreImpersonatedDevicemap</command:parameterValue> <command:parameterValue required="false" variableLength="false">DontReparse</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: SecurityDescriptor --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>SecurityDescriptor</maml:name> <maml:description> <maml:para>Set to provide an explicit security descriptor to a newly created object.</maml:para> </maml:description> <command:parameterValue required="true">SecurityDescriptor</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SecurityDescriptor</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Inherit --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Inherit</maml:name> <maml:description> <maml:para>Set to mark the new handle as inheritable. Can be used with ObjectAttributes.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: Sddl --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Sddl</maml:name> <maml:description> <maml:para>Set to provide an explicit security descriptor to a newly created object in SDDL format.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: SecurityQualityOfService --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>SecurityQualityOfService</maml:name> <maml:description> <maml:para>Set to provide an explicit security quality of service when opening files/namedpipes.</maml:para> </maml:description> <command:parameterValue required="true">SecurityQualityOfService</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SecurityQualityOfService</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Close --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Close</maml:name> <maml:description> <maml:para>Close the object immediately and don't pass to the output. This is useful to create permanent objects without needing to close the handle manually.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: ScriptBlock --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ScriptBlock</maml:name> <maml:description> <maml:para>Invoke a script block on the created object before writing it to the output. Can be used in combination with the Close to map objects to some value.</maml:para> </maml:description> <command:parameterValue required="true">ScriptBlock</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.ScriptBlock</maml:name> <maml:uri /> </dev:type> </command:parameter> </command:parameters> <command:inputTypes> <command:inputType> <dev:type> <maml:name>NtApiDotNet.NtObject</maml:name> <maml:uri /> </dev:type> <maml:description> <maml:para>An existing open NT object to use when Path is relative.</maml:para> </maml:description> </command:inputType> </command:inputTypes> <command:returnValues> <!-- OutputType: NtDesktop --> <command:returnValue> <dev:type> <maml:name>NtApiDotNet.NtDesktop</maml:name> <maml:uri /> </dev:type> </command:returnValue> </command:returnValues> <command:examples> <command:example> <maml:title>---------- EXAMPLE 1 ----------</maml:title> <dev:code>$obj = Get-NtDesktop</dev:code> <dev:remarks> <maml:para>Get all accessible Desktops.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 2 ----------</maml:title> <dev:code>$obj = Get-NtDesktop \Windows\WindowStations\WinSta0\Default</dev:code> <dev:remarks> <maml:para>Get an desktop object with an absolute path.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 3 ----------</maml:title> <dev:code>$winsta = Get-NtWindowStation -Current $obj = Get-NtDesktop ABC -Root $root</dev:code> <dev:remarks> <maml:para>Get an Desktop object with a relative path.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 4 ----------</maml:title> <dev:code>$obj = Get-NtDesktop -Path Default -Win32Path</dev:code> <dev:remarks> <maml:para>Get the Default Desktop object in current Window Station.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 5 ----------</maml:title> <dev:code>$obj = Get-NtDesktop -Path blah\Default -Win32Path</dev:code> <dev:remarks> <maml:para>Get the Default Desktop object in blah Window Station.</maml:para> </dev:remarks> </command:example> </command:examples> <maml:relatedLinks> <maml:navigationLink> <maml:linkText>about_ManagingNtObjectLifetime</maml:linkText> </maml:navigationLink> </maml:relatedLinks> </command:command> <!-- Cmdlet: New-NtDesktop --> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"> <command:details> <command:name>New-NtDesktop</command:name> <command:verb>New</command:verb> <command:noun>NtDesktop</command:noun> <maml:description> <maml:para>Creates a Desktop object by path.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>This cmdlet creates a new Desktop object. The absolute path to the object in the NT object manager name space must be specified. It's also possible to create the object relative to an existing object by specified the -Root parameter.</maml:para> </maml:description> <command:syntax> <!-- Parameter set: __AllParameterSets --> <command:syntaxItem> <maml:name>New-NtDesktop</maml:name> <!-- Parameter: Path --> <command:parameter required="true" globbing="false" pipelineInput="false" position="0"> <maml:name>Path</maml:name> <maml:description> <maml:para>The NT object manager path to the object to use.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Access --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Access</maml:name> <maml:description> <maml:para>Specify the access rights for a new handle when creating/opening an object.</maml:para> <maml:para>Possible values: ReadObjects, CreateWindow, CreateMenu, HookControl, JournalRecord, JournalPlayback, Enumerate, WriteObjects, SwitchDesktop, GenericRead, GenericWrite, GenericExecute, GenericAll, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, MaximumAllowed, AccessSystemSecurity</maml:para> </maml:description> <command:parameterValue required="true">DesktopAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.DesktopAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>MaximumAllowed</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">ReadObjects</command:parameterValue> <command:parameterValue required="false" variableLength="false">CreateWindow</command:parameterValue> <command:parameterValue required="false" variableLength="false">CreateMenu</command:parameterValue> <command:parameterValue required="false" variableLength="false">HookControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">JournalRecord</command:parameterValue> <command:parameterValue required="false" variableLength="false">JournalPlayback</command:parameterValue> <command:parameterValue required="false" variableLength="false">Enumerate</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteObjects</command:parameterValue> <command:parameterValue required="false" variableLength="false">SwitchDesktop</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> <command:parameterValue required="false" variableLength="false">AccessSystemSecurity</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: AttributeFlags --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ObjectAttributes,AttributesFlags"> <maml:name>AttributeFlags</maml:name> <maml:description> <maml:para>Object Attribute flags used during Open/Create calls.</maml:para> <maml:para>Possible values: None, ProtectClose, Inherit, AuditObjectClose, Permanent, Exclusive, CaseInsensitive, OpenIf, OpenLink, KernelHandle, ForceAccessCheck, IgnoreImpersonatedDevicemap, DontReparse</maml:para> </maml:description> <command:parameterValue required="true">AttributeFlags</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.AttributeFlags</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>CaseInsensitive</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">ProtectClose</command:parameterValue> <command:parameterValue required="false" variableLength="false">Inherit</command:parameterValue> <command:parameterValue required="false" variableLength="false">AuditObjectClose</command:parameterValue> <command:parameterValue required="false" variableLength="false">Permanent</command:parameterValue> <command:parameterValue required="false" variableLength="false">Exclusive</command:parameterValue> <command:parameterValue required="false" variableLength="false">CaseInsensitive</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenIf</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenLink</command:parameterValue> <command:parameterValue required="false" variableLength="false">KernelHandle</command:parameterValue> <command:parameterValue required="false" variableLength="false">ForceAccessCheck</command:parameterValue> <command:parameterValue required="false" variableLength="false">IgnoreImpersonatedDevicemap</command:parameterValue> <command:parameterValue required="false" variableLength="false">DontReparse</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: Close --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Close</maml:name> <maml:description> <maml:para>Close the object immediately and don't pass to the output. This is useful to create permanent objects without needing to close the handle manually.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: CloseRoot --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CloseRoot</maml:name> <maml:description> <maml:para>Automatically close the Root object when this cmdlet finishes processing. Useful for pipelines.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: CreateDirectories --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CreateDirectories</maml:name> <maml:description> <maml:para>Create any necessary NtDirectory objects to create the required object. Will return the created directories as well as the object in the output. The new object will be the first entry in the list. This doesn't work when opening an object or creating keys/files.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: Device --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Device</maml:name> <maml:description> <maml:para>The device for the desktop.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: DeviceMode --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>DeviceMode</maml:name> <maml:description> <maml:para>The device mode for the desktop.</maml:para> </maml:description> <command:parameterValue required="true">DEVMODE</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.DEVMODE</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Flags --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Flags</maml:name> <maml:description> <maml:para>The flags for the desktop.</maml:para> <maml:para>Possible values: None, AllowOtherAccountHook</maml:para> </maml:description> <command:parameterValue required="true">CreateDesktopFlags</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.CreateDesktopFlags</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">AllowOtherAccountHook</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: HeapSize --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>HeapSize</maml:name> <maml:description> <maml:para>The heap size for the desktop.</maml:para> </maml:description> <command:parameterValue required="true">int</command:parameterValue> <dev:type> <maml:name>System.Int32</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>0</dev:defaultValue> </command:parameter> <!-- Parameter: Inherit --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Inherit</maml:name> <maml:description> <maml:para>Set to mark the new handle as inheritable. Can be used with ObjectAttributes.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: Root --> <command:parameter required="false" globbing="false" pipelineInput="true (ByValue)" position="named"> <maml:name>Root</maml:name> <maml:description> <maml:para>An existing open NT object to use when Path is relative.</maml:para> </maml:description> <command:parameterValue required="true">NtObject</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtObject</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: ScriptBlock --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ScriptBlock</maml:name> <maml:description> <maml:para>Invoke a script block on the created object before writing it to the output. Can be used in combination with the Close to map objects to some value.</maml:para> </maml:description> <command:parameterValue required="true">ScriptBlock</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.ScriptBlock</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Sddl --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Sddl</maml:name> <maml:description> <maml:para>Set to provide an explicit security descriptor to a newly created object in SDDL format.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: SecurityDescriptor --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>SecurityDescriptor</maml:name> <maml:description> <maml:para>Set to provide an explicit security descriptor to a newly created object.</maml:para> </maml:description> <command:parameterValue required="true">SecurityDescriptor</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SecurityDescriptor</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: SecurityQualityOfService --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>SecurityQualityOfService</maml:name> <maml:description> <maml:para>Set to provide an explicit security quality of service when opening files/namedpipes.</maml:para> </maml:description> <command:parameterValue required="true">SecurityQualityOfService</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SecurityQualityOfService</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Win32Path --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Win32Path</maml:name> <maml:description> <maml:para>Use a Win32 path for lookups. For NT objects this means relative to BNO, for files means a DOS style path.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <!-- Parameter: Path --> <command:parameter required="true" globbing="false" pipelineInput="false" position="0"> <maml:name>Path</maml:name> <maml:description> <maml:para>The NT object manager path to the object to use.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Device --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Device</maml:name> <maml:description> <maml:para>The device for the desktop.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: DeviceMode --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>DeviceMode</maml:name> <maml:description> <maml:para>The device mode for the desktop.</maml:para> </maml:description> <command:parameterValue required="true">DEVMODE</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.DEVMODE</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Flags --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Flags</maml:name> <maml:description> <maml:para>The flags for the desktop.</maml:para> <maml:para>Possible values: None, AllowOtherAccountHook</maml:para> </maml:description> <command:parameterValue required="true">CreateDesktopFlags</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.CreateDesktopFlags</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">AllowOtherAccountHook</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: HeapSize --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>HeapSize</maml:name> <maml:description> <maml:para>The heap size for the desktop.</maml:para> </maml:description> <command:parameterValue required="true">int</command:parameterValue> <dev:type> <maml:name>System.Int32</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>0</dev:defaultValue> </command:parameter> <!-- Parameter: Access --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Access</maml:name> <maml:description> <maml:para>Specify the access rights for a new handle when creating/opening an object.</maml:para> <maml:para>Possible values: ReadObjects, CreateWindow, CreateMenu, HookControl, JournalRecord, JournalPlayback, Enumerate, WriteObjects, SwitchDesktop, GenericRead, GenericWrite, GenericExecute, GenericAll, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, MaximumAllowed, AccessSystemSecurity</maml:para> </maml:description> <command:parameterValue required="true">DesktopAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.DesktopAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>MaximumAllowed</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">ReadObjects</command:parameterValue> <command:parameterValue required="false" variableLength="false">CreateWindow</command:parameterValue> <command:parameterValue required="false" variableLength="false">CreateMenu</command:parameterValue> <command:parameterValue required="false" variableLength="false">HookControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">JournalRecord</command:parameterValue> <command:parameterValue required="false" variableLength="false">JournalPlayback</command:parameterValue> <command:parameterValue required="false" variableLength="false">Enumerate</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteObjects</command:parameterValue> <command:parameterValue required="false" variableLength="false">SwitchDesktop</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> <command:parameterValue required="false" variableLength="false">AccessSystemSecurity</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: Root --> <command:parameter required="false" globbing="false" pipelineInput="true (ByValue)" position="named"> <maml:name>Root</maml:name> <maml:description> <maml:para>An existing open NT object to use when Path is relative.</maml:para> </maml:description> <command:parameterValue required="true">NtObject</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtObject</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Win32Path --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Win32Path</maml:name> <maml:description> <maml:para>Use a Win32 path for lookups. For NT objects this means relative to BNO, for files means a DOS style path.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: CloseRoot --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CloseRoot</maml:name> <maml:description> <maml:para>Automatically close the Root object when this cmdlet finishes processing. Useful for pipelines.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: CreateDirectories --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CreateDirectories</maml:name> <maml:description> <maml:para>Create any necessary NtDirectory objects to create the required object. Will return the created directories as well as the object in the output. The new object will be the first entry in the list. This doesn't work when opening an object or creating keys/files.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: AttributeFlags --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ObjectAttributes,AttributesFlags"> <maml:name>AttributeFlags</maml:name> <maml:description> <maml:para>Object Attribute flags used during Open/Create calls.</maml:para> <maml:para>Possible values: None, ProtectClose, Inherit, AuditObjectClose, Permanent, Exclusive, CaseInsensitive, OpenIf, OpenLink, KernelHandle, ForceAccessCheck, IgnoreImpersonatedDevicemap, DontReparse</maml:para> </maml:description> <command:parameterValue required="true">AttributeFlags</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.AttributeFlags</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>CaseInsensitive</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">ProtectClose</command:parameterValue> <command:parameterValue required="false" variableLength="false">Inherit</command:parameterValue> <command:parameterValue required="false" variableLength="false">AuditObjectClose</command:parameterValue> <command:parameterValue required="false" variableLength="false">Permanent</command:parameterValue> <command:parameterValue required="false" variableLength="false">Exclusive</command:parameterValue> <command:parameterValue required="false" variableLength="false">CaseInsensitive</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenIf</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenLink</command:parameterValue> <command:parameterValue required="false" variableLength="false">KernelHandle</command:parameterValue> <command:parameterValue required="false" variableLength="false">ForceAccessCheck</command:parameterValue> <command:parameterValue required="false" variableLength="false">IgnoreImpersonatedDevicemap</command:parameterValue> <command:parameterValue required="false" variableLength="false">DontReparse</command:parameterValue> </command:parameterValueGroup> </command:parameter> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ObjectAttributes,AttributesFlags"> <maml:name>ObjectAttributes</maml:name> <maml:description> <maml:para>Object Attribute flags used during Open/Create calls.</maml:para> <maml:para>Possible values: None, ProtectClose, Inherit, AuditObjectClose, Permanent, Exclusive, CaseInsensitive, OpenIf, OpenLink, KernelHandle, ForceAccessCheck, IgnoreImpersonatedDevicemap, DontReparse</maml:para> <maml:para>This is an alias of the AttributeFlags parameter.</maml:para> </maml:description> <command:parameterValue required="true">AttributeFlags</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.AttributeFlags</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>CaseInsensitive</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">ProtectClose</command:parameterValue> <command:parameterValue required="false" variableLength="false">Inherit</command:parameterValue> <command:parameterValue required="false" variableLength="false">AuditObjectClose</command:parameterValue> <command:parameterValue required="false" variableLength="false">Permanent</command:parameterValue> <command:parameterValue required="false" variableLength="false">Exclusive</command:parameterValue> <command:parameterValue required="false" variableLength="false">CaseInsensitive</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenIf</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenLink</command:parameterValue> <command:parameterValue required="false" variableLength="false">KernelHandle</command:parameterValue> <command:parameterValue required="false" variableLength="false">ForceAccessCheck</command:parameterValue> <command:parameterValue required="false" variableLength="false">IgnoreImpersonatedDevicemap</command:parameterValue> <command:parameterValue required="false" variableLength="false">DontReparse</command:parameterValue> </command:parameterValueGroup> </command:parameter> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ObjectAttributes,AttributesFlags"> <maml:name>AttributesFlags</maml:name> <maml:description> <maml:para>Object Attribute flags used during Open/Create calls.</maml:para> <maml:para>Possible values: None, ProtectClose, Inherit, AuditObjectClose, Permanent, Exclusive, CaseInsensitive, OpenIf, OpenLink, KernelHandle, ForceAccessCheck, IgnoreImpersonatedDevicemap, DontReparse</maml:para> <maml:para>This is an alias of the AttributeFlags parameter.</maml:para> </maml:description> <command:parameterValue required="true">AttributeFlags</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.AttributeFlags</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>CaseInsensitive</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">ProtectClose</command:parameterValue> <command:parameterValue required="false" variableLength="false">Inherit</command:parameterValue> <command:parameterValue required="false" variableLength="false">AuditObjectClose</command:parameterValue> <command:parameterValue required="false" variableLength="false">Permanent</command:parameterValue> <command:parameterValue required="false" variableLength="false">Exclusive</command:parameterValue> <command:parameterValue required="false" variableLength="false">CaseInsensitive</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenIf</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenLink</command:parameterValue> <command:parameterValue required="false" variableLength="false">KernelHandle</command:parameterValue> <command:parameterValue required="false" variableLength="false">ForceAccessCheck</command:parameterValue> <command:parameterValue required="false" variableLength="false">IgnoreImpersonatedDevicemap</command:parameterValue> <command:parameterValue required="false" variableLength="false">DontReparse</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: SecurityDescriptor --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>SecurityDescriptor</maml:name> <maml:description> <maml:para>Set to provide an explicit security descriptor to a newly created object.</maml:para> </maml:description> <command:parameterValue required="true">SecurityDescriptor</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SecurityDescriptor</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Inherit --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Inherit</maml:name> <maml:description> <maml:para>Set to mark the new handle as inheritable. Can be used with ObjectAttributes.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: Sddl --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Sddl</maml:name> <maml:description> <maml:para>Set to provide an explicit security descriptor to a newly created object in SDDL format.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: SecurityQualityOfService --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>SecurityQualityOfService</maml:name> <maml:description> <maml:para>Set to provide an explicit security quality of service when opening files/namedpipes.</maml:para> </maml:description> <command:parameterValue required="true">SecurityQualityOfService</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SecurityQualityOfService</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Close --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Close</maml:name> <maml:description> <maml:para>Close the object immediately and don't pass to the output. This is useful to create permanent objects without needing to close the handle manually.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: ScriptBlock --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ScriptBlock</maml:name> <maml:description> <maml:para>Invoke a script block on the created object before writing it to the output. Can be used in combination with the Close to map objects to some value.</maml:para> </maml:description> <command:parameterValue required="true">ScriptBlock</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.ScriptBlock</maml:name> <maml:uri /> </dev:type> </command:parameter> </command:parameters> <command:inputTypes> <command:inputType> <dev:type> <maml:name>NtApiDotNet.NtObject</maml:name> <maml:uri /> </dev:type> <maml:description> <maml:para>An existing open NT object to use when Path is relative.</maml:para> </maml:description> </command:inputType> </command:inputTypes> <command:returnValues> <!-- OutputType: NtDesktop --> <command:returnValue> <dev:type> <maml:name>NtApiDotNet.NtDesktop</maml:name> <maml:uri /> </dev:type> </command:returnValue> </command:returnValues> <command:examples> <command:example> <maml:title>---------- EXAMPLE 1 ----------</maml:title> <dev:code>$obj = New-NtDesktop \Windows\WindowStations\WinSta0\ABC</dev:code> <dev:remarks> <maml:para>Create a Desktop object with an absolute path.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 2 ----------</maml:title> <dev:code>$root = Get-NtNtWindowStation \Windows\WindowStations\WinSta0 $obj = New-NtDesktop ABC -Root $root</dev:code> <dev:remarks> <maml:para>Create a desktop object with a relative path.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 3 ----------</maml:title> <dev:code>$obj = New-NtDesktop -Path ABC -Win32Path</dev:code> <dev:remarks> <maml:para>Create a desktop object from Win32 path in current Window Station.</maml:para> </dev:remarks> </command:example> </command:examples> <maml:relatedLinks> <maml:navigationLink> <maml:linkText>about_ManagingNtObjectLifetime</maml:linkText> </maml:navigationLink> </maml:relatedLinks> </command:command> <!-- Cmdlet: Get-NtDirectory --> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"> <command:details> <command:name>Get-NtDirectory</command:name> <command:verb>Get</command:verb> <command:noun>NtDirectory</command:noun> <maml:description> <maml:para>Open a NT object directory.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>This cmdlet opens an existing NT object directory. It's possible to open a directory by its NT path, such as \Some\Path or it can also open a private namespace which isn't represented by an accessible NT path but instead uses a boundary descriptor.</maml:para> </maml:description> <command:syntax> <!-- Parameter set: __AllParameterSets --> <command:syntaxItem> <maml:name>Get-NtDirectory</maml:name> <!-- Parameter: Path --> <command:parameter required="false" globbing="false" pipelineInput="false" position="0"> <maml:name>Path</maml:name> <maml:description> <maml:para>The NT object manager path to the object to use.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Access --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Access</maml:name> <maml:description> <maml:para>Specify the access rights for a new handle when creating/opening an object.</maml:para> <maml:para>Possible values: Query, Traverse, CreateObject, CreateSubDirectory, GenericRead, GenericWrite, GenericExecute, GenericAll, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, MaximumAllowed, AccessSystemSecurity</maml:para> </maml:description> <command:parameterValue required="true">DirectoryAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.DirectoryAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>MaximumAllowed</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">Query</command:parameterValue> <command:parameterValue required="false" variableLength="false">Traverse</command:parameterValue> <command:parameterValue required="false" variableLength="false">CreateObject</command:parameterValue> <command:parameterValue required="false" variableLength="false">CreateSubDirectory</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> <command:parameterValue required="false" variableLength="false">AccessSystemSecurity</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: AttributeFlags --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ObjectAttributes,AttributesFlags"> <maml:name>AttributeFlags</maml:name> <maml:description> <maml:para>Object Attribute flags used during Open/Create calls.</maml:para> <maml:para>Possible values: None, ProtectClose, Inherit, AuditObjectClose, Permanent, Exclusive, CaseInsensitive, OpenIf, OpenLink, KernelHandle, ForceAccessCheck, IgnoreImpersonatedDevicemap, DontReparse</maml:para> </maml:description> <command:parameterValue required="true">AttributeFlags</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.AttributeFlags</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>CaseInsensitive</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">ProtectClose</command:parameterValue> <command:parameterValue required="false" variableLength="false">Inherit</command:parameterValue> <command:parameterValue required="false" variableLength="false">AuditObjectClose</command:parameterValue> <command:parameterValue required="false" variableLength="false">Permanent</command:parameterValue> <command:parameterValue required="false" variableLength="false">Exclusive</command:parameterValue> <command:parameterValue required="false" variableLength="false">CaseInsensitive</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenIf</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenLink</command:parameterValue> <command:parameterValue required="false" variableLength="false">KernelHandle</command:parameterValue> <command:parameterValue required="false" variableLength="false">ForceAccessCheck</command:parameterValue> <command:parameterValue required="false" variableLength="false">IgnoreImpersonatedDevicemap</command:parameterValue> <command:parameterValue required="false" variableLength="false">DontReparse</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: Close --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Close</maml:name> <maml:description> <maml:para>Close the object immediately and don't pass to the output. This is useful to create permanent objects without needing to close the handle manually.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: CloseRoot --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CloseRoot</maml:name> <maml:description> <maml:para>Automatically close the Root object when this cmdlet finishes processing. Useful for pipelines.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: CreateDirectories --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CreateDirectories</maml:name> <maml:description> <maml:para>Create any necessary NtDirectory objects to create the required object. Will return the created directories as well as the object in the output. The new object will be the first entry in the list. This doesn't work when opening an object or creating keys/files.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: Inherit --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Inherit</maml:name> <maml:description> <maml:para>Set to mark the new handle as inheritable. Can be used with ObjectAttributes.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: PrivateNamespaceDescriptor --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>PrivateNamespaceDescriptor</maml:name> <maml:description> <maml:para>A string format of a private namespace boundary descriptor. Uses the form [SID[:SID...]@]NAME where SID is an SDDL version of a SID to add to the boundary (such as S-X-X-X or WD) and NAME is the arbitrary name.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Root --> <command:parameter required="false" globbing="false" pipelineInput="true (ByValue)" position="named"> <maml:name>Root</maml:name> <maml:description> <maml:para>An existing open NT object to use when Path is relative.</maml:para> </maml:description> <command:parameterValue required="true">NtObject</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtObject</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: ScriptBlock --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ScriptBlock</maml:name> <maml:description> <maml:para>Invoke a script block on the created object before writing it to the output. Can be used in combination with the Close to map objects to some value.</maml:para> </maml:description> <command:parameterValue required="true">ScriptBlock</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.ScriptBlock</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Sddl --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Sddl</maml:name> <maml:description> <maml:para>Set to provide an explicit security descriptor to a newly created object in SDDL format.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: SecurityDescriptor --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>SecurityDescriptor</maml:name> <maml:description> <maml:para>Set to provide an explicit security descriptor to a newly created object.</maml:para> </maml:description> <command:parameterValue required="true">SecurityDescriptor</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SecurityDescriptor</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: SecurityQualityOfService --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>SecurityQualityOfService</maml:name> <maml:description> <maml:para>Set to provide an explicit security quality of service when opening files/namedpipes.</maml:para> </maml:description> <command:parameterValue required="true">SecurityQualityOfService</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SecurityQualityOfService</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Win32Path --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Win32Path</maml:name> <maml:description> <maml:para>Use a Win32 path for lookups. For NT objects this means relative to BNO, for files means a DOS style path.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <!-- Parameter: PrivateNamespaceDescriptor --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>PrivateNamespaceDescriptor</maml:name> <maml:description> <maml:para>A string format of a private namespace boundary descriptor. Uses the form [SID[:SID...]@]NAME where SID is an SDDL version of a SID to add to the boundary (such as S-X-X-X or WD) and NAME is the arbitrary name.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Access --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Access</maml:name> <maml:description> <maml:para>Specify the access rights for a new handle when creating/opening an object.</maml:para> <maml:para>Possible values: Query, Traverse, CreateObject, CreateSubDirectory, GenericRead, GenericWrite, GenericExecute, GenericAll, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, MaximumAllowed, AccessSystemSecurity</maml:para> </maml:description> <command:parameterValue required="true">DirectoryAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.DirectoryAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>MaximumAllowed</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">Query</command:parameterValue> <command:parameterValue required="false" variableLength="false">Traverse</command:parameterValue> <command:parameterValue required="false" variableLength="false">CreateObject</command:parameterValue> <command:parameterValue required="false" variableLength="false">CreateSubDirectory</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> <command:parameterValue required="false" variableLength="false">AccessSystemSecurity</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: Path --> <command:parameter required="false" globbing="false" pipelineInput="false" position="0"> <maml:name>Path</maml:name> <maml:description> <maml:para>The NT object manager path to the object to use.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Root --> <command:parameter required="false" globbing="false" pipelineInput="true (ByValue)" position="named"> <maml:name>Root</maml:name> <maml:description> <maml:para>An existing open NT object to use when Path is relative.</maml:para> </maml:description> <command:parameterValue required="true">NtObject</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtObject</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Win32Path --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Win32Path</maml:name> <maml:description> <maml:para>Use a Win32 path for lookups. For NT objects this means relative to BNO, for files means a DOS style path.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: CloseRoot --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CloseRoot</maml:name> <maml:description> <maml:para>Automatically close the Root object when this cmdlet finishes processing. Useful for pipelines.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: CreateDirectories --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CreateDirectories</maml:name> <maml:description> <maml:para>Create any necessary NtDirectory objects to create the required object. Will return the created directories as well as the object in the output. The new object will be the first entry in the list. This doesn't work when opening an object or creating keys/files.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: AttributeFlags --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ObjectAttributes,AttributesFlags"> <maml:name>AttributeFlags</maml:name> <maml:description> <maml:para>Object Attribute flags used during Open/Create calls.</maml:para> <maml:para>Possible values: None, ProtectClose, Inherit, AuditObjectClose, Permanent, Exclusive, CaseInsensitive, OpenIf, OpenLink, KernelHandle, ForceAccessCheck, IgnoreImpersonatedDevicemap, DontReparse</maml:para> </maml:description> <command:parameterValue required="true">AttributeFlags</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.AttributeFlags</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>CaseInsensitive</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">ProtectClose</command:parameterValue> <command:parameterValue required="false" variableLength="false">Inherit</command:parameterValue> <command:parameterValue required="false" variableLength="false">AuditObjectClose</command:parameterValue> <command:parameterValue required="false" variableLength="false">Permanent</command:parameterValue> <command:parameterValue required="false" variableLength="false">Exclusive</command:parameterValue> <command:parameterValue required="false" variableLength="false">CaseInsensitive</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenIf</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenLink</command:parameterValue> <command:parameterValue required="false" variableLength="false">KernelHandle</command:parameterValue> <command:parameterValue required="false" variableLength="false">ForceAccessCheck</command:parameterValue> <command:parameterValue required="false" variableLength="false">IgnoreImpersonatedDevicemap</command:parameterValue> <command:parameterValue required="false" variableLength="false">DontReparse</command:parameterValue> </command:parameterValueGroup> </command:parameter> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ObjectAttributes,AttributesFlags"> <maml:name>ObjectAttributes</maml:name> <maml:description> <maml:para>Object Attribute flags used during Open/Create calls.</maml:para> <maml:para>Possible values: None, ProtectClose, Inherit, AuditObjectClose, Permanent, Exclusive, CaseInsensitive, OpenIf, OpenLink, KernelHandle, ForceAccessCheck, IgnoreImpersonatedDevicemap, DontReparse</maml:para> <maml:para>This is an alias of the AttributeFlags parameter.</maml:para> </maml:description> <command:parameterValue required="true">AttributeFlags</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.AttributeFlags</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>CaseInsensitive</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">ProtectClose</command:parameterValue> <command:parameterValue required="false" variableLength="false">Inherit</command:parameterValue> <command:parameterValue required="false" variableLength="false">AuditObjectClose</command:parameterValue> <command:parameterValue required="false" variableLength="false">Permanent</command:parameterValue> <command:parameterValue required="false" variableLength="false">Exclusive</command:parameterValue> <command:parameterValue required="false" variableLength="false">CaseInsensitive</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenIf</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenLink</command:parameterValue> <command:parameterValue required="false" variableLength="false">KernelHandle</command:parameterValue> <command:parameterValue required="false" variableLength="false">ForceAccessCheck</command:parameterValue> <command:parameterValue required="false" variableLength="false">IgnoreImpersonatedDevicemap</command:parameterValue> <command:parameterValue required="false" variableLength="false">DontReparse</command:parameterValue> </command:parameterValueGroup> </command:parameter> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ObjectAttributes,AttributesFlags"> <maml:name>AttributesFlags</maml:name> <maml:description> <maml:para>Object Attribute flags used during Open/Create calls.</maml:para> <maml:para>Possible values: None, ProtectClose, Inherit, AuditObjectClose, Permanent, Exclusive, CaseInsensitive, OpenIf, OpenLink, KernelHandle, ForceAccessCheck, IgnoreImpersonatedDevicemap, DontReparse</maml:para> <maml:para>This is an alias of the AttributeFlags parameter.</maml:para> </maml:description> <command:parameterValue required="true">AttributeFlags</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.AttributeFlags</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>CaseInsensitive</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">ProtectClose</command:parameterValue> <command:parameterValue required="false" variableLength="false">Inherit</command:parameterValue> <command:parameterValue required="false" variableLength="false">AuditObjectClose</command:parameterValue> <command:parameterValue required="false" variableLength="false">Permanent</command:parameterValue> <command:parameterValue required="false" variableLength="false">Exclusive</command:parameterValue> <command:parameterValue required="false" variableLength="false">CaseInsensitive</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenIf</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenLink</command:parameterValue> <command:parameterValue required="false" variableLength="false">KernelHandle</command:parameterValue> <command:parameterValue required="false" variableLength="false">ForceAccessCheck</command:parameterValue> <command:parameterValue required="false" variableLength="false">IgnoreImpersonatedDevicemap</command:parameterValue> <command:parameterValue required="false" variableLength="false">DontReparse</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: SecurityDescriptor --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>SecurityDescriptor</maml:name> <maml:description> <maml:para>Set to provide an explicit security descriptor to a newly created object.</maml:para> </maml:description> <command:parameterValue required="true">SecurityDescriptor</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SecurityDescriptor</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Inherit --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Inherit</maml:name> <maml:description> <maml:para>Set to mark the new handle as inheritable. Can be used with ObjectAttributes.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: Sddl --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Sddl</maml:name> <maml:description> <maml:para>Set to provide an explicit security descriptor to a newly created object in SDDL format.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: SecurityQualityOfService --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>SecurityQualityOfService</maml:name> <maml:description> <maml:para>Set to provide an explicit security quality of service when opening files/namedpipes.</maml:para> </maml:description> <command:parameterValue required="true">SecurityQualityOfService</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SecurityQualityOfService</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Close --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Close</maml:name> <maml:description> <maml:para>Close the object immediately and don't pass to the output. This is useful to create permanent objects without needing to close the handle manually.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: ScriptBlock --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ScriptBlock</maml:name> <maml:description> <maml:para>Invoke a script block on the created object before writing it to the output. Can be used in combination with the Close to map objects to some value.</maml:para> </maml:description> <command:parameterValue required="true">ScriptBlock</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.ScriptBlock</maml:name> <maml:uri /> </dev:type> </command:parameter> </command:parameters> <command:inputTypes> <command:inputType> <dev:type> <maml:name>NtApiDotNet.NtObject</maml:name> <maml:uri /> </dev:type> <maml:description> <maml:para>An existing open NT object to use when Path is relative.</maml:para> </maml:description> </command:inputType> </command:inputTypes> <command:returnValues> <!-- OutputType: NtDirectory --> <command:returnValue> <dev:type> <maml:name>NtApiDotNet.NtDirectory</maml:name> <maml:uri /> </dev:type> </command:returnValue> </command:returnValues> <command:examples> <command:example> <maml:title>---------- EXAMPLE 1 ----------</maml:title> <dev:code>$obj = Get-NtDirectory \BaseNamedObjects</dev:code> <dev:remarks> <maml:para>Get a directory object with an absolute path.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 2 ----------</maml:title> <dev:code>$root = Get-NtDirectory \BaseNamedObjects $obj = Get-NtDirectory ABC -Root $root</dev:code> <dev:remarks> <maml:para>Get a directory object with a relative path.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 3 ----------</maml:title> <dev:code>cd NtObject:\BaseNamedObjects $obj = Get-NtDirectory ABC</dev:code> <dev:remarks> <maml:para>Get a directory object with a relative path based on the current location.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 4 ----------</maml:title> <dev:code>$obj = Get-NtDirectory -Path \BaseNamedObjects $obj.Query()</dev:code> <dev:remarks> <maml:para>Get a directory object and query its list of entries.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 5 ----------</maml:title> <dev:code>$obj = Get-NtDirectory -PrivateNamespaceDescriptor WD:LW@ABC</dev:code> <dev:remarks> <maml:para>Get a private namespace directory object with Everyone and Low Mandatory Level SIDs and name ABC.</maml:para> </dev:remarks> </command:example> </command:examples> <maml:relatedLinks> <maml:navigationLink> <maml:linkText>about_ManagingNtObjectLifetime</maml:linkText> </maml:navigationLink> <maml:navigationLink> <maml:linkText>https://msdn.microsoft.com/en-us/library/windows/desktop/ms684318(v=vs.85).aspx</maml:linkText> </maml:navigationLink> <maml:navigationLink> <maml:linkText>https://msdn.microsoft.com/en-us/library/windows/desktop/ms682121(v=vs.85).aspx</maml:linkText> </maml:navigationLink> </maml:relatedLinks> </command:command> <!-- Cmdlet: New-NtDirectory --> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"> <command:details> <command:name>New-NtDirectory</command:name> <command:verb>New</command:verb> <command:noun>NtDirectory</command:noun> <maml:description> <maml:para>Create a new NT object directory by path.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>This cmdlet creates a new NT object directory. It's possible to create a directory by its NT path, such as \Some\Path or it can also create a new private namespace which isn't represented by an accessible NT path but instead uses a boundary descriptor.</maml:para> </maml:description> <command:syntax> <!-- Parameter set: __AllParameterSets --> <command:syntaxItem> <maml:name>New-NtDirectory</maml:name> <!-- Parameter: Path --> <command:parameter required="false" globbing="false" pipelineInput="false" position="0"> <maml:name>Path</maml:name> <maml:description> <maml:para>The NT object manager path to the object to use.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Access --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Access</maml:name> <maml:description> <maml:para>Specify the access rights for a new handle when creating/opening an object.</maml:para> <maml:para>Possible values: Query, Traverse, CreateObject, CreateSubDirectory, GenericRead, GenericWrite, GenericExecute, GenericAll, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, MaximumAllowed, AccessSystemSecurity</maml:para> </maml:description> <command:parameterValue required="true">DirectoryAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.DirectoryAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>MaximumAllowed</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">Query</command:parameterValue> <command:parameterValue required="false" variableLength="false">Traverse</command:parameterValue> <command:parameterValue required="false" variableLength="false">CreateObject</command:parameterValue> <command:parameterValue required="false" variableLength="false">CreateSubDirectory</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> <command:parameterValue required="false" variableLength="false">AccessSystemSecurity</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: AttributeFlags --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ObjectAttributes,AttributesFlags"> <maml:name>AttributeFlags</maml:name> <maml:description> <maml:para>Object Attribute flags used during Open/Create calls.</maml:para> <maml:para>Possible values: None, ProtectClose, Inherit, AuditObjectClose, Permanent, Exclusive, CaseInsensitive, OpenIf, OpenLink, KernelHandle, ForceAccessCheck, IgnoreImpersonatedDevicemap, DontReparse</maml:para> </maml:description> <command:parameterValue required="true">AttributeFlags</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.AttributeFlags</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>CaseInsensitive</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">ProtectClose</command:parameterValue> <command:parameterValue required="false" variableLength="false">Inherit</command:parameterValue> <command:parameterValue required="false" variableLength="false">AuditObjectClose</command:parameterValue> <command:parameterValue required="false" variableLength="false">Permanent</command:parameterValue> <command:parameterValue required="false" variableLength="false">Exclusive</command:parameterValue> <command:parameterValue required="false" variableLength="false">CaseInsensitive</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenIf</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenLink</command:parameterValue> <command:parameterValue required="false" variableLength="false">KernelHandle</command:parameterValue> <command:parameterValue required="false" variableLength="false">ForceAccessCheck</command:parameterValue> <command:parameterValue required="false" variableLength="false">IgnoreImpersonatedDevicemap</command:parameterValue> <command:parameterValue required="false" variableLength="false">DontReparse</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: Close --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Close</maml:name> <maml:description> <maml:para>Close the object immediately and don't pass to the output. This is useful to create permanent objects without needing to close the handle manually.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: CloseRoot --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CloseRoot</maml:name> <maml:description> <maml:para>Automatically close the Root object when this cmdlet finishes processing. Useful for pipelines.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: CreateDirectories --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CreateDirectories</maml:name> <maml:description> <maml:para>Create any necessary NtDirectory objects to create the required object. Will return the created directories as well as the object in the output. The new object will be the first entry in the list. This doesn't work when opening an object or creating keys/files.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: Flags --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Flags</maml:name> <maml:description> <maml:para>Specifies flags to use when creating the directory object.</maml:para> <maml:para>Possible values: None, AlwaysInheritSecurity, FakeObjectRoot</maml:para> </maml:description> <command:parameterValue required="true">DirectoryCreateFlags</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.DirectoryCreateFlags</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">AlwaysInheritSecurity</command:parameterValue> <command:parameterValue required="false" variableLength="false">FakeObjectRoot</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: Inherit --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Inherit</maml:name> <maml:description> <maml:para>Set to mark the new handle as inheritable. Can be used with ObjectAttributes.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: PrivateNamespaceDescriptor --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>PrivateNamespaceDescriptor</maml:name> <maml:description> <maml:para>A string format of a private namespace boundary descriptor. Uses the form [SID[:SID...]@]NAME where SID is an SDDL version of a SID to add to the boundary (such as S-X-X-X or WD) and NAME is the arbitrary name.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Root --> <command:parameter required="false" globbing="false" pipelineInput="true (ByValue)" position="named"> <maml:name>Root</maml:name> <maml:description> <maml:para>An existing open NT object to use when Path is relative.</maml:para> </maml:description> <command:parameterValue required="true">NtObject</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtObject</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: ScriptBlock --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ScriptBlock</maml:name> <maml:description> <maml:para>Invoke a script block on the created object before writing it to the output. Can be used in combination with the Close to map objects to some value.</maml:para> </maml:description> <command:parameterValue required="true">ScriptBlock</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.ScriptBlock</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Sddl --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Sddl</maml:name> <maml:description> <maml:para>Set to provide an explicit security descriptor to a newly created object in SDDL format.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: SecurityDescriptor --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>SecurityDescriptor</maml:name> <maml:description> <maml:para>Set to provide an explicit security descriptor to a newly created object.</maml:para> </maml:description> <command:parameterValue required="true">SecurityDescriptor</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SecurityDescriptor</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: SecurityQualityOfService --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>SecurityQualityOfService</maml:name> <maml:description> <maml:para>Set to provide an explicit security quality of service when opening files/namedpipes.</maml:para> </maml:description> <command:parameterValue required="true">SecurityQualityOfService</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SecurityQualityOfService</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: ShadowDirectory --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ShadowDirectory</maml:name> <maml:description> <maml:para>Specifies another NT directory object to use as a shadown directory. This changes the lookup operation so that if an entry isn't in the created directory it will try and look it up in the shadown instead.</maml:para> </maml:description> <command:parameterValue required="true">NtDirectory</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtDirectory</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Win32Path --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Win32Path</maml:name> <maml:description> <maml:para>Use a Win32 path for lookups. For NT objects this means relative to BNO, for files means a DOS style path.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <!-- Parameter: ShadowDirectory --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ShadowDirectory</maml:name> <maml:description> <maml:para>Specifies another NT directory object to use as a shadown directory. This changes the lookup operation so that if an entry isn't in the created directory it will try and look it up in the shadown instead.</maml:para> </maml:description> <command:parameterValue required="true">NtDirectory</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtDirectory</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Flags --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Flags</maml:name> <maml:description> <maml:para>Specifies flags to use when creating the directory object.</maml:para> <maml:para>Possible values: None, AlwaysInheritSecurity, FakeObjectRoot</maml:para> </maml:description> <command:parameterValue required="true">DirectoryCreateFlags</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.DirectoryCreateFlags</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">AlwaysInheritSecurity</command:parameterValue> <command:parameterValue required="false" variableLength="false">FakeObjectRoot</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: PrivateNamespaceDescriptor --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>PrivateNamespaceDescriptor</maml:name> <maml:description> <maml:para>A string format of a private namespace boundary descriptor. Uses the form [SID[:SID...]@]NAME where SID is an SDDL version of a SID to add to the boundary (such as S-X-X-X or WD) and NAME is the arbitrary name.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Access --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Access</maml:name> <maml:description> <maml:para>Specify the access rights for a new handle when creating/opening an object.</maml:para> <maml:para>Possible values: Query, Traverse, CreateObject, CreateSubDirectory, GenericRead, GenericWrite, GenericExecute, GenericAll, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, MaximumAllowed, AccessSystemSecurity</maml:para> </maml:description> <command:parameterValue required="true">DirectoryAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.DirectoryAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>MaximumAllowed</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">Query</command:parameterValue> <command:parameterValue required="false" variableLength="false">Traverse</command:parameterValue> <command:parameterValue required="false" variableLength="false">CreateObject</command:parameterValue> <command:parameterValue required="false" variableLength="false">CreateSubDirectory</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> <command:parameterValue required="false" variableLength="false">AccessSystemSecurity</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: Path --> <command:parameter required="false" globbing="false" pipelineInput="false" position="0"> <maml:name>Path</maml:name> <maml:description> <maml:para>The NT object manager path to the object to use.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Root --> <command:parameter required="false" globbing="false" pipelineInput="true (ByValue)" position="named"> <maml:name>Root</maml:name> <maml:description> <maml:para>An existing open NT object to use when Path is relative.</maml:para> </maml:description> <command:parameterValue required="true">NtObject</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtObject</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Win32Path --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Win32Path</maml:name> <maml:description> <maml:para>Use a Win32 path for lookups. For NT objects this means relative to BNO, for files means a DOS style path.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: CloseRoot --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CloseRoot</maml:name> <maml:description> <maml:para>Automatically close the Root object when this cmdlet finishes processing. Useful for pipelines.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: CreateDirectories --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CreateDirectories</maml:name> <maml:description> <maml:para>Create any necessary NtDirectory objects to create the required object. Will return the created directories as well as the object in the output. The new object will be the first entry in the list. This doesn't work when opening an object or creating keys/files.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: AttributeFlags --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ObjectAttributes,AttributesFlags"> <maml:name>AttributeFlags</maml:name> <maml:description> <maml:para>Object Attribute flags used during Open/Create calls.</maml:para> <maml:para>Possible values: None, ProtectClose, Inherit, AuditObjectClose, Permanent, Exclusive, CaseInsensitive, OpenIf, OpenLink, KernelHandle, ForceAccessCheck, IgnoreImpersonatedDevicemap, DontReparse</maml:para> </maml:description> <command:parameterValue required="true">AttributeFlags</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.AttributeFlags</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>CaseInsensitive</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">ProtectClose</command:parameterValue> <command:parameterValue required="false" variableLength="false">Inherit</command:parameterValue> <command:parameterValue required="false" variableLength="false">AuditObjectClose</command:parameterValue> <command:parameterValue required="false" variableLength="false">Permanent</command:parameterValue> <command:parameterValue required="false" variableLength="false">Exclusive</command:parameterValue> <command:parameterValue required="false" variableLength="false">CaseInsensitive</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenIf</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenLink</command:parameterValue> <command:parameterValue required="false" variableLength="false">KernelHandle</command:parameterValue> <command:parameterValue required="false" variableLength="false">ForceAccessCheck</command:parameterValue> <command:parameterValue required="false" variableLength="false">IgnoreImpersonatedDevicemap</command:parameterValue> <command:parameterValue required="false" variableLength="false">DontReparse</command:parameterValue> </command:parameterValueGroup> </command:parameter> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ObjectAttributes,AttributesFlags"> <maml:name>ObjectAttributes</maml:name> <maml:description> <maml:para>Object Attribute flags used during Open/Create calls.</maml:para> <maml:para>Possible values: None, ProtectClose, Inherit, AuditObjectClose, Permanent, Exclusive, CaseInsensitive, OpenIf, OpenLink, KernelHandle, ForceAccessCheck, IgnoreImpersonatedDevicemap, DontReparse</maml:para> <maml:para>This is an alias of the AttributeFlags parameter.</maml:para> </maml:description> <command:parameterValue required="true">AttributeFlags</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.AttributeFlags</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>CaseInsensitive</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">ProtectClose</command:parameterValue> <command:parameterValue required="false" variableLength="false">Inherit</command:parameterValue> <command:parameterValue required="false" variableLength="false">AuditObjectClose</command:parameterValue> <command:parameterValue required="false" variableLength="false">Permanent</command:parameterValue> <command:parameterValue required="false" variableLength="false">Exclusive</command:parameterValue> <command:parameterValue required="false" variableLength="false">CaseInsensitive</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenIf</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenLink</command:parameterValue> <command:parameterValue required="false" variableLength="false">KernelHandle</command:parameterValue> <command:parameterValue required="false" variableLength="false">ForceAccessCheck</command:parameterValue> <command:parameterValue required="false" variableLength="false">IgnoreImpersonatedDevicemap</command:parameterValue> <command:parameterValue required="false" variableLength="false">DontReparse</command:parameterValue> </command:parameterValueGroup> </command:parameter> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ObjectAttributes,AttributesFlags"> <maml:name>AttributesFlags</maml:name> <maml:description> <maml:para>Object Attribute flags used during Open/Create calls.</maml:para> <maml:para>Possible values: None, ProtectClose, Inherit, AuditObjectClose, Permanent, Exclusive, CaseInsensitive, OpenIf, OpenLink, KernelHandle, ForceAccessCheck, IgnoreImpersonatedDevicemap, DontReparse</maml:para> <maml:para>This is an alias of the AttributeFlags parameter.</maml:para> </maml:description> <command:parameterValue required="true">AttributeFlags</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.AttributeFlags</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>CaseInsensitive</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">ProtectClose</command:parameterValue> <command:parameterValue required="false" variableLength="false">Inherit</command:parameterValue> <command:parameterValue required="false" variableLength="false">AuditObjectClose</command:parameterValue> <command:parameterValue required="false" variableLength="false">Permanent</command:parameterValue> <command:parameterValue required="false" variableLength="false">Exclusive</command:parameterValue> <command:parameterValue required="false" variableLength="false">CaseInsensitive</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenIf</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenLink</command:parameterValue> <command:parameterValue required="false" variableLength="false">KernelHandle</command:parameterValue> <command:parameterValue required="false" variableLength="false">ForceAccessCheck</command:parameterValue> <command:parameterValue required="false" variableLength="false">IgnoreImpersonatedDevicemap</command:parameterValue> <command:parameterValue required="false" variableLength="false">DontReparse</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: SecurityDescriptor --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>SecurityDescriptor</maml:name> <maml:description> <maml:para>Set to provide an explicit security descriptor to a newly created object.</maml:para> </maml:description> <command:parameterValue required="true">SecurityDescriptor</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SecurityDescriptor</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Inherit --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Inherit</maml:name> <maml:description> <maml:para>Set to mark the new handle as inheritable. Can be used with ObjectAttributes.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: Sddl --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Sddl</maml:name> <maml:description> <maml:para>Set to provide an explicit security descriptor to a newly created object in SDDL format.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: SecurityQualityOfService --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>SecurityQualityOfService</maml:name> <maml:description> <maml:para>Set to provide an explicit security quality of service when opening files/namedpipes.</maml:para> </maml:description> <command:parameterValue required="true">SecurityQualityOfService</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SecurityQualityOfService</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Close --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Close</maml:name> <maml:description> <maml:para>Close the object immediately and don't pass to the output. This is useful to create permanent objects without needing to close the handle manually.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: ScriptBlock --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ScriptBlock</maml:name> <maml:description> <maml:para>Invoke a script block on the created object before writing it to the output. Can be used in combination with the Close to map objects to some value.</maml:para> </maml:description> <command:parameterValue required="true">ScriptBlock</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.ScriptBlock</maml:name> <maml:uri /> </dev:type> </command:parameter> </command:parameters> <command:inputTypes> <command:inputType> <dev:type> <maml:name>NtApiDotNet.NtObject</maml:name> <maml:uri /> </dev:type> <maml:description> <maml:para>An existing open NT object to use when Path is relative.</maml:para> </maml:description> </command:inputType> </command:inputTypes> <command:returnValues> <!-- OutputType: NtDirectory --> <command:returnValue> <dev:type> <maml:name>NtApiDotNet.NtDirectory</maml:name> <maml:uri /> </dev:type> </command:returnValue> </command:returnValues> <command:examples> <command:example> <maml:title>---------- EXAMPLE 1 ----------</maml:title> <dev:code>$obj = New-NtDirectory</dev:code> <dev:remarks> <maml:para>Create a new anonymous directory object.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 2 ----------</maml:title> <dev:code>$obj = New-NtDirectory \BaseNamedObjects\ABC</dev:code> <dev:remarks> <maml:para>Create a new directory object with an absolute path.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 3 ----------</maml:title> <dev:code>$root = Get-NtDirectory \BaseNamedObjects $obj = New-NtDirectory ABC -Root $root</dev:code> <dev:remarks> <maml:para>Create a new directory object with a relative path.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 4 ----------</maml:title> <dev:code>cd NtObject:\BaseNamedObjects $obj = New-NtDirectory ABC</dev:code> <dev:remarks> <maml:para>Create a new directory object with a relative path based on the current location.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 5 ----------</maml:title> <dev:code>$shadow = Get-NtDirectory \SomeDir $obj = New-NtDirectory \BaseNamedObjects\ABC -ShadowDirectory $shadow</dev:code> <dev:remarks> <maml:para>Create a new directory object with a shadow directory.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 6 ----------</maml:title> <dev:code>$obj = New-NtDirectory -PrivateNamespaceDescriptor WD:LW@ABC</dev:code> <dev:remarks> <maml:para>Create a new private namespace directory object with Everyone and Low Mandatory Level SIDs and name ABC.</maml:para> </dev:remarks> </command:example> </command:examples> <maml:relatedLinks> <maml:navigationLink> <maml:linkText>about_ManagingNtObjectLifetime</maml:linkText> </maml:navigationLink> <maml:navigationLink> <maml:linkText>https://msdn.microsoft.com/en-us/library/windows/desktop/ms682419%28v=vs.85%29.aspx</maml:linkText> </maml:navigationLink> <maml:navigationLink> <maml:linkText>https://msdn.microsoft.com/en-us/library/windows/desktop/ms682121(v=vs.85).aspx</maml:linkText> </maml:navigationLink> </maml:relatedLinks> </command:command> <!-- Cmdlet: Get-NtDirectoryChild --> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"> <command:details> <command:name>Get-NtDirectoryChild</command:name> <command:verb>Get</command:verb> <command:noun>NtDirectoryChild</command:noun> <maml:description> <maml:para>Get the accessible children of an object directory.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>This cmdlet gets the children of a directory object. It allows the children to be extracted recursively. You can choose to get the children through the pipeline or specify a vistor script.</maml:para> </maml:description> <command:syntax> <!-- Parameter set: __AllParameterSets --> <command:syntaxItem> <maml:name>Get-NtDirectoryChild</maml:name> <!-- Parameter: Object --> <command:parameter required="true" globbing="false" pipelineInput="false" position="0"> <maml:name>Object</maml:name> <maml:description> <maml:para>Specify an object to get children from, should be a directory.</maml:para> </maml:description> <command:parameterValue required="true">NtDirectory</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtDirectory</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Access --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Access</maml:name> <maml:description> <maml:para>Specify the access when opening a child.</maml:para> <maml:para>Possible values: Query, Traverse, CreateObject, CreateSubDirectory, GenericRead, GenericWrite, GenericExecute, GenericAll, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, MaximumAllowed, AccessSystemSecurity</maml:para> </maml:description> <command:parameterValue required="true">DirectoryAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.DirectoryAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>MaximumAllowed</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">Query</command:parameterValue> <command:parameterValue required="false" variableLength="false">Traverse</command:parameterValue> <command:parameterValue required="false" variableLength="false">CreateObject</command:parameterValue> <command:parameterValue required="false" variableLength="false">CreateSubDirectory</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> <command:parameterValue required="false" variableLength="false">AccessSystemSecurity</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: Filter --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Filter</maml:name> <maml:description> <maml:para>Specify a script block to filter child objects. Return $true to keep the object.</maml:para> </maml:description> <command:parameterValue required="true">ScriptBlock</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.ScriptBlock</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: MaxDepth --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>MaxDepth</maml:name> <maml:description> <maml:para>When recursing specify the maximum depth of recursion. -1 indicates no limit.</maml:para> </maml:description> <command:parameterValue required="true">int</command:parameterValue> <dev:type> <maml:name>System.Int32</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>-1</dev:defaultValue> </command:parameter> <!-- Parameter: Recurse --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Recurse</maml:name> <maml:description> <maml:para>Get children recursively.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: Visitor --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Visitor</maml:name> <maml:description> <maml:para>Specify a script block to run for every child. The file object will automatically be disposed once the vistor has executed. If you want to cancel enumeration return $false.</maml:para> </maml:description> <command:parameterValue required="true">ScriptBlock</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.ScriptBlock</maml:name> <maml:uri /> </dev:type> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <!-- Parameter: Object --> <command:parameter required="true" globbing="false" pipelineInput="false" position="0"> <maml:name>Object</maml:name> <maml:description> <maml:para>Specify an object to get children from, should be a directory.</maml:para> </maml:description> <command:parameterValue required="true">NtDirectory</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtDirectory</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Access --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Access</maml:name> <maml:description> <maml:para>Specify the access when opening a child.</maml:para> <maml:para>Possible values: Query, Traverse, CreateObject, CreateSubDirectory, GenericRead, GenericWrite, GenericExecute, GenericAll, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, MaximumAllowed, AccessSystemSecurity</maml:para> </maml:description> <command:parameterValue required="true">DirectoryAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.DirectoryAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>MaximumAllowed</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">Query</command:parameterValue> <command:parameterValue required="false" variableLength="false">Traverse</command:parameterValue> <command:parameterValue required="false" variableLength="false">CreateObject</command:parameterValue> <command:parameterValue required="false" variableLength="false">CreateSubDirectory</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> <command:parameterValue required="false" variableLength="false">AccessSystemSecurity</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: Recurse --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Recurse</maml:name> <maml:description> <maml:para>Get children recursively.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: MaxDepth --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>MaxDepth</maml:name> <maml:description> <maml:para>When recursing specify the maximum depth of recursion. -1 indicates no limit.</maml:para> </maml:description> <command:parameterValue required="true">int</command:parameterValue> <dev:type> <maml:name>System.Int32</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>-1</dev:defaultValue> </command:parameter> <!-- Parameter: Visitor --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Visitor</maml:name> <maml:description> <maml:para>Specify a script block to run for every child. The file object will automatically be disposed once the vistor has executed. If you want to cancel enumeration return $false.</maml:para> </maml:description> <command:parameterValue required="true">ScriptBlock</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.ScriptBlock</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Filter --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Filter</maml:name> <maml:description> <maml:para>Specify a script block to filter child objects. Return $true to keep the object.</maml:para> </maml:description> <command:parameterValue required="true">ScriptBlock</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.ScriptBlock</maml:name> <maml:uri /> </dev:type> </command:parameter> </command:parameters> <command:inputTypes /> <command:returnValues /> <command:examples> <command:example> <maml:title>---------- EXAMPLE 1 ----------</maml:title> <dev:code>$ds = Get-NtDirectoryChild $dir</dev:code> <dev:remarks> <maml:para>Get immediate children of an object directory.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 2 ----------</maml:title> <dev:code>$ds = Get-NtDirectoryChild $dir -Recurse</dev:code> <dev:remarks> <maml:para>Get children of an object directory recursively.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 3 ----------</maml:title> <dev:code>$ds = Get-NtDirectoryChild $dir -Recurse -MaxDepth 2</dev:code> <dev:remarks> <maml:para>Get children of an object directory recursively up to a maximum depth of 2.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 4 ----------</maml:title> <dev:code>$ds = Get-NtDirectoryChild $dir Access ReadControl</dev:code> <dev:remarks> <maml:para>Get children of an object directory which can be opened for ReadControl access.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 5 ----------</maml:title> <dev:code>Get-NtDirectoryChild $dir -Visitor { $path = $_.FullPath; Write-Host $path }</dev:code> <dev:remarks> <maml:para>Get children of an object directory via the visitor pattern.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 6 ----------</maml:title> <dev:code>Get-NtDirectoryChild $dir -Recurse -Visitor { $path = $_.FullPath; Write-Host $path; $path -notmatch "BLAH" }</dev:code> <dev:remarks> <maml:para>Get children of an object directory via the visitor pattern, exiting the recursion if the object path contains the string BLAH.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 7 ----------</maml:title> <dev:code>$ds = Get-NtDirectoryChild $dir -Recurse -Filter { $_.FullPath -match "BLAH" }</dev:code> <dev:remarks> <maml:para>Get children of an object directory filtering out any objects which don't have BLAH in the name.</maml:para> </dev:remarks> </command:example> </command:examples> <maml:relatedLinks> <maml:navigationLink> <maml:linkText>about_ManagingNtObjectLifetime</maml:linkText> </maml:navigationLink> </maml:relatedLinks> </command:command> <!-- Cmdlet: New-NtEnclave --> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"> <command:details> <command:name>New-NtEnclave</command:name> <command:verb>New</command:verb> <command:noun>NtEnclave</command:noun> <maml:description> <maml:para>Create a new enclave.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>This cmdlet creates a new enclave.</maml:para> </maml:description> <command:syntax> <!-- Parameter set: FromVBS --> <command:syntaxItem> <maml:name>New-NtEnclave</maml:name> <!-- Parameter: ImageFile --> <command:parameter required="true" globbing="false" pipelineInput="false" position="0"> <maml:name>ImageFile</maml:name> <maml:description> <maml:para>Specify the primary image file to load in the enclave.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: OwnerId --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>OwnerId</maml:name> <maml:description> <maml:para>Specify the VBS enclave owner ID.</maml:para> </maml:description> <command:parameterValue required="true">byte[]</command:parameterValue> <dev:type> <maml:name>System.Byte[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Process --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Process</maml:name> <maml:description> <maml:para>Specify to process to create the enclave in.</maml:para> </maml:description> <command:parameterValue required="true">NtProcess</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtProcess</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: VBSFlags --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>VBSFlags</maml:name> <maml:description> <maml:para>Specify the VBS enclave flags.</maml:para> <maml:para>Possible values: None, Debug</maml:para> </maml:description> <command:parameterValue required="true">LdrEnclaveVBSFlags</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.LdrEnclaveVBSFlags</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">Debug</command:parameterValue> </command:parameterValueGroup> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <!-- Parameter: Process --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Process</maml:name> <maml:description> <maml:para>Specify to process to create the enclave in.</maml:para> </maml:description> <command:parameterValue required="true">NtProcess</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtProcess</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: VBSFlags --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>VBSFlags</maml:name> <maml:description> <maml:para>Specify the VBS enclave flags.</maml:para> <maml:para>Possible values: None, Debug</maml:para> </maml:description> <command:parameterValue required="true">LdrEnclaveVBSFlags</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.LdrEnclaveVBSFlags</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">Debug</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: OwnerId --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>OwnerId</maml:name> <maml:description> <maml:para>Specify the VBS enclave owner ID.</maml:para> </maml:description> <command:parameterValue required="true">byte[]</command:parameterValue> <dev:type> <maml:name>System.Byte[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: ImageFile --> <command:parameter required="true" globbing="false" pipelineInput="false" position="0"> <maml:name>ImageFile</maml:name> <maml:description> <maml:para>Specify the primary image file to load in the enclave.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> </command:parameters> <command:inputTypes /> <command:returnValues> <!-- OutputType: NtEnclave --> <command:returnValue> <dev:type> <maml:name>NtApiDotNet.NtEnclave</maml:name> <maml:uri /> </dev:type> </command:returnValue> </command:returnValues> <command:examples> <command:example> <maml:title>---------- EXAMPLE 1 ----------</maml:title> <dev:code>$ev = New-NtEnclave -VBS -Size 0x1000000 -InitialImageFile "secure.dll"</dev:code> <dev:remarks> <maml:para>Create a VBS enclave in the current process.</maml:para> </dev:remarks> </command:example> </command:examples> </command:command> <!-- Cmdlet: Get-NtEnlistment --> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"> <command:details> <command:name>Get-NtEnlistment</command:name> <command:verb>Get</command:verb> <command:noun>NtEnlistment</command:noun> <maml:description> <maml:para>Open a NT Enlistment object or all from a Resource Manager.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>This cmdlet opens an existing NT Enlistment object or all from a Resource Manager.</maml:para> </maml:description> <command:syntax> <!-- Parameter set: FromId --> <command:syntaxItem> <maml:name>Get-NtEnlistment</maml:name> <!-- Parameter: EnlistmentGuid --> <command:parameter required="true" globbing="false" pipelineInput="false" position="0"> <maml:name>EnlistmentGuid</maml:name> <maml:description> <maml:para>Specify the Enlistment GUID to open.</maml:para> </maml:description> <command:parameterValue required="true">Guid</command:parameterValue> <dev:type> <maml:name>System.Guid</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>00000000-0000-0000-0000-000000000000</dev:defaultValue> </command:parameter> <!-- Parameter: ResourceManager --> <command:parameter required="true" globbing="false" pipelineInput="false" position="1"> <maml:name>ResourceManager</maml:name> <maml:description> <maml:para>Specify the Transaction Manager containing the Resource Manager.</maml:para> </maml:description> <command:parameterValue required="true">NtResourceManager</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtResourceManager</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Access --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Access</maml:name> <maml:description> <maml:para>Specify the access rights for a new handle when creating/opening an object.</maml:para> <maml:para>Possible values: None, QueryInformation, SetInformation, Recover, SubordinateRights, SuperiorRights, GenericRead, GenericWrite, GenericExecute, GenericAll, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, MaximumAllowed, AccessSystemSecurity</maml:para> </maml:description> <command:parameterValue required="true">EnlistmentAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.EnlistmentAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>MaximumAllowed</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">QueryInformation</command:parameterValue> <command:parameterValue required="false" variableLength="false">SetInformation</command:parameterValue> <command:parameterValue required="false" variableLength="false">Recover</command:parameterValue> <command:parameterValue required="false" variableLength="false">SubordinateRights</command:parameterValue> <command:parameterValue required="false" variableLength="false">SuperiorRights</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> <command:parameterValue required="false" variableLength="false">AccessSystemSecurity</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: AttributeFlags --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ObjectAttributes,AttributesFlags"> <maml:name>AttributeFlags</maml:name> <maml:description> <maml:para>Object Attribute flags used during Open/Create calls.</maml:para> <maml:para>Possible values: None, ProtectClose, Inherit, AuditObjectClose, Permanent, Exclusive, CaseInsensitive, OpenIf, OpenLink, KernelHandle, ForceAccessCheck, IgnoreImpersonatedDevicemap, DontReparse</maml:para> </maml:description> <command:parameterValue required="true">AttributeFlags</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.AttributeFlags</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>CaseInsensitive</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">ProtectClose</command:parameterValue> <command:parameterValue required="false" variableLength="false">Inherit</command:parameterValue> <command:parameterValue required="false" variableLength="false">AuditObjectClose</command:parameterValue> <command:parameterValue required="false" variableLength="false">Permanent</command:parameterValue> <command:parameterValue required="false" variableLength="false">Exclusive</command:parameterValue> <command:parameterValue required="false" variableLength="false">CaseInsensitive</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenIf</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenLink</command:parameterValue> <command:parameterValue required="false" variableLength="false">KernelHandle</command:parameterValue> <command:parameterValue required="false" variableLength="false">ForceAccessCheck</command:parameterValue> <command:parameterValue required="false" variableLength="false">IgnoreImpersonatedDevicemap</command:parameterValue> <command:parameterValue required="false" variableLength="false">DontReparse</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: Close --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Close</maml:name> <maml:description> <maml:para>Close the object immediately and don't pass to the output. This is useful to create permanent objects without needing to close the handle manually.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: Inherit --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Inherit</maml:name> <maml:description> <maml:para>Set to mark the new handle as inheritable. Can be used with ObjectAttributes.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: ScriptBlock --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ScriptBlock</maml:name> <maml:description> <maml:para>Invoke a script block on the created object before writing it to the output. Can be used in combination with the Close to map objects to some value.</maml:para> </maml:description> <command:parameterValue required="true">ScriptBlock</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.ScriptBlock</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Sddl --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Sddl</maml:name> <maml:description> <maml:para>Set to provide an explicit security descriptor to a newly created object in SDDL format.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: SecurityDescriptor --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>SecurityDescriptor</maml:name> <maml:description> <maml:para>Set to provide an explicit security descriptor to a newly created object.</maml:para> </maml:description> <command:parameterValue required="true">SecurityDescriptor</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SecurityDescriptor</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: SecurityQualityOfService --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>SecurityQualityOfService</maml:name> <maml:description> <maml:para>Set to provide an explicit security quality of service when opening files/namedpipes.</maml:para> </maml:description> <command:parameterValue required="true">SecurityQualityOfService</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SecurityQualityOfService</maml:name> <maml:uri /> </dev:type> </command:parameter> </command:syntaxItem> <!-- Parameter set: All --> <command:syntaxItem> <maml:name>Get-NtEnlistment</maml:name> <!-- Parameter: ResourceManager --> <command:parameter required="true" globbing="false" pipelineInput="false" position="0"> <maml:name>ResourceManager</maml:name> <maml:description> <maml:para>Specify the Transaction Manager containing the Resource Manager.</maml:para> </maml:description> <command:parameterValue required="true">NtResourceManager</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtResourceManager</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Access --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Access</maml:name> <maml:description> <maml:para>Specify the access rights for a new handle when creating/opening an object.</maml:para> <maml:para>Possible values: None, QueryInformation, SetInformation, Recover, SubordinateRights, SuperiorRights, GenericRead, GenericWrite, GenericExecute, GenericAll, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, MaximumAllowed, AccessSystemSecurity</maml:para> </maml:description> <command:parameterValue required="true">EnlistmentAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.EnlistmentAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>MaximumAllowed</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">QueryInformation</command:parameterValue> <command:parameterValue required="false" variableLength="false">SetInformation</command:parameterValue> <command:parameterValue required="false" variableLength="false">Recover</command:parameterValue> <command:parameterValue required="false" variableLength="false">SubordinateRights</command:parameterValue> <command:parameterValue required="false" variableLength="false">SuperiorRights</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> <command:parameterValue required="false" variableLength="false">AccessSystemSecurity</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: AttributeFlags --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ObjectAttributes,AttributesFlags"> <maml:name>AttributeFlags</maml:name> <maml:description> <maml:para>Object Attribute flags used during Open/Create calls.</maml:para> <maml:para>Possible values: None, ProtectClose, Inherit, AuditObjectClose, Permanent, Exclusive, CaseInsensitive, OpenIf, OpenLink, KernelHandle, ForceAccessCheck, IgnoreImpersonatedDevicemap, DontReparse</maml:para> </maml:description> <command:parameterValue required="true">AttributeFlags</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.AttributeFlags</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>CaseInsensitive</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">ProtectClose</command:parameterValue> <command:parameterValue required="false" variableLength="false">Inherit</command:parameterValue> <command:parameterValue required="false" variableLength="false">AuditObjectClose</command:parameterValue> <command:parameterValue required="false" variableLength="false">Permanent</command:parameterValue> <command:parameterValue required="false" variableLength="false">Exclusive</command:parameterValue> <command:parameterValue required="false" variableLength="false">CaseInsensitive</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenIf</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenLink</command:parameterValue> <command:parameterValue required="false" variableLength="false">KernelHandle</command:parameterValue> <command:parameterValue required="false" variableLength="false">ForceAccessCheck</command:parameterValue> <command:parameterValue required="false" variableLength="false">IgnoreImpersonatedDevicemap</command:parameterValue> <command:parameterValue required="false" variableLength="false">DontReparse</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: Close --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Close</maml:name> <maml:description> <maml:para>Close the object immediately and don't pass to the output. This is useful to create permanent objects without needing to close the handle manually.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: Inherit --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Inherit</maml:name> <maml:description> <maml:para>Set to mark the new handle as inheritable. Can be used with ObjectAttributes.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: ScriptBlock --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ScriptBlock</maml:name> <maml:description> <maml:para>Invoke a script block on the created object before writing it to the output. Can be used in combination with the Close to map objects to some value.</maml:para> </maml:description> <command:parameterValue required="true">ScriptBlock</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.ScriptBlock</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Sddl --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Sddl</maml:name> <maml:description> <maml:para>Set to provide an explicit security descriptor to a newly created object in SDDL format.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: SecurityDescriptor --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>SecurityDescriptor</maml:name> <maml:description> <maml:para>Set to provide an explicit security descriptor to a newly created object.</maml:para> </maml:description> <command:parameterValue required="true">SecurityDescriptor</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SecurityDescriptor</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: SecurityQualityOfService --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>SecurityQualityOfService</maml:name> <maml:description> <maml:para>Set to provide an explicit security quality of service when opening files/namedpipes.</maml:para> </maml:description> <command:parameterValue required="true">SecurityQualityOfService</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SecurityQualityOfService</maml:name> <maml:uri /> </dev:type> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <!-- Parameter: EnlistmentGuid --> <command:parameter required="true" globbing="false" pipelineInput="false" position="0"> <maml:name>EnlistmentGuid</maml:name> <maml:description> <maml:para>Specify the Enlistment GUID to open.</maml:para> </maml:description> <command:parameterValue required="true">Guid</command:parameterValue> <dev:type> <maml:name>System.Guid</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>00000000-0000-0000-0000-000000000000</dev:defaultValue> </command:parameter> <!-- Parameter: ResourceManager --> <command:parameter required="true" globbing="false" pipelineInput="false" position="1"> <maml:name>ResourceManager</maml:name> <maml:description> <maml:para>Specify the Transaction Manager containing the Resource Manager.</maml:para> </maml:description> <command:parameterValue required="true">NtResourceManager</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtResourceManager</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Access --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Access</maml:name> <maml:description> <maml:para>Specify the access rights for a new handle when creating/opening an object.</maml:para> <maml:para>Possible values: None, QueryInformation, SetInformation, Recover, SubordinateRights, SuperiorRights, GenericRead, GenericWrite, GenericExecute, GenericAll, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, MaximumAllowed, AccessSystemSecurity</maml:para> </maml:description> <command:parameterValue required="true">EnlistmentAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.EnlistmentAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>MaximumAllowed</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">QueryInformation</command:parameterValue> <command:parameterValue required="false" variableLength="false">SetInformation</command:parameterValue> <command:parameterValue required="false" variableLength="false">Recover</command:parameterValue> <command:parameterValue required="false" variableLength="false">SubordinateRights</command:parameterValue> <command:parameterValue required="false" variableLength="false">SuperiorRights</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> <command:parameterValue required="false" variableLength="false">AccessSystemSecurity</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: AttributeFlags --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ObjectAttributes,AttributesFlags"> <maml:name>AttributeFlags</maml:name> <maml:description> <maml:para>Object Attribute flags used during Open/Create calls.</maml:para> <maml:para>Possible values: None, ProtectClose, Inherit, AuditObjectClose, Permanent, Exclusive, CaseInsensitive, OpenIf, OpenLink, KernelHandle, ForceAccessCheck, IgnoreImpersonatedDevicemap, DontReparse</maml:para> </maml:description> <command:parameterValue required="true">AttributeFlags</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.AttributeFlags</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>CaseInsensitive</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">ProtectClose</command:parameterValue> <command:parameterValue required="false" variableLength="false">Inherit</command:parameterValue> <command:parameterValue required="false" variableLength="false">AuditObjectClose</command:parameterValue> <command:parameterValue required="false" variableLength="false">Permanent</command:parameterValue> <command:parameterValue required="false" variableLength="false">Exclusive</command:parameterValue> <command:parameterValue required="false" variableLength="false">CaseInsensitive</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenIf</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenLink</command:parameterValue> <command:parameterValue required="false" variableLength="false">KernelHandle</command:parameterValue> <command:parameterValue required="false" variableLength="false">ForceAccessCheck</command:parameterValue> <command:parameterValue required="false" variableLength="false">IgnoreImpersonatedDevicemap</command:parameterValue> <command:parameterValue required="false" variableLength="false">DontReparse</command:parameterValue> </command:parameterValueGroup> </command:parameter> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ObjectAttributes,AttributesFlags"> <maml:name>ObjectAttributes</maml:name> <maml:description> <maml:para>Object Attribute flags used during Open/Create calls.</maml:para> <maml:para>Possible values: None, ProtectClose, Inherit, AuditObjectClose, Permanent, Exclusive, CaseInsensitive, OpenIf, OpenLink, KernelHandle, ForceAccessCheck, IgnoreImpersonatedDevicemap, DontReparse</maml:para> <maml:para>This is an alias of the AttributeFlags parameter.</maml:para> </maml:description> <command:parameterValue required="true">AttributeFlags</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.AttributeFlags</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>CaseInsensitive</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">ProtectClose</command:parameterValue> <command:parameterValue required="false" variableLength="false">Inherit</command:parameterValue> <command:parameterValue required="false" variableLength="false">AuditObjectClose</command:parameterValue> <command:parameterValue required="false" variableLength="false">Permanent</command:parameterValue> <command:parameterValue required="false" variableLength="false">Exclusive</command:parameterValue> <command:parameterValue required="false" variableLength="false">CaseInsensitive</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenIf</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenLink</command:parameterValue> <command:parameterValue required="false" variableLength="false">KernelHandle</command:parameterValue> <command:parameterValue required="false" variableLength="false">ForceAccessCheck</command:parameterValue> <command:parameterValue required="false" variableLength="false">IgnoreImpersonatedDevicemap</command:parameterValue> <command:parameterValue required="false" variableLength="false">DontReparse</command:parameterValue> </command:parameterValueGroup> </command:parameter> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ObjectAttributes,AttributesFlags"> <maml:name>AttributesFlags</maml:name> <maml:description> <maml:para>Object Attribute flags used during Open/Create calls.</maml:para> <maml:para>Possible values: None, ProtectClose, Inherit, AuditObjectClose, Permanent, Exclusive, CaseInsensitive, OpenIf, OpenLink, KernelHandle, ForceAccessCheck, IgnoreImpersonatedDevicemap, DontReparse</maml:para> <maml:para>This is an alias of the AttributeFlags parameter.</maml:para> </maml:description> <command:parameterValue required="true">AttributeFlags</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.AttributeFlags</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>CaseInsensitive</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">ProtectClose</command:parameterValue> <command:parameterValue required="false" variableLength="false">Inherit</command:parameterValue> <command:parameterValue required="false" variableLength="false">AuditObjectClose</command:parameterValue> <command:parameterValue required="false" variableLength="false">Permanent</command:parameterValue> <command:parameterValue required="false" variableLength="false">Exclusive</command:parameterValue> <command:parameterValue required="false" variableLength="false">CaseInsensitive</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenIf</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenLink</command:parameterValue> <command:parameterValue required="false" variableLength="false">KernelHandle</command:parameterValue> <command:parameterValue required="false" variableLength="false">ForceAccessCheck</command:parameterValue> <command:parameterValue required="false" variableLength="false">IgnoreImpersonatedDevicemap</command:parameterValue> <command:parameterValue required="false" variableLength="false">DontReparse</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: SecurityDescriptor --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>SecurityDescriptor</maml:name> <maml:description> <maml:para>Set to provide an explicit security descriptor to a newly created object.</maml:para> </maml:description> <command:parameterValue required="true">SecurityDescriptor</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SecurityDescriptor</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Inherit --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Inherit</maml:name> <maml:description> <maml:para>Set to mark the new handle as inheritable. Can be used with ObjectAttributes.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: Sddl --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Sddl</maml:name> <maml:description> <maml:para>Set to provide an explicit security descriptor to a newly created object in SDDL format.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: SecurityQualityOfService --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>SecurityQualityOfService</maml:name> <maml:description> <maml:para>Set to provide an explicit security quality of service when opening files/namedpipes.</maml:para> </maml:description> <command:parameterValue required="true">SecurityQualityOfService</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SecurityQualityOfService</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Close --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Close</maml:name> <maml:description> <maml:para>Close the object immediately and don't pass to the output. This is useful to create permanent objects without needing to close the handle manually.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: ScriptBlock --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ScriptBlock</maml:name> <maml:description> <maml:para>Invoke a script block on the created object before writing it to the output. Can be used in combination with the Close to map objects to some value.</maml:para> </maml:description> <command:parameterValue required="true">ScriptBlock</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.ScriptBlock</maml:name> <maml:uri /> </dev:type> </command:parameter> </command:parameters> <command:inputTypes /> <command:returnValues> <!-- OutputType: NtEnlistment --> <command:returnValue> <dev:type> <maml:name>NtApiDotNet.NtEnlistment</maml:name> <maml:uri /> </dev:type> </command:returnValue> </command:returnValues> <command:examples> <command:example> <maml:title>---------- EXAMPLE 1 ----------</maml:title> <dev:code>$obj = Get-NtEnlistment -ResourceManager $rm</dev:code> <dev:remarks> <maml:para>Get all Enlistment objects from a Resource Manager.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 2 ----------</maml:title> <dev:code>$obj = Get-NtEnlistment -EnlistmentGuid '04422e91-63c2-4025-944d-d66fae133274' -ResourceManager $rm</dev:code> <dev:remarks> <maml:para>Get a Enlistment object from its GUID and Resource Manager.</maml:para> </dev:remarks> </command:example> </command:examples> <maml:relatedLinks> <maml:navigationLink> <maml:linkText>about_ManagingNtObjectLifetime</maml:linkText> </maml:navigationLink> </maml:relatedLinks> </command:command> <!-- Cmdlet: New-NtEnlistment --> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"> <command:details> <command:name>New-NtEnlistment</command:name> <command:verb>New</command:verb> <command:noun>NtEnlistment</command:noun> <maml:description> <maml:para>Creates a new NT Resource Manager object.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>This cmdlet creates a new NT Resource Manager object.</maml:para> </maml:description> <command:syntax> <!-- Parameter set: __AllParameterSets --> <command:syntaxItem> <maml:name>New-NtEnlistment</maml:name> <!-- Parameter: ResourceManager --> <command:parameter required="true" globbing="false" pipelineInput="false" position="0"> <maml:name>ResourceManager</maml:name> <maml:description> <maml:para>Specify the Resource Manager to contain the Enlistment.</maml:para> </maml:description> <command:parameterValue required="true">NtResourceManager</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtResourceManager</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Path --> <command:parameter required="false" globbing="false" pipelineInput="false" position="0"> <maml:name>Path</maml:name> <maml:description> <maml:para>The NT object manager path to the object to use.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Transaction --> <command:parameter required="true" globbing="false" pipelineInput="false" position="1"> <maml:name>Transaction</maml:name> <maml:description> <maml:para>Specify the Transaction to associate with the Enlistment.</maml:para> </maml:description> <command:parameterValue required="true">NtTransaction</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtTransaction</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Access --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Access</maml:name> <maml:description> <maml:para>Specify the access rights for a new handle when creating/opening an object.</maml:para> <maml:para>Possible values: None, QueryInformation, SetInformation, Recover, SubordinateRights, SuperiorRights, GenericRead, GenericWrite, GenericExecute, GenericAll, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, MaximumAllowed, AccessSystemSecurity</maml:para> </maml:description> <command:parameterValue required="true">EnlistmentAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.EnlistmentAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>MaximumAllowed</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">QueryInformation</command:parameterValue> <command:parameterValue required="false" variableLength="false">SetInformation</command:parameterValue> <command:parameterValue required="false" variableLength="false">Recover</command:parameterValue> <command:parameterValue required="false" variableLength="false">SubordinateRights</command:parameterValue> <command:parameterValue required="false" variableLength="false">SuperiorRights</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> <command:parameterValue required="false" variableLength="false">AccessSystemSecurity</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: AttributeFlags --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ObjectAttributes,AttributesFlags"> <maml:name>AttributeFlags</maml:name> <maml:description> <maml:para>Object Attribute flags used during Open/Create calls.</maml:para> <maml:para>Possible values: None, ProtectClose, Inherit, AuditObjectClose, Permanent, Exclusive, CaseInsensitive, OpenIf, OpenLink, KernelHandle, ForceAccessCheck, IgnoreImpersonatedDevicemap, DontReparse</maml:para> </maml:description> <command:parameterValue required="true">AttributeFlags</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.AttributeFlags</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>CaseInsensitive</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">ProtectClose</command:parameterValue> <command:parameterValue required="false" variableLength="false">Inherit</command:parameterValue> <command:parameterValue required="false" variableLength="false">AuditObjectClose</command:parameterValue> <command:parameterValue required="false" variableLength="false">Permanent</command:parameterValue> <command:parameterValue required="false" variableLength="false">Exclusive</command:parameterValue> <command:parameterValue required="false" variableLength="false">CaseInsensitive</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenIf</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenLink</command:parameterValue> <command:parameterValue required="false" variableLength="false">KernelHandle</command:parameterValue> <command:parameterValue required="false" variableLength="false">ForceAccessCheck</command:parameterValue> <command:parameterValue required="false" variableLength="false">IgnoreImpersonatedDevicemap</command:parameterValue> <command:parameterValue required="false" variableLength="false">DontReparse</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: Close --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Close</maml:name> <maml:description> <maml:para>Close the object immediately and don't pass to the output. This is useful to create permanent objects without needing to close the handle manually.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: CloseRoot --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CloseRoot</maml:name> <maml:description> <maml:para>Automatically close the Root object when this cmdlet finishes processing. Useful for pipelines.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: CreateDirectories --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CreateDirectories</maml:name> <maml:description> <maml:para>Create any necessary NtDirectory objects to create the required object. Will return the created directories as well as the object in the output. The new object will be the first entry in the list. This doesn't work when opening an object or creating keys/files.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: CreateFlags --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CreateFlags</maml:name> <maml:description> <maml:para>Specify flags for Enlistment creation.</maml:para> <maml:para>Possible values: None, Superior</maml:para> </maml:description> <command:parameterValue required="true">EnlistmentCreateOptions</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.EnlistmentCreateOptions</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">Superior</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: EnlistmentKey --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>EnlistmentKey</maml:name> <maml:description> <maml:para>Specify a key to associate with the Enlistment.</maml:para> </maml:description> <command:parameterValue required="true">IntPtr</command:parameterValue> <dev:type> <maml:name>System.IntPtr</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>0</dev:defaultValue> </command:parameter> <!-- Parameter: Inherit --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Inherit</maml:name> <maml:description> <maml:para>Set to mark the new handle as inheritable. Can be used with ObjectAttributes.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: NotificationMask --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>NotificationMask</maml:name> <maml:description> <maml:para>Specify the notification mask for the Enlistment creation.</maml:para> <maml:para>Possible values: PrePrepare, Prepare, Commit, Rollback, PrePrepareComplete, PrepareComplete, CommitComplete, RollbackComplete, Recover, SinglePhaseCommit, DelegateCommit, RecoverQuery, EnlistPrePrepare, LastRecover, InDoubt, PropagatePull, PropagatePush, Marshal, EnlistMask, RmDisconnected, TmOnline, CommitRequest, Promote, PromoteNew, RequestOutcome</maml:para> </maml:description> <command:parameterValue required="true">TransactionNotificationMask</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.TransactionNotificationMask</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>0</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">PrePrepare</command:parameterValue> <command:parameterValue required="false" variableLength="false">Prepare</command:parameterValue> <command:parameterValue required="false" variableLength="false">Commit</command:parameterValue> <command:parameterValue required="false" variableLength="false">Rollback</command:parameterValue> <command:parameterValue required="false" variableLength="false">PrePrepareComplete</command:parameterValue> <command:parameterValue required="false" variableLength="false">PrepareComplete</command:parameterValue> <command:parameterValue required="false" variableLength="false">CommitComplete</command:parameterValue> <command:parameterValue required="false" variableLength="false">RollbackComplete</command:parameterValue> <command:parameterValue required="false" variableLength="false">Recover</command:parameterValue> <command:parameterValue required="false" variableLength="false">SinglePhaseCommit</command:parameterValue> <command:parameterValue required="false" variableLength="false">DelegateCommit</command:parameterValue> <command:parameterValue required="false" variableLength="false">RecoverQuery</command:parameterValue> <command:parameterValue required="false" variableLength="false">EnlistPrePrepare</command:parameterValue> <command:parameterValue required="false" variableLength="false">LastRecover</command:parameterValue> <command:parameterValue required="false" variableLength="false">InDoubt</command:parameterValue> <command:parameterValue required="false" variableLength="false">PropagatePull</command:parameterValue> <command:parameterValue required="false" variableLength="false">PropagatePush</command:parameterValue> <command:parameterValue required="false" variableLength="false">Marshal</command:parameterValue> <command:parameterValue required="false" variableLength="false">EnlistMask</command:parameterValue> <command:parameterValue required="false" variableLength="false">RmDisconnected</command:parameterValue> <command:parameterValue required="false" variableLength="false">TmOnline</command:parameterValue> <command:parameterValue required="false" variableLength="false">CommitRequest</command:parameterValue> <command:parameterValue required="false" variableLength="false">Promote</command:parameterValue> <command:parameterValue required="false" variableLength="false">PromoteNew</command:parameterValue> <command:parameterValue required="false" variableLength="false">RequestOutcome</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: Root --> <command:parameter required="false" globbing="false" pipelineInput="true (ByValue)" position="named"> <maml:name>Root</maml:name> <maml:description> <maml:para>An existing open NT object to use when Path is relative.</maml:para> </maml:description> <command:parameterValue required="true">NtObject</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtObject</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: ScriptBlock --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ScriptBlock</maml:name> <maml:description> <maml:para>Invoke a script block on the created object before writing it to the output. Can be used in combination with the Close to map objects to some value.</maml:para> </maml:description> <command:parameterValue required="true">ScriptBlock</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.ScriptBlock</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Sddl --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Sddl</maml:name> <maml:description> <maml:para>Set to provide an explicit security descriptor to a newly created object in SDDL format.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: SecurityDescriptor --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>SecurityDescriptor</maml:name> <maml:description> <maml:para>Set to provide an explicit security descriptor to a newly created object.</maml:para> </maml:description> <command:parameterValue required="true">SecurityDescriptor</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SecurityDescriptor</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: SecurityQualityOfService --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>SecurityQualityOfService</maml:name> <maml:description> <maml:para>Set to provide an explicit security quality of service when opening files/namedpipes.</maml:para> </maml:description> <command:parameterValue required="true">SecurityQualityOfService</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SecurityQualityOfService</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Win32Path --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Win32Path</maml:name> <maml:description> <maml:para>Use a Win32 path for lookups. For NT objects this means relative to BNO, for files means a DOS style path.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <!-- Parameter: ResourceManager --> <command:parameter required="true" globbing="false" pipelineInput="false" position="0"> <maml:name>ResourceManager</maml:name> <maml:description> <maml:para>Specify the Resource Manager to contain the Enlistment.</maml:para> </maml:description> <command:parameterValue required="true">NtResourceManager</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtResourceManager</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Transaction --> <command:parameter required="true" globbing="false" pipelineInput="false" position="1"> <maml:name>Transaction</maml:name> <maml:description> <maml:para>Specify the Transaction to associate with the Enlistment.</maml:para> </maml:description> <command:parameterValue required="true">NtTransaction</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtTransaction</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: CreateFlags --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CreateFlags</maml:name> <maml:description> <maml:para>Specify flags for Enlistment creation.</maml:para> <maml:para>Possible values: None, Superior</maml:para> </maml:description> <command:parameterValue required="true">EnlistmentCreateOptions</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.EnlistmentCreateOptions</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">Superior</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: NotificationMask --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>NotificationMask</maml:name> <maml:description> <maml:para>Specify the notification mask for the Enlistment creation.</maml:para> <maml:para>Possible values: PrePrepare, Prepare, Commit, Rollback, PrePrepareComplete, PrepareComplete, CommitComplete, RollbackComplete, Recover, SinglePhaseCommit, DelegateCommit, RecoverQuery, EnlistPrePrepare, LastRecover, InDoubt, PropagatePull, PropagatePush, Marshal, EnlistMask, RmDisconnected, TmOnline, CommitRequest, Promote, PromoteNew, RequestOutcome</maml:para> </maml:description> <command:parameterValue required="true">TransactionNotificationMask</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.TransactionNotificationMask</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>0</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">PrePrepare</command:parameterValue> <command:parameterValue required="false" variableLength="false">Prepare</command:parameterValue> <command:parameterValue required="false" variableLength="false">Commit</command:parameterValue> <command:parameterValue required="false" variableLength="false">Rollback</command:parameterValue> <command:parameterValue required="false" variableLength="false">PrePrepareComplete</command:parameterValue> <command:parameterValue required="false" variableLength="false">PrepareComplete</command:parameterValue> <command:parameterValue required="false" variableLength="false">CommitComplete</command:parameterValue> <command:parameterValue required="false" variableLength="false">RollbackComplete</command:parameterValue> <command:parameterValue required="false" variableLength="false">Recover</command:parameterValue> <command:parameterValue required="false" variableLength="false">SinglePhaseCommit</command:parameterValue> <command:parameterValue required="false" variableLength="false">DelegateCommit</command:parameterValue> <command:parameterValue required="false" variableLength="false">RecoverQuery</command:parameterValue> <command:parameterValue required="false" variableLength="false">EnlistPrePrepare</command:parameterValue> <command:parameterValue required="false" variableLength="false">LastRecover</command:parameterValue> <command:parameterValue required="false" variableLength="false">InDoubt</command:parameterValue> <command:parameterValue required="false" variableLength="false">PropagatePull</command:parameterValue> <command:parameterValue required="false" variableLength="false">PropagatePush</command:parameterValue> <command:parameterValue required="false" variableLength="false">Marshal</command:parameterValue> <command:parameterValue required="false" variableLength="false">EnlistMask</command:parameterValue> <command:parameterValue required="false" variableLength="false">RmDisconnected</command:parameterValue> <command:parameterValue required="false" variableLength="false">TmOnline</command:parameterValue> <command:parameterValue required="false" variableLength="false">CommitRequest</command:parameterValue> <command:parameterValue required="false" variableLength="false">Promote</command:parameterValue> <command:parameterValue required="false" variableLength="false">PromoteNew</command:parameterValue> <command:parameterValue required="false" variableLength="false">RequestOutcome</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: EnlistmentKey --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>EnlistmentKey</maml:name> <maml:description> <maml:para>Specify a key to associate with the Enlistment.</maml:para> </maml:description> <command:parameterValue required="true">IntPtr</command:parameterValue> <dev:type> <maml:name>System.IntPtr</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>0</dev:defaultValue> </command:parameter> <!-- Parameter: Access --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Access</maml:name> <maml:description> <maml:para>Specify the access rights for a new handle when creating/opening an object.</maml:para> <maml:para>Possible values: None, QueryInformation, SetInformation, Recover, SubordinateRights, SuperiorRights, GenericRead, GenericWrite, GenericExecute, GenericAll, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, MaximumAllowed, AccessSystemSecurity</maml:para> </maml:description> <command:parameterValue required="true">EnlistmentAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.EnlistmentAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>MaximumAllowed</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">QueryInformation</command:parameterValue> <command:parameterValue required="false" variableLength="false">SetInformation</command:parameterValue> <command:parameterValue required="false" variableLength="false">Recover</command:parameterValue> <command:parameterValue required="false" variableLength="false">SubordinateRights</command:parameterValue> <command:parameterValue required="false" variableLength="false">SuperiorRights</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> <command:parameterValue required="false" variableLength="false">AccessSystemSecurity</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: Path --> <command:parameter required="false" globbing="false" pipelineInput="false" position="0"> <maml:name>Path</maml:name> <maml:description> <maml:para>The NT object manager path to the object to use.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Root --> <command:parameter required="false" globbing="false" pipelineInput="true (ByValue)" position="named"> <maml:name>Root</maml:name> <maml:description> <maml:para>An existing open NT object to use when Path is relative.</maml:para> </maml:description> <command:parameterValue required="true">NtObject</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtObject</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Win32Path --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Win32Path</maml:name> <maml:description> <maml:para>Use a Win32 path for lookups. For NT objects this means relative to BNO, for files means a DOS style path.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: CloseRoot --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CloseRoot</maml:name> <maml:description> <maml:para>Automatically close the Root object when this cmdlet finishes processing. Useful for pipelines.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: CreateDirectories --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CreateDirectories</maml:name> <maml:description> <maml:para>Create any necessary NtDirectory objects to create the required object. Will return the created directories as well as the object in the output. The new object will be the first entry in the list. This doesn't work when opening an object or creating keys/files.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: AttributeFlags --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ObjectAttributes,AttributesFlags"> <maml:name>AttributeFlags</maml:name> <maml:description> <maml:para>Object Attribute flags used during Open/Create calls.</maml:para> <maml:para>Possible values: None, ProtectClose, Inherit, AuditObjectClose, Permanent, Exclusive, CaseInsensitive, OpenIf, OpenLink, KernelHandle, ForceAccessCheck, IgnoreImpersonatedDevicemap, DontReparse</maml:para> </maml:description> <command:parameterValue required="true">AttributeFlags</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.AttributeFlags</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>CaseInsensitive</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">ProtectClose</command:parameterValue> <command:parameterValue required="false" variableLength="false">Inherit</command:parameterValue> <command:parameterValue required="false" variableLength="false">AuditObjectClose</command:parameterValue> <command:parameterValue required="false" variableLength="false">Permanent</command:parameterValue> <command:parameterValue required="false" variableLength="false">Exclusive</command:parameterValue> <command:parameterValue required="false" variableLength="false">CaseInsensitive</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenIf</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenLink</command:parameterValue> <command:parameterValue required="false" variableLength="false">KernelHandle</command:parameterValue> <command:parameterValue required="false" variableLength="false">ForceAccessCheck</command:parameterValue> <command:parameterValue required="false" variableLength="false">IgnoreImpersonatedDevicemap</command:parameterValue> <command:parameterValue required="false" variableLength="false">DontReparse</command:parameterValue> </command:parameterValueGroup> </command:parameter> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ObjectAttributes,AttributesFlags"> <maml:name>ObjectAttributes</maml:name> <maml:description> <maml:para>Object Attribute flags used during Open/Create calls.</maml:para> <maml:para>Possible values: None, ProtectClose, Inherit, AuditObjectClose, Permanent, Exclusive, CaseInsensitive, OpenIf, OpenLink, KernelHandle, ForceAccessCheck, IgnoreImpersonatedDevicemap, DontReparse</maml:para> <maml:para>This is an alias of the AttributeFlags parameter.</maml:para> </maml:description> <command:parameterValue required="true">AttributeFlags</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.AttributeFlags</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>CaseInsensitive</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">ProtectClose</command:parameterValue> <command:parameterValue required="false" variableLength="false">Inherit</command:parameterValue> <command:parameterValue required="false" variableLength="false">AuditObjectClose</command:parameterValue> <command:parameterValue required="false" variableLength="false">Permanent</command:parameterValue> <command:parameterValue required="false" variableLength="false">Exclusive</command:parameterValue> <command:parameterValue required="false" variableLength="false">CaseInsensitive</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenIf</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenLink</command:parameterValue> <command:parameterValue required="false" variableLength="false">KernelHandle</command:parameterValue> <command:parameterValue required="false" variableLength="false">ForceAccessCheck</command:parameterValue> <command:parameterValue required="false" variableLength="false">IgnoreImpersonatedDevicemap</command:parameterValue> <command:parameterValue required="false" variableLength="false">DontReparse</command:parameterValue> </command:parameterValueGroup> </command:parameter> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ObjectAttributes,AttributesFlags"> <maml:name>AttributesFlags</maml:name> <maml:description> <maml:para>Object Attribute flags used during Open/Create calls.</maml:para> <maml:para>Possible values: None, ProtectClose, Inherit, AuditObjectClose, Permanent, Exclusive, CaseInsensitive, OpenIf, OpenLink, KernelHandle, ForceAccessCheck, IgnoreImpersonatedDevicemap, DontReparse</maml:para> <maml:para>This is an alias of the AttributeFlags parameter.</maml:para> </maml:description> <command:parameterValue required="true">AttributeFlags</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.AttributeFlags</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>CaseInsensitive</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">ProtectClose</command:parameterValue> <command:parameterValue required="false" variableLength="false">Inherit</command:parameterValue> <command:parameterValue required="false" variableLength="false">AuditObjectClose</command:parameterValue> <command:parameterValue required="false" variableLength="false">Permanent</command:parameterValue> <command:parameterValue required="false" variableLength="false">Exclusive</command:parameterValue> <command:parameterValue required="false" variableLength="false">CaseInsensitive</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenIf</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenLink</command:parameterValue> <command:parameterValue required="false" variableLength="false">KernelHandle</command:parameterValue> <command:parameterValue required="false" variableLength="false">ForceAccessCheck</command:parameterValue> <command:parameterValue required="false" variableLength="false">IgnoreImpersonatedDevicemap</command:parameterValue> <command:parameterValue required="false" variableLength="false">DontReparse</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: SecurityDescriptor --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>SecurityDescriptor</maml:name> <maml:description> <maml:para>Set to provide an explicit security descriptor to a newly created object.</maml:para> </maml:description> <command:parameterValue required="true">SecurityDescriptor</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SecurityDescriptor</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Inherit --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Inherit</maml:name> <maml:description> <maml:para>Set to mark the new handle as inheritable. Can be used with ObjectAttributes.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: Sddl --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Sddl</maml:name> <maml:description> <maml:para>Set to provide an explicit security descriptor to a newly created object in SDDL format.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: SecurityQualityOfService --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>SecurityQualityOfService</maml:name> <maml:description> <maml:para>Set to provide an explicit security quality of service when opening files/namedpipes.</maml:para> </maml:description> <command:parameterValue required="true">SecurityQualityOfService</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SecurityQualityOfService</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Close --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Close</maml:name> <maml:description> <maml:para>Close the object immediately and don't pass to the output. This is useful to create permanent objects without needing to close the handle manually.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: ScriptBlock --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ScriptBlock</maml:name> <maml:description> <maml:para>Invoke a script block on the created object before writing it to the output. Can be used in combination with the Close to map objects to some value.</maml:para> </maml:description> <command:parameterValue required="true">ScriptBlock</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.ScriptBlock</maml:name> <maml:uri /> </dev:type> </command:parameter> </command:parameters> <command:inputTypes> <command:inputType> <dev:type> <maml:name>NtApiDotNet.NtObject</maml:name> <maml:uri /> </dev:type> <maml:description> <maml:para>An existing open NT object to use when Path is relative.</maml:para> </maml:description> </command:inputType> </command:inputTypes> <command:returnValues> <!-- OutputType: NtEnlistment --> <command:returnValue> <dev:type> <maml:name>NtApiDotNet.NtEnlistment</maml:name> <maml:uri /> </dev:type> </command:returnValue> </command:returnValues> <command:examples> <command:example> <maml:title>---------- EXAMPLE 1 ----------</maml:title> <dev:code>$obj = New-NtEnlistment -ResourceManager $rm -Transaction $t </dev:code> <dev:remarks> <maml:para>Create an Enslitment with a Resource Manager and Transaction.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 2 ----------</maml:title> <dev:code>$obj = New-NtEnlistment -AutoGenerateGuid -TransactionManager $tm </dev:code> <dev:remarks> <maml:para>Create a Resource Manager object with an auto-generated GUID.</maml:para> </dev:remarks> </command:example> </command:examples> <maml:relatedLinks> <maml:navigationLink> <maml:linkText>about_ManagingNtObjectLifetime</maml:linkText> </maml:navigationLink> </maml:relatedLinks> </command:command> <!-- Cmdlet: Get-NtEvent --> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"> <command:details> <command:name>Get-NtEvent</command:name> <command:verb>Get</command:verb> <command:noun>NtEvent</command:noun> <maml:description> <maml:para>Open a NT event object by path.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>This cmdlet opens an existing NT event object. The absolute path to the object in the NT object manager name space must be specified. It's also possible to create the object relative to an existing object by specified the -Root parameter.</maml:para> </maml:description> <command:syntax> <!-- Parameter set: __AllParameterSets --> <command:syntaxItem> <maml:name>Get-NtEvent</maml:name> <!-- Parameter: Path --> <command:parameter required="true" globbing="false" pipelineInput="false" position="0"> <maml:name>Path</maml:name> <maml:description> <maml:para>The NT object manager path to the object to use.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Access --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Access</maml:name> <maml:description> <maml:para>Specify the access rights for a new handle when creating/opening an object.</maml:para> <maml:para>Possible values: QueryState, ModifyState, GenericRead, GenericWrite, GenericExecute, GenericAll, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, MaximumAllowed, AccessSystemSecurity</maml:para> </maml:description> <command:parameterValue required="true">EventAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.EventAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>MaximumAllowed</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">QueryState</command:parameterValue> <command:parameterValue required="false" variableLength="false">ModifyState</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> <command:parameterValue required="false" variableLength="false">AccessSystemSecurity</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: AttributeFlags --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ObjectAttributes,AttributesFlags"> <maml:name>AttributeFlags</maml:name> <maml:description> <maml:para>Object Attribute flags used during Open/Create calls.</maml:para> <maml:para>Possible values: None, ProtectClose, Inherit, AuditObjectClose, Permanent, Exclusive, CaseInsensitive, OpenIf, OpenLink, KernelHandle, ForceAccessCheck, IgnoreImpersonatedDevicemap, DontReparse</maml:para> </maml:description> <command:parameterValue required="true">AttributeFlags</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.AttributeFlags</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>CaseInsensitive</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">ProtectClose</command:parameterValue> <command:parameterValue required="false" variableLength="false">Inherit</command:parameterValue> <command:parameterValue required="false" variableLength="false">AuditObjectClose</command:parameterValue> <command:parameterValue required="false" variableLength="false">Permanent</command:parameterValue> <command:parameterValue required="false" variableLength="false">Exclusive</command:parameterValue> <command:parameterValue required="false" variableLength="false">CaseInsensitive</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenIf</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenLink</command:parameterValue> <command:parameterValue required="false" variableLength="false">KernelHandle</command:parameterValue> <command:parameterValue required="false" variableLength="false">ForceAccessCheck</command:parameterValue> <command:parameterValue required="false" variableLength="false">IgnoreImpersonatedDevicemap</command:parameterValue> <command:parameterValue required="false" variableLength="false">DontReparse</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: Close --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Close</maml:name> <maml:description> <maml:para>Close the object immediately and don't pass to the output. This is useful to create permanent objects without needing to close the handle manually.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: CloseRoot --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CloseRoot</maml:name> <maml:description> <maml:para>Automatically close the Root object when this cmdlet finishes processing. Useful for pipelines.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: CreateDirectories --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CreateDirectories</maml:name> <maml:description> <maml:para>Create any necessary NtDirectory objects to create the required object. Will return the created directories as well as the object in the output. The new object will be the first entry in the list. This doesn't work when opening an object or creating keys/files.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: Inherit --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Inherit</maml:name> <maml:description> <maml:para>Set to mark the new handle as inheritable. Can be used with ObjectAttributes.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: Root --> <command:parameter required="false" globbing="false" pipelineInput="true (ByValue)" position="named"> <maml:name>Root</maml:name> <maml:description> <maml:para>An existing open NT object to use when Path is relative.</maml:para> </maml:description> <command:parameterValue required="true">NtObject</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtObject</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: ScriptBlock --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ScriptBlock</maml:name> <maml:description> <maml:para>Invoke a script block on the created object before writing it to the output. Can be used in combination with the Close to map objects to some value.</maml:para> </maml:description> <command:parameterValue required="true">ScriptBlock</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.ScriptBlock</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Sddl --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Sddl</maml:name> <maml:description> <maml:para>Set to provide an explicit security descriptor to a newly created object in SDDL format.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: SecurityDescriptor --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>SecurityDescriptor</maml:name> <maml:description> <maml:para>Set to provide an explicit security descriptor to a newly created object.</maml:para> </maml:description> <command:parameterValue required="true">SecurityDescriptor</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SecurityDescriptor</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: SecurityQualityOfService --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>SecurityQualityOfService</maml:name> <maml:description> <maml:para>Set to provide an explicit security quality of service when opening files/namedpipes.</maml:para> </maml:description> <command:parameterValue required="true">SecurityQualityOfService</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SecurityQualityOfService</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Win32Path --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Win32Path</maml:name> <maml:description> <maml:para>Use a Win32 path for lookups. For NT objects this means relative to BNO, for files means a DOS style path.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <!-- Parameter: Path --> <command:parameter required="true" globbing="false" pipelineInput="false" position="0"> <maml:name>Path</maml:name> <maml:description> <maml:para>The NT object manager path to the object to use.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Access --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Access</maml:name> <maml:description> <maml:para>Specify the access rights for a new handle when creating/opening an object.</maml:para> <maml:para>Possible values: QueryState, ModifyState, GenericRead, GenericWrite, GenericExecute, GenericAll, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, MaximumAllowed, AccessSystemSecurity</maml:para> </maml:description> <command:parameterValue required="true">EventAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.EventAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>MaximumAllowed</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">QueryState</command:parameterValue> <command:parameterValue required="false" variableLength="false">ModifyState</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> <command:parameterValue required="false" variableLength="false">AccessSystemSecurity</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: Root --> <command:parameter required="false" globbing="false" pipelineInput="true (ByValue)" position="named"> <maml:name>Root</maml:name> <maml:description> <maml:para>An existing open NT object to use when Path is relative.</maml:para> </maml:description> <command:parameterValue required="true">NtObject</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtObject</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Win32Path --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Win32Path</maml:name> <maml:description> <maml:para>Use a Win32 path for lookups. For NT objects this means relative to BNO, for files means a DOS style path.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: CloseRoot --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CloseRoot</maml:name> <maml:description> <maml:para>Automatically close the Root object when this cmdlet finishes processing. Useful for pipelines.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: CreateDirectories --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CreateDirectories</maml:name> <maml:description> <maml:para>Create any necessary NtDirectory objects to create the required object. Will return the created directories as well as the object in the output. The new object will be the first entry in the list. This doesn't work when opening an object or creating keys/files.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: AttributeFlags --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ObjectAttributes,AttributesFlags"> <maml:name>AttributeFlags</maml:name> <maml:description> <maml:para>Object Attribute flags used during Open/Create calls.</maml:para> <maml:para>Possible values: None, ProtectClose, Inherit, AuditObjectClose, Permanent, Exclusive, CaseInsensitive, OpenIf, OpenLink, KernelHandle, ForceAccessCheck, IgnoreImpersonatedDevicemap, DontReparse</maml:para> </maml:description> <command:parameterValue required="true">AttributeFlags</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.AttributeFlags</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>CaseInsensitive</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">ProtectClose</command:parameterValue> <command:parameterValue required="false" variableLength="false">Inherit</command:parameterValue> <command:parameterValue required="false" variableLength="false">AuditObjectClose</command:parameterValue> <command:parameterValue required="false" variableLength="false">Permanent</command:parameterValue> <command:parameterValue required="false" variableLength="false">Exclusive</command:parameterValue> <command:parameterValue required="false" variableLength="false">CaseInsensitive</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenIf</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenLink</command:parameterValue> <command:parameterValue required="false" variableLength="false">KernelHandle</command:parameterValue> <command:parameterValue required="false" variableLength="false">ForceAccessCheck</command:parameterValue> <command:parameterValue required="false" variableLength="false">IgnoreImpersonatedDevicemap</command:parameterValue> <command:parameterValue required="false" variableLength="false">DontReparse</command:parameterValue> </command:parameterValueGroup> </command:parameter> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ObjectAttributes,AttributesFlags"> <maml:name>ObjectAttributes</maml:name> <maml:description> <maml:para>Object Attribute flags used during Open/Create calls.</maml:para> <maml:para>Possible values: None, ProtectClose, Inherit, AuditObjectClose, Permanent, Exclusive, CaseInsensitive, OpenIf, OpenLink, KernelHandle, ForceAccessCheck, IgnoreImpersonatedDevicemap, DontReparse</maml:para> <maml:para>This is an alias of the AttributeFlags parameter.</maml:para> </maml:description> <command:parameterValue required="true">AttributeFlags</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.AttributeFlags</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>CaseInsensitive</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">ProtectClose</command:parameterValue> <command:parameterValue required="false" variableLength="false">Inherit</command:parameterValue> <command:parameterValue required="false" variableLength="false">AuditObjectClose</command:parameterValue> <command:parameterValue required="false" variableLength="false">Permanent</command:parameterValue> <command:parameterValue required="false" variableLength="false">Exclusive</command:parameterValue> <command:parameterValue required="false" variableLength="false">CaseInsensitive</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenIf</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenLink</command:parameterValue> <command:parameterValue required="false" variableLength="false">KernelHandle</command:parameterValue> <command:parameterValue required="false" variableLength="false">ForceAccessCheck</command:parameterValue> <command:parameterValue required="false" variableLength="false">IgnoreImpersonatedDevicemap</command:parameterValue> <command:parameterValue required="false" variableLength="false">DontReparse</command:parameterValue> </command:parameterValueGroup> </command:parameter> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ObjectAttributes,AttributesFlags"> <maml:name>AttributesFlags</maml:name> <maml:description> <maml:para>Object Attribute flags used during Open/Create calls.</maml:para> <maml:para>Possible values: None, ProtectClose, Inherit, AuditObjectClose, Permanent, Exclusive, CaseInsensitive, OpenIf, OpenLink, KernelHandle, ForceAccessCheck, IgnoreImpersonatedDevicemap, DontReparse</maml:para> <maml:para>This is an alias of the AttributeFlags parameter.</maml:para> </maml:description> <command:parameterValue required="true">AttributeFlags</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.AttributeFlags</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>CaseInsensitive</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">ProtectClose</command:parameterValue> <command:parameterValue required="false" variableLength="false">Inherit</command:parameterValue> <command:parameterValue required="false" variableLength="false">AuditObjectClose</command:parameterValue> <command:parameterValue required="false" variableLength="false">Permanent</command:parameterValue> <command:parameterValue required="false" variableLength="false">Exclusive</command:parameterValue> <command:parameterValue required="false" variableLength="false">CaseInsensitive</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenIf</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenLink</command:parameterValue> <command:parameterValue required="false" variableLength="false">KernelHandle</command:parameterValue> <command:parameterValue required="false" variableLength="false">ForceAccessCheck</command:parameterValue> <command:parameterValue required="false" variableLength="false">IgnoreImpersonatedDevicemap</command:parameterValue> <command:parameterValue required="false" variableLength="false">DontReparse</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: SecurityDescriptor --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>SecurityDescriptor</maml:name> <maml:description> <maml:para>Set to provide an explicit security descriptor to a newly created object.</maml:para> </maml:description> <command:parameterValue required="true">SecurityDescriptor</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SecurityDescriptor</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Inherit --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Inherit</maml:name> <maml:description> <maml:para>Set to mark the new handle as inheritable. Can be used with ObjectAttributes.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: Sddl --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Sddl</maml:name> <maml:description> <maml:para>Set to provide an explicit security descriptor to a newly created object in SDDL format.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: SecurityQualityOfService --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>SecurityQualityOfService</maml:name> <maml:description> <maml:para>Set to provide an explicit security quality of service when opening files/namedpipes.</maml:para> </maml:description> <command:parameterValue required="true">SecurityQualityOfService</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SecurityQualityOfService</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Close --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Close</maml:name> <maml:description> <maml:para>Close the object immediately and don't pass to the output. This is useful to create permanent objects without needing to close the handle manually.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: ScriptBlock --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ScriptBlock</maml:name> <maml:description> <maml:para>Invoke a script block on the created object before writing it to the output. Can be used in combination with the Close to map objects to some value.</maml:para> </maml:description> <command:parameterValue required="true">ScriptBlock</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.ScriptBlock</maml:name> <maml:uri /> </dev:type> </command:parameter> </command:parameters> <command:inputTypes> <command:inputType> <dev:type> <maml:name>NtApiDotNet.NtObject</maml:name> <maml:uri /> </dev:type> <maml:description> <maml:para>An existing open NT object to use when Path is relative.</maml:para> </maml:description> </command:inputType> </command:inputTypes> <command:returnValues> <!-- OutputType: NtEvent --> <command:returnValue> <dev:type> <maml:name>NtApiDotNet.NtEvent</maml:name> <maml:uri /> </dev:type> </command:returnValue> </command:returnValues> <command:examples> <command:example> <maml:title>---------- EXAMPLE 1 ----------</maml:title> <dev:code>$obj = Get-NtEvent \BaseNamedObjects\ABC</dev:code> <dev:remarks> <maml:para>Get an event object with an absolute path.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 2 ----------</maml:title> <dev:code>$root = Get-NtDirectory \BaseNamedObjects $obj = Get-NtEvent ABC -Root $root</dev:code> <dev:remarks> <maml:para>Get an event object with a relative path.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 3 ----------</maml:title> <dev:code>$obj = Get-NtEvent -Path \BaseNamedObjects\ABC $obj.Wait()</dev:code> <dev:remarks> <maml:para>Get an event object, wait for it to be set.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 4 ----------</maml:title> <dev:code>$obj = Get-NtEvent -Path \BaseNamedObjects\ABC $obj.Set()</dev:code> <dev:remarks> <maml:para>Get an event object, and set it.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 5 ----------</maml:title> <dev:code>cd NtObject:\BaseNamedObjects $obj = Get-NtEvent ABC</dev:code> <dev:remarks> <maml:para>Get an event object with a relative path based on the current location.</maml:para> </dev:remarks> </command:example> </command:examples> <maml:relatedLinks> <maml:navigationLink> <maml:linkText>about_ManagingNtObjectLifetime</maml:linkText> </maml:navigationLink> </maml:relatedLinks> </command:command> <!-- Cmdlet: New-NtEvent --> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"> <command:details> <command:name>New-NtEvent</command:name> <command:verb>New</command:verb> <command:noun>NtEvent</command:noun> <maml:description> <maml:para>Create a new NT event object.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>This cmdlet creates a new NT event object. The absolute path to the object in the NT object manager name space can be specified. It's also possible to create the object relative to an existing object by specified the -Root parameter. If no path is specified than an unnamed object will be created which can only be duplicated by handle.</maml:para> </maml:description> <command:syntax> <!-- Parameter set: __AllParameterSets --> <command:syntaxItem> <maml:name>New-NtEvent</maml:name> <!-- Parameter: Path --> <command:parameter required="false" globbing="false" pipelineInput="false" position="0"> <maml:name>Path</maml:name> <maml:description> <maml:para>The NT object manager path to the object to use.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Access --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Access</maml:name> <maml:description> <maml:para>Specify the access rights for a new handle when creating/opening an object.</maml:para> <maml:para>Possible values: QueryState, ModifyState, GenericRead, GenericWrite, GenericExecute, GenericAll, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, MaximumAllowed, AccessSystemSecurity</maml:para> </maml:description> <command:parameterValue required="true">EventAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.EventAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>MaximumAllowed</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">QueryState</command:parameterValue> <command:parameterValue required="false" variableLength="false">ModifyState</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> <command:parameterValue required="false" variableLength="false">AccessSystemSecurity</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: AttributeFlags --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ObjectAttributes,AttributesFlags"> <maml:name>AttributeFlags</maml:name> <maml:description> <maml:para>Object Attribute flags used during Open/Create calls.</maml:para> <maml:para>Possible values: None, ProtectClose, Inherit, AuditObjectClose, Permanent, Exclusive, CaseInsensitive, OpenIf, OpenLink, KernelHandle, ForceAccessCheck, IgnoreImpersonatedDevicemap, DontReparse</maml:para> </maml:description> <command:parameterValue required="true">AttributeFlags</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.AttributeFlags</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>CaseInsensitive</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">ProtectClose</command:parameterValue> <command:parameterValue required="false" variableLength="false">Inherit</command:parameterValue> <command:parameterValue required="false" variableLength="false">AuditObjectClose</command:parameterValue> <command:parameterValue required="false" variableLength="false">Permanent</command:parameterValue> <command:parameterValue required="false" variableLength="false">Exclusive</command:parameterValue> <command:parameterValue required="false" variableLength="false">CaseInsensitive</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenIf</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenLink</command:parameterValue> <command:parameterValue required="false" variableLength="false">KernelHandle</command:parameterValue> <command:parameterValue required="false" variableLength="false">ForceAccessCheck</command:parameterValue> <command:parameterValue required="false" variableLength="false">IgnoreImpersonatedDevicemap</command:parameterValue> <command:parameterValue required="false" variableLength="false">DontReparse</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: Close --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Close</maml:name> <maml:description> <maml:para>Close the object immediately and don't pass to the output. This is useful to create permanent objects without needing to close the handle manually.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: CloseRoot --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CloseRoot</maml:name> <maml:description> <maml:para>Automatically close the Root object when this cmdlet finishes processing. Useful for pipelines.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: CreateDirectories --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CreateDirectories</maml:name> <maml:description> <maml:para>Create any necessary NtDirectory objects to create the required object. Will return the created directories as well as the object in the output. The new object will be the first entry in the list. This doesn't work when opening an object or creating keys/files.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: EventType --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>EventType</maml:name> <maml:description> <maml:para>The type of event to create.</maml:para> <maml:para>Possible values: NotificationEvent, SynchronizationEvent</maml:para> </maml:description> <command:parameterValue required="true">EventType</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.EventType</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>NotificationEvent</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">NotificationEvent</command:parameterValue> <command:parameterValue required="false" variableLength="false">SynchronizationEvent</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: Inherit --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Inherit</maml:name> <maml:description> <maml:para>Set to mark the new handle as inheritable. Can be used with ObjectAttributes.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: InitialState --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>InitialState</maml:name> <maml:description> <maml:para>The initial state of the event object.</maml:para> </maml:description> <command:parameterValue required="true">bool</command:parameterValue> <dev:type> <maml:name>System.Boolean</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: Root --> <command:parameter required="false" globbing="false" pipelineInput="true (ByValue)" position="named"> <maml:name>Root</maml:name> <maml:description> <maml:para>An existing open NT object to use when Path is relative.</maml:para> </maml:description> <command:parameterValue required="true">NtObject</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtObject</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: ScriptBlock --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ScriptBlock</maml:name> <maml:description> <maml:para>Invoke a script block on the created object before writing it to the output. Can be used in combination with the Close to map objects to some value.</maml:para> </maml:description> <command:parameterValue required="true">ScriptBlock</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.ScriptBlock</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Sddl --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Sddl</maml:name> <maml:description> <maml:para>Set to provide an explicit security descriptor to a newly created object in SDDL format.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: SecurityDescriptor --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>SecurityDescriptor</maml:name> <maml:description> <maml:para>Set to provide an explicit security descriptor to a newly created object.</maml:para> </maml:description> <command:parameterValue required="true">SecurityDescriptor</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SecurityDescriptor</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: SecurityQualityOfService --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>SecurityQualityOfService</maml:name> <maml:description> <maml:para>Set to provide an explicit security quality of service when opening files/namedpipes.</maml:para> </maml:description> <command:parameterValue required="true">SecurityQualityOfService</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SecurityQualityOfService</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Win32Path --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Win32Path</maml:name> <maml:description> <maml:para>Use a Win32 path for lookups. For NT objects this means relative to BNO, for files means a DOS style path.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <!-- Parameter: InitialState --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>InitialState</maml:name> <maml:description> <maml:para>The initial state of the event object.</maml:para> </maml:description> <command:parameterValue required="true">bool</command:parameterValue> <dev:type> <maml:name>System.Boolean</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: EventType --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>EventType</maml:name> <maml:description> <maml:para>The type of event to create.</maml:para> <maml:para>Possible values: NotificationEvent, SynchronizationEvent</maml:para> </maml:description> <command:parameterValue required="true">EventType</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.EventType</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>NotificationEvent</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">NotificationEvent</command:parameterValue> <command:parameterValue required="false" variableLength="false">SynchronizationEvent</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: Access --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Access</maml:name> <maml:description> <maml:para>Specify the access rights for a new handle when creating/opening an object.</maml:para> <maml:para>Possible values: QueryState, ModifyState, GenericRead, GenericWrite, GenericExecute, GenericAll, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, MaximumAllowed, AccessSystemSecurity</maml:para> </maml:description> <command:parameterValue required="true">EventAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.EventAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>MaximumAllowed</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">QueryState</command:parameterValue> <command:parameterValue required="false" variableLength="false">ModifyState</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> <command:parameterValue required="false" variableLength="false">AccessSystemSecurity</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: Path --> <command:parameter required="false" globbing="false" pipelineInput="false" position="0"> <maml:name>Path</maml:name> <maml:description> <maml:para>The NT object manager path to the object to use.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Root --> <command:parameter required="false" globbing="false" pipelineInput="true (ByValue)" position="named"> <maml:name>Root</maml:name> <maml:description> <maml:para>An existing open NT object to use when Path is relative.</maml:para> </maml:description> <command:parameterValue required="true">NtObject</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtObject</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Win32Path --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Win32Path</maml:name> <maml:description> <maml:para>Use a Win32 path for lookups. For NT objects this means relative to BNO, for files means a DOS style path.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: CloseRoot --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CloseRoot</maml:name> <maml:description> <maml:para>Automatically close the Root object when this cmdlet finishes processing. Useful for pipelines.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: CreateDirectories --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CreateDirectories</maml:name> <maml:description> <maml:para>Create any necessary NtDirectory objects to create the required object. Will return the created directories as well as the object in the output. The new object will be the first entry in the list. This doesn't work when opening an object or creating keys/files.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: AttributeFlags --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ObjectAttributes,AttributesFlags"> <maml:name>AttributeFlags</maml:name> <maml:description> <maml:para>Object Attribute flags used during Open/Create calls.</maml:para> <maml:para>Possible values: None, ProtectClose, Inherit, AuditObjectClose, Permanent, Exclusive, CaseInsensitive, OpenIf, OpenLink, KernelHandle, ForceAccessCheck, IgnoreImpersonatedDevicemap, DontReparse</maml:para> </maml:description> <command:parameterValue required="true">AttributeFlags</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.AttributeFlags</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>CaseInsensitive</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">ProtectClose</command:parameterValue> <command:parameterValue required="false" variableLength="false">Inherit</command:parameterValue> <command:parameterValue required="false" variableLength="false">AuditObjectClose</command:parameterValue> <command:parameterValue required="false" variableLength="false">Permanent</command:parameterValue> <command:parameterValue required="false" variableLength="false">Exclusive</command:parameterValue> <command:parameterValue required="false" variableLength="false">CaseInsensitive</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenIf</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenLink</command:parameterValue> <command:parameterValue required="false" variableLength="false">KernelHandle</command:parameterValue> <command:parameterValue required="false" variableLength="false">ForceAccessCheck</command:parameterValue> <command:parameterValue required="false" variableLength="false">IgnoreImpersonatedDevicemap</command:parameterValue> <command:parameterValue required="false" variableLength="false">DontReparse</command:parameterValue> </command:parameterValueGroup> </command:parameter> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ObjectAttributes,AttributesFlags"> <maml:name>ObjectAttributes</maml:name> <maml:description> <maml:para>Object Attribute flags used during Open/Create calls.</maml:para> <maml:para>Possible values: None, ProtectClose, Inherit, AuditObjectClose, Permanent, Exclusive, CaseInsensitive, OpenIf, OpenLink, KernelHandle, ForceAccessCheck, IgnoreImpersonatedDevicemap, DontReparse</maml:para> <maml:para>This is an alias of the AttributeFlags parameter.</maml:para> </maml:description> <command:parameterValue required="true">AttributeFlags</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.AttributeFlags</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>CaseInsensitive</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">ProtectClose</command:parameterValue> <command:parameterValue required="false" variableLength="false">Inherit</command:parameterValue> <command:parameterValue required="false" variableLength="false">AuditObjectClose</command:parameterValue> <command:parameterValue required="false" variableLength="false">Permanent</command:parameterValue> <command:parameterValue required="false" variableLength="false">Exclusive</command:parameterValue> <command:parameterValue required="false" variableLength="false">CaseInsensitive</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenIf</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenLink</command:parameterValue> <command:parameterValue required="false" variableLength="false">KernelHandle</command:parameterValue> <command:parameterValue required="false" variableLength="false">ForceAccessCheck</command:parameterValue> <command:parameterValue required="false" variableLength="false">IgnoreImpersonatedDevicemap</command:parameterValue> <command:parameterValue required="false" variableLength="false">DontReparse</command:parameterValue> </command:parameterValueGroup> </command:parameter> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ObjectAttributes,AttributesFlags"> <maml:name>AttributesFlags</maml:name> <maml:description> <maml:para>Object Attribute flags used during Open/Create calls.</maml:para> <maml:para>Possible values: None, ProtectClose, Inherit, AuditObjectClose, Permanent, Exclusive, CaseInsensitive, OpenIf, OpenLink, KernelHandle, ForceAccessCheck, IgnoreImpersonatedDevicemap, DontReparse</maml:para> <maml:para>This is an alias of the AttributeFlags parameter.</maml:para> </maml:description> <command:parameterValue required="true">AttributeFlags</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.AttributeFlags</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>CaseInsensitive</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">ProtectClose</command:parameterValue> <command:parameterValue required="false" variableLength="false">Inherit</command:parameterValue> <command:parameterValue required="false" variableLength="false">AuditObjectClose</command:parameterValue> <command:parameterValue required="false" variableLength="false">Permanent</command:parameterValue> <command:parameterValue required="false" variableLength="false">Exclusive</command:parameterValue> <command:parameterValue required="false" variableLength="false">CaseInsensitive</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenIf</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenLink</command:parameterValue> <command:parameterValue required="false" variableLength="false">KernelHandle</command:parameterValue> <command:parameterValue required="false" variableLength="false">ForceAccessCheck</command:parameterValue> <command:parameterValue required="false" variableLength="false">IgnoreImpersonatedDevicemap</command:parameterValue> <command:parameterValue required="false" variableLength="false">DontReparse</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: SecurityDescriptor --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>SecurityDescriptor</maml:name> <maml:description> <maml:para>Set to provide an explicit security descriptor to a newly created object.</maml:para> </maml:description> <command:parameterValue required="true">SecurityDescriptor</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SecurityDescriptor</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Inherit --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Inherit</maml:name> <maml:description> <maml:para>Set to mark the new handle as inheritable. Can be used with ObjectAttributes.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: Sddl --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Sddl</maml:name> <maml:description> <maml:para>Set to provide an explicit security descriptor to a newly created object in SDDL format.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: SecurityQualityOfService --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>SecurityQualityOfService</maml:name> <maml:description> <maml:para>Set to provide an explicit security quality of service when opening files/namedpipes.</maml:para> </maml:description> <command:parameterValue required="true">SecurityQualityOfService</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SecurityQualityOfService</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Close --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Close</maml:name> <maml:description> <maml:para>Close the object immediately and don't pass to the output. This is useful to create permanent objects without needing to close the handle manually.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: ScriptBlock --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ScriptBlock</maml:name> <maml:description> <maml:para>Invoke a script block on the created object before writing it to the output. Can be used in combination with the Close to map objects to some value.</maml:para> </maml:description> <command:parameterValue required="true">ScriptBlock</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.ScriptBlock</maml:name> <maml:uri /> </dev:type> </command:parameter> </command:parameters> <command:inputTypes> <command:inputType> <dev:type> <maml:name>NtApiDotNet.NtObject</maml:name> <maml:uri /> </dev:type> <maml:description> <maml:para>An existing open NT object to use when Path is relative.</maml:para> </maml:description> </command:inputType> </command:inputTypes> <command:returnValues> <!-- OutputType: NtEvent --> <command:returnValue> <dev:type> <maml:name>NtApiDotNet.NtEvent</maml:name> <maml:uri /> </dev:type> </command:returnValue> </command:returnValues> <command:examples> <command:example> <maml:title>---------- EXAMPLE 1 ----------</maml:title> <dev:code>$obj = New-NtEvent</dev:code> <dev:remarks> <maml:para>Create a new anonymous event object.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 2 ----------</maml:title> <dev:code>$obj = New-NtEvent \BaseNamedObjects\ABC</dev:code> <dev:remarks> <maml:para>Create a new event object with an absolute path.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 3 ----------</maml:title> <dev:code>$root = Get-NtDirectory \BaseNamedObjects $obj = New-NtEvent ABC -Root $root</dev:code> <dev:remarks> <maml:para>Create a new event object with a relative path.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 4 ----------</maml:title> <dev:code>cd NtObject:\BaseNamedObjects $obj = New-NtEvent ABC</dev:code> <dev:remarks> <maml:para>Create a new event object with a relative path based on the current location.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 5 ----------</maml:title> <dev:code>$obj = New-NtEvent -InitialState $true</dev:code> <dev:remarks> <maml:para>Create a new anonymous event object with it initially set.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 6 ----------</maml:title> <dev:code>$obj = New-NtEvent -Path \BaseNamedObjects\ABC $obj.Wait()</dev:code> <dev:remarks> <maml:para>Create a new event object, wait for it to be set.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 7 ----------</maml:title> <dev:code>$obj = New-NtEvent -Path \BaseNamedObjects\ABC $obj.Set()</dev:code> <dev:remarks> <maml:para>Create a new event object, and set it.</maml:para> </dev:remarks> </command:example> </command:examples> <maml:relatedLinks> <maml:navigationLink> <maml:linkText>about_ManagingNtObjectLifetime</maml:linkText> </maml:navigationLink> </maml:relatedLinks> </command:command> <!-- Cmdlet: Get-NtFile --> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"> <command:details> <command:name>Get-NtFile</command:name> <command:verb>Get</command:verb> <command:noun>NtFile</command:noun> <maml:description> <maml:para>Open a existing NT file object.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>This cmdlet opens a existing NT file object. The absolute path to the object in the NT object manager name space can be specified. It's also possible to open the object relative to an existing object by specified the -Root parameter. To simply calling it's also possible to specify the path in a Win32 format when using the -Win32Path parameter.</maml:para> </maml:description> <command:syntax> <!-- Parameter set: __AllParameterSets --> <command:syntaxItem> <maml:name>Get-NtFile</maml:name> <!-- Parameter: Path --> <command:parameter required="true" globbing="false" pipelineInput="false" position="0"> <maml:name>Path</maml:name> <maml:description> <maml:para>The NT object manager path to the object to use.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Access --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Access</maml:name> <maml:description> <maml:para>Specify the access rights for a new handle when creating/opening an object.</maml:para> <maml:para>Possible values: None, ReadData, WriteData, AppendData, ReadEa, WriteEa, Execute, DeleteChild, ReadAttributes, WriteAttributes, GenericRead, GenericWrite, GenericExecute, GenericAll, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, MaximumAllowed, AccessSystemSecurity</maml:para> </maml:description> <command:parameterValue required="true">FileAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.FileAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>MaximumAllowed</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadData</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteData</command:parameterValue> <command:parameterValue required="false" variableLength="false">AppendData</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadEa</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteEa</command:parameterValue> <command:parameterValue required="false" variableLength="false">Execute</command:parameterValue> <command:parameterValue required="false" variableLength="false">DeleteChild</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadAttributes</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteAttributes</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> <command:parameterValue required="false" variableLength="false">AccessSystemSecurity</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: AttributeFlags --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ObjectAttributes,AttributesFlags"> <maml:name>AttributeFlags</maml:name> <maml:description> <maml:para>Object Attribute flags used during Open/Create calls.</maml:para> <maml:para>Possible values: None, ProtectClose, Inherit, AuditObjectClose, Permanent, Exclusive, CaseInsensitive, OpenIf, OpenLink, KernelHandle, ForceAccessCheck, IgnoreImpersonatedDevicemap, DontReparse</maml:para> </maml:description> <command:parameterValue required="true">AttributeFlags</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.AttributeFlags</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>CaseInsensitive</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">ProtectClose</command:parameterValue> <command:parameterValue required="false" variableLength="false">Inherit</command:parameterValue> <command:parameterValue required="false" variableLength="false">AuditObjectClose</command:parameterValue> <command:parameterValue required="false" variableLength="false">Permanent</command:parameterValue> <command:parameterValue required="false" variableLength="false">Exclusive</command:parameterValue> <command:parameterValue required="false" variableLength="false">CaseInsensitive</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenIf</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenLink</command:parameterValue> <command:parameterValue required="false" variableLength="false">KernelHandle</command:parameterValue> <command:parameterValue required="false" variableLength="false">ForceAccessCheck</command:parameterValue> <command:parameterValue required="false" variableLength="false">IgnoreImpersonatedDevicemap</command:parameterValue> <command:parameterValue required="false" variableLength="false">DontReparse</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: Close --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Close</maml:name> <maml:description> <maml:para>Close the object immediately and don't pass to the output. This is useful to create permanent objects without needing to close the handle manually.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: CloseRoot --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CloseRoot</maml:name> <maml:description> <maml:para>Automatically close the Root object when this cmdlet finishes processing. Useful for pipelines.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: CreateDirectories --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CreateDirectories</maml:name> <maml:description> <maml:para>Create any necessary NtDirectory objects to create the required object. Will return the created directories as well as the object in the output. The new object will be the first entry in the list. This doesn't work when opening an object or creating keys/files.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: DeviceGuid --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>DeviceGuid</maml:name> <maml:description> <maml:para>Specify that the path is a device GUID not a full path.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: DirectoryAccess --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>DirectoryAccess</maml:name> <maml:description> <maml:para>Specify file access using directory access rights.</maml:para> <maml:para>Possible values: None, ListDirectory, AddFile, AddSubDirectory, ReadEa, WriteEa, Traverse, DeleteChild, ReadAttributes, WriteAttributes, GenericRead, GenericWrite, GenericExecute, GenericAll, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, MaximumAllowed, AccessSystemSecurity</maml:para> </maml:description> <command:parameterValue required="true">FileDirectoryAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.FileDirectoryAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>MaximumAllowed</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">ListDirectory</command:parameterValue> <command:parameterValue required="false" variableLength="false">AddFile</command:parameterValue> <command:parameterValue required="false" variableLength="false">AddSubDirectory</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadEa</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteEa</command:parameterValue> <command:parameterValue required="false" variableLength="false">Traverse</command:parameterValue> <command:parameterValue required="false" variableLength="false">DeleteChild</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadAttributes</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteAttributes</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> <command:parameterValue required="false" variableLength="false">AccessSystemSecurity</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: Inherit --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Inherit</maml:name> <maml:description> <maml:para>Set to mark the new handle as inheritable. Can be used with ObjectAttributes.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: OpenById --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>OpenById</maml:name> <maml:description> <maml:para>Specify the path is a file id, in string format (e.g. 12345678) or a GUID object id.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: Options --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Options</maml:name> <maml:description> <maml:para>The options to open the file with.</maml:para> <maml:para>Possible values: None, DirectoryFile, WriteThrough, SequentialOnly, NoIntermediateBuffering, SynchronousIoAlert, SynchronousIoNonAlert, NonDirectoryFile, CreateTreeConnection, CompleteIfOplocked, NoEaKnowledge, OpenRemoteInstance, RandomAccess, DeleteOnClose, OpenByFileId, OpenForBackupIntent, NoCompression, OpenRequiringOplock, DisallowExclusive, SessionAware, ReserveOpfilter, OpenReparsePoint, OpenNoRecall, OpenForFreeSpaceQuery</maml:para> </maml:description> <command:parameterValue required="true">FileOpenOptions</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.FileOpenOptions</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">DirectoryFile</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteThrough</command:parameterValue> <command:parameterValue required="false" variableLength="false">SequentialOnly</command:parameterValue> <command:parameterValue required="false" variableLength="false">NoIntermediateBuffering</command:parameterValue> <command:parameterValue required="false" variableLength="false">SynchronousIoAlert</command:parameterValue> <command:parameterValue required="false" variableLength="false">SynchronousIoNonAlert</command:parameterValue> <command:parameterValue required="false" variableLength="false">NonDirectoryFile</command:parameterValue> <command:parameterValue required="false" variableLength="false">CreateTreeConnection</command:parameterValue> <command:parameterValue required="false" variableLength="false">CompleteIfOplocked</command:parameterValue> <command:parameterValue required="false" variableLength="false">NoEaKnowledge</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenRemoteInstance</command:parameterValue> <command:parameterValue required="false" variableLength="false">RandomAccess</command:parameterValue> <command:parameterValue required="false" variableLength="false">DeleteOnClose</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenByFileId</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenForBackupIntent</command:parameterValue> <command:parameterValue required="false" variableLength="false">NoCompression</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenRequiringOplock</command:parameterValue> <command:parameterValue required="false" variableLength="false">DisallowExclusive</command:parameterValue> <command:parameterValue required="false" variableLength="false">SessionAware</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReserveOpfilter</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenReparsePoint</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenNoRecall</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenForFreeSpaceQuery</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: Root --> <command:parameter required="false" globbing="false" pipelineInput="true (ByValue)" position="named"> <maml:name>Root</maml:name> <maml:description> <maml:para>An existing open NT object to use when Path is relative.</maml:para> </maml:description> <command:parameterValue required="true">NtObject</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtObject</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: ScriptBlock --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ScriptBlock</maml:name> <maml:description> <maml:para>Invoke a script block on the created object before writing it to the output. Can be used in combination with the Close to map objects to some value.</maml:para> </maml:description> <command:parameterValue required="true">ScriptBlock</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.ScriptBlock</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Sddl --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Sddl</maml:name> <maml:description> <maml:para>Set to provide an explicit security descriptor to a newly created object in SDDL format.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: SecurityDescriptor --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>SecurityDescriptor</maml:name> <maml:description> <maml:para>Set to provide an explicit security descriptor to a newly created object.</maml:para> </maml:description> <command:parameterValue required="true">SecurityDescriptor</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SecurityDescriptor</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: SecurityQualityOfService --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>SecurityQualityOfService</maml:name> <maml:description> <maml:para>Set to provide an explicit security quality of service when opening files/namedpipes.</maml:para> </maml:description> <command:parameterValue required="true">SecurityQualityOfService</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SecurityQualityOfService</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: ShareMode --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ShareMode</maml:name> <maml:description> <maml:para>The access share mode to open the file with.</maml:para> <maml:para>Possible values: None, Read, Write, Delete, All</maml:para> </maml:description> <command:parameterValue required="true">FileShareMode</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.FileShareMode</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">Read</command:parameterValue> <command:parameterValue required="false" variableLength="false">Write</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">All</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: Transaction --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Transaction</maml:name> <maml:description> <maml:para>Specify a transaction to create the file under.</maml:para> </maml:description> <command:parameterValue required="true">NtTransaction</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtTransaction</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Win32Path --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Win32Path</maml:name> <maml:description> <maml:para>Use a Win32 path for lookups. For NT objects this means relative to BNO, for files means a DOS style path.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <!-- Parameter: Path --> <command:parameter required="true" globbing="false" pipelineInput="false" position="0"> <maml:name>Path</maml:name> <maml:description> <maml:para>The NT object manager path to the object to use.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: DeviceGuid --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>DeviceGuid</maml:name> <maml:description> <maml:para>Specify that the path is a device GUID not a full path.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: OpenById --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>OpenById</maml:name> <maml:description> <maml:para>Specify the path is a file id, in string format (e.g. 12345678) or a GUID object id.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: DirectoryAccess --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>DirectoryAccess</maml:name> <maml:description> <maml:para>Specify file access using directory access rights.</maml:para> <maml:para>Possible values: None, ListDirectory, AddFile, AddSubDirectory, ReadEa, WriteEa, Traverse, DeleteChild, ReadAttributes, WriteAttributes, GenericRead, GenericWrite, GenericExecute, GenericAll, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, MaximumAllowed, AccessSystemSecurity</maml:para> </maml:description> <command:parameterValue required="true">FileDirectoryAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.FileDirectoryAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>MaximumAllowed</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">ListDirectory</command:parameterValue> <command:parameterValue required="false" variableLength="false">AddFile</command:parameterValue> <command:parameterValue required="false" variableLength="false">AddSubDirectory</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadEa</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteEa</command:parameterValue> <command:parameterValue required="false" variableLength="false">Traverse</command:parameterValue> <command:parameterValue required="false" variableLength="false">DeleteChild</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadAttributes</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteAttributes</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> <command:parameterValue required="false" variableLength="false">AccessSystemSecurity</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: ShareMode --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ShareMode</maml:name> <maml:description> <maml:para>The access share mode to open the file with.</maml:para> <maml:para>Possible values: None, Read, Write, Delete, All</maml:para> </maml:description> <command:parameterValue required="true">FileShareMode</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.FileShareMode</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">Read</command:parameterValue> <command:parameterValue required="false" variableLength="false">Write</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">All</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: Options --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Options</maml:name> <maml:description> <maml:para>The options to open the file with.</maml:para> <maml:para>Possible values: None, DirectoryFile, WriteThrough, SequentialOnly, NoIntermediateBuffering, SynchronousIoAlert, SynchronousIoNonAlert, NonDirectoryFile, CreateTreeConnection, CompleteIfOplocked, NoEaKnowledge, OpenRemoteInstance, RandomAccess, DeleteOnClose, OpenByFileId, OpenForBackupIntent, NoCompression, OpenRequiringOplock, DisallowExclusive, SessionAware, ReserveOpfilter, OpenReparsePoint, OpenNoRecall, OpenForFreeSpaceQuery</maml:para> </maml:description> <command:parameterValue required="true">FileOpenOptions</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.FileOpenOptions</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">DirectoryFile</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteThrough</command:parameterValue> <command:parameterValue required="false" variableLength="false">SequentialOnly</command:parameterValue> <command:parameterValue required="false" variableLength="false">NoIntermediateBuffering</command:parameterValue> <command:parameterValue required="false" variableLength="false">SynchronousIoAlert</command:parameterValue> <command:parameterValue required="false" variableLength="false">SynchronousIoNonAlert</command:parameterValue> <command:parameterValue required="false" variableLength="false">NonDirectoryFile</command:parameterValue> <command:parameterValue required="false" variableLength="false">CreateTreeConnection</command:parameterValue> <command:parameterValue required="false" variableLength="false">CompleteIfOplocked</command:parameterValue> <command:parameterValue required="false" variableLength="false">NoEaKnowledge</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenRemoteInstance</command:parameterValue> <command:parameterValue required="false" variableLength="false">RandomAccess</command:parameterValue> <command:parameterValue required="false" variableLength="false">DeleteOnClose</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenByFileId</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenForBackupIntent</command:parameterValue> <command:parameterValue required="false" variableLength="false">NoCompression</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenRequiringOplock</command:parameterValue> <command:parameterValue required="false" variableLength="false">DisallowExclusive</command:parameterValue> <command:parameterValue required="false" variableLength="false">SessionAware</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReserveOpfilter</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenReparsePoint</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenNoRecall</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenForFreeSpaceQuery</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: Transaction --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Transaction</maml:name> <maml:description> <maml:para>Specify a transaction to create the file under.</maml:para> </maml:description> <command:parameterValue required="true">NtTransaction</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtTransaction</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Access --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Access</maml:name> <maml:description> <maml:para>Specify the access rights for a new handle when creating/opening an object.</maml:para> <maml:para>Possible values: None, ReadData, WriteData, AppendData, ReadEa, WriteEa, Execute, DeleteChild, ReadAttributes, WriteAttributes, GenericRead, GenericWrite, GenericExecute, GenericAll, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, MaximumAllowed, AccessSystemSecurity</maml:para> </maml:description> <command:parameterValue required="true">FileAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.FileAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>MaximumAllowed</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadData</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteData</command:parameterValue> <command:parameterValue required="false" variableLength="false">AppendData</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadEa</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteEa</command:parameterValue> <command:parameterValue required="false" variableLength="false">Execute</command:parameterValue> <command:parameterValue required="false" variableLength="false">DeleteChild</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadAttributes</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteAttributes</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> <command:parameterValue required="false" variableLength="false">AccessSystemSecurity</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: Root --> <command:parameter required="false" globbing="false" pipelineInput="true (ByValue)" position="named"> <maml:name>Root</maml:name> <maml:description> <maml:para>An existing open NT object to use when Path is relative.</maml:para> </maml:description> <command:parameterValue required="true">NtObject</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtObject</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Win32Path --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Win32Path</maml:name> <maml:description> <maml:para>Use a Win32 path for lookups. For NT objects this means relative to BNO, for files means a DOS style path.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: CloseRoot --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CloseRoot</maml:name> <maml:description> <maml:para>Automatically close the Root object when this cmdlet finishes processing. Useful for pipelines.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: CreateDirectories --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CreateDirectories</maml:name> <maml:description> <maml:para>Create any necessary NtDirectory objects to create the required object. Will return the created directories as well as the object in the output. The new object will be the first entry in the list. This doesn't work when opening an object or creating keys/files.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: AttributeFlags --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ObjectAttributes,AttributesFlags"> <maml:name>AttributeFlags</maml:name> <maml:description> <maml:para>Object Attribute flags used during Open/Create calls.</maml:para> <maml:para>Possible values: None, ProtectClose, Inherit, AuditObjectClose, Permanent, Exclusive, CaseInsensitive, OpenIf, OpenLink, KernelHandle, ForceAccessCheck, IgnoreImpersonatedDevicemap, DontReparse</maml:para> </maml:description> <command:parameterValue required="true">AttributeFlags</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.AttributeFlags</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>CaseInsensitive</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">ProtectClose</command:parameterValue> <command:parameterValue required="false" variableLength="false">Inherit</command:parameterValue> <command:parameterValue required="false" variableLength="false">AuditObjectClose</command:parameterValue> <command:parameterValue required="false" variableLength="false">Permanent</command:parameterValue> <command:parameterValue required="false" variableLength="false">Exclusive</command:parameterValue> <command:parameterValue required="false" variableLength="false">CaseInsensitive</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenIf</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenLink</command:parameterValue> <command:parameterValue required="false" variableLength="false">KernelHandle</command:parameterValue> <command:parameterValue required="false" variableLength="false">ForceAccessCheck</command:parameterValue> <command:parameterValue required="false" variableLength="false">IgnoreImpersonatedDevicemap</command:parameterValue> <command:parameterValue required="false" variableLength="false">DontReparse</command:parameterValue> </command:parameterValueGroup> </command:parameter> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ObjectAttributes,AttributesFlags"> <maml:name>ObjectAttributes</maml:name> <maml:description> <maml:para>Object Attribute flags used during Open/Create calls.</maml:para> <maml:para>Possible values: None, ProtectClose, Inherit, AuditObjectClose, Permanent, Exclusive, CaseInsensitive, OpenIf, OpenLink, KernelHandle, ForceAccessCheck, IgnoreImpersonatedDevicemap, DontReparse</maml:para> <maml:para>This is an alias of the AttributeFlags parameter.</maml:para> </maml:description> <command:parameterValue required="true">AttributeFlags</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.AttributeFlags</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>CaseInsensitive</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">ProtectClose</command:parameterValue> <command:parameterValue required="false" variableLength="false">Inherit</command:parameterValue> <command:parameterValue required="false" variableLength="false">AuditObjectClose</command:parameterValue> <command:parameterValue required="false" variableLength="false">Permanent</command:parameterValue> <command:parameterValue required="false" variableLength="false">Exclusive</command:parameterValue> <command:parameterValue required="false" variableLength="false">CaseInsensitive</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenIf</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenLink</command:parameterValue> <command:parameterValue required="false" variableLength="false">KernelHandle</command:parameterValue> <command:parameterValue required="false" variableLength="false">ForceAccessCheck</command:parameterValue> <command:parameterValue required="false" variableLength="false">IgnoreImpersonatedDevicemap</command:parameterValue> <command:parameterValue required="false" variableLength="false">DontReparse</command:parameterValue> </command:parameterValueGroup> </command:parameter> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ObjectAttributes,AttributesFlags"> <maml:name>AttributesFlags</maml:name> <maml:description> <maml:para>Object Attribute flags used during Open/Create calls.</maml:para> <maml:para>Possible values: None, ProtectClose, Inherit, AuditObjectClose, Permanent, Exclusive, CaseInsensitive, OpenIf, OpenLink, KernelHandle, ForceAccessCheck, IgnoreImpersonatedDevicemap, DontReparse</maml:para> <maml:para>This is an alias of the AttributeFlags parameter.</maml:para> </maml:description> <command:parameterValue required="true">AttributeFlags</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.AttributeFlags</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>CaseInsensitive</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">ProtectClose</command:parameterValue> <command:parameterValue required="false" variableLength="false">Inherit</command:parameterValue> <command:parameterValue required="false" variableLength="false">AuditObjectClose</command:parameterValue> <command:parameterValue required="false" variableLength="false">Permanent</command:parameterValue> <command:parameterValue required="false" variableLength="false">Exclusive</command:parameterValue> <command:parameterValue required="false" variableLength="false">CaseInsensitive</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenIf</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenLink</command:parameterValue> <command:parameterValue required="false" variableLength="false">KernelHandle</command:parameterValue> <command:parameterValue required="false" variableLength="false">ForceAccessCheck</command:parameterValue> <command:parameterValue required="false" variableLength="false">IgnoreImpersonatedDevicemap</command:parameterValue> <command:parameterValue required="false" variableLength="false">DontReparse</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: SecurityDescriptor --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>SecurityDescriptor</maml:name> <maml:description> <maml:para>Set to provide an explicit security descriptor to a newly created object.</maml:para> </maml:description> <command:parameterValue required="true">SecurityDescriptor</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SecurityDescriptor</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Inherit --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Inherit</maml:name> <maml:description> <maml:para>Set to mark the new handle as inheritable. Can be used with ObjectAttributes.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: Sddl --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Sddl</maml:name> <maml:description> <maml:para>Set to provide an explicit security descriptor to a newly created object in SDDL format.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: SecurityQualityOfService --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>SecurityQualityOfService</maml:name> <maml:description> <maml:para>Set to provide an explicit security quality of service when opening files/namedpipes.</maml:para> </maml:description> <command:parameterValue required="true">SecurityQualityOfService</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SecurityQualityOfService</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Close --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Close</maml:name> <maml:description> <maml:para>Close the object immediately and don't pass to the output. This is useful to create permanent objects without needing to close the handle manually.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: ScriptBlock --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ScriptBlock</maml:name> <maml:description> <maml:para>Invoke a script block on the created object before writing it to the output. Can be used in combination with the Close to map objects to some value.</maml:para> </maml:description> <command:parameterValue required="true">ScriptBlock</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.ScriptBlock</maml:name> <maml:uri /> </dev:type> </command:parameter> </command:parameters> <command:inputTypes> <command:inputType> <dev:type> <maml:name>NtApiDotNet.NtObject</maml:name> <maml:uri /> </dev:type> <maml:description> <maml:para>An existing open NT object to use when Path is relative.</maml:para> </maml:description> </command:inputType> </command:inputTypes> <command:returnValues> <!-- OutputType: NtFile --> <command:returnValue> <dev:type> <maml:name>NtApiDotNet.NtFile</maml:name> <maml:uri /> </dev:type> </command:returnValue> </command:returnValues> <command:examples> <command:example> <maml:title>---------- EXAMPLE 1 ----------</maml:title> <dev:code>$obj = Get-NtFile \??\C:\Windows\Notepad.exe</dev:code> <dev:remarks> <maml:para>Open a file object with an absolute path.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 2 ----------</maml:title> <dev:code>$root = Get-NtFile \??\C:\Windows $obj = Get-NtFile Notepad.exe -Root $root</dev:code> <dev:remarks> <maml:para>Open a file object with a relative path.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 3 ----------</maml:title> <dev:code>$obj = Get-NtFile c:\Windows\Notepad.exe -Win32Path</dev:code> <dev:remarks> <maml:para>Open a file object with an absolute win32 path.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 4 ----------</maml:title> <dev:code>$obj = Get-NtFile ..\..\..\Windows\Notepad.exe -Win32Path</dev:code> <dev:remarks> <maml:para>Open a file object with a relative win32 path.</maml:para> </dev:remarks> </command:example> </command:examples> <maml:relatedLinks> <maml:navigationLink> <maml:linkText>about_ManagingNtObjectLifetime</maml:linkText> </maml:navigationLink> </maml:relatedLinks> </command:command> <!-- Cmdlet: New-NtFile --> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"> <command:details> <command:name>New-NtFile</command:name> <command:verb>New</command:verb> <command:noun>NtFile</command:noun> <maml:description> <maml:para>Create a new NT file object.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>This cmdlet creates a new NT file object. The absolute path to the object in the NT object manager name space can be specified. It's also possible to open the object relative to an existing object by specified the -Root parameter.</maml:para> </maml:description> <command:syntax> <!-- Parameter set: __AllParameterSets --> <command:syntaxItem> <maml:name>New-NtFile</maml:name> <!-- Parameter: Path --> <command:parameter required="true" globbing="false" pipelineInput="false" position="0"> <maml:name>Path</maml:name> <maml:description> <maml:para>The NT object manager path to the object to use.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Access --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Access</maml:name> <maml:description> <maml:para>Specify the access rights for a new handle when creating/opening an object.</maml:para> <maml:para>Possible values: None, ReadData, WriteData, AppendData, ReadEa, WriteEa, Execute, DeleteChild, ReadAttributes, WriteAttributes, GenericRead, GenericWrite, GenericExecute, GenericAll, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, MaximumAllowed, AccessSystemSecurity</maml:para> </maml:description> <command:parameterValue required="true">FileAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.FileAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>MaximumAllowed</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadData</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteData</command:parameterValue> <command:parameterValue required="false" variableLength="false">AppendData</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadEa</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteEa</command:parameterValue> <command:parameterValue required="false" variableLength="false">Execute</command:parameterValue> <command:parameterValue required="false" variableLength="false">DeleteChild</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadAttributes</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteAttributes</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> <command:parameterValue required="false" variableLength="false">AccessSystemSecurity</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: AllocationSize --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>AllocationSize</maml:name> <maml:description> <maml:para>Specify initial allocation size.</maml:para> </maml:description> <command:parameterValue required="true">long</command:parameterValue> <dev:type> <maml:name>System.Int64</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: AttributeFlags --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ObjectAttributes,AttributesFlags"> <maml:name>AttributeFlags</maml:name> <maml:description> <maml:para>Object Attribute flags used during Open/Create calls.</maml:para> <maml:para>Possible values: None, ProtectClose, Inherit, AuditObjectClose, Permanent, Exclusive, CaseInsensitive, OpenIf, OpenLink, KernelHandle, ForceAccessCheck, IgnoreImpersonatedDevicemap, DontReparse</maml:para> </maml:description> <command:parameterValue required="true">AttributeFlags</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.AttributeFlags</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>CaseInsensitive</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">ProtectClose</command:parameterValue> <command:parameterValue required="false" variableLength="false">Inherit</command:parameterValue> <command:parameterValue required="false" variableLength="false">AuditObjectClose</command:parameterValue> <command:parameterValue required="false" variableLength="false">Permanent</command:parameterValue> <command:parameterValue required="false" variableLength="false">Exclusive</command:parameterValue> <command:parameterValue required="false" variableLength="false">CaseInsensitive</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenIf</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenLink</command:parameterValue> <command:parameterValue required="false" variableLength="false">KernelHandle</command:parameterValue> <command:parameterValue required="false" variableLength="false">ForceAccessCheck</command:parameterValue> <command:parameterValue required="false" variableLength="false">IgnoreImpersonatedDevicemap</command:parameterValue> <command:parameterValue required="false" variableLength="false">DontReparse</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: Close --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Close</maml:name> <maml:description> <maml:para>Close the object immediately and don't pass to the output. This is useful to create permanent objects without needing to close the handle manually.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: CloseRoot --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CloseRoot</maml:name> <maml:description> <maml:para>Automatically close the Root object when this cmdlet finishes processing. Useful for pipelines.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: CreateDirectories --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CreateDirectories</maml:name> <maml:description> <maml:para>Create any necessary NtDirectory objects to create the required object. Will return the created directories as well as the object in the output. The new object will be the first entry in the list. This doesn't work when opening an object or creating keys/files.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: DeviceGuid --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>DeviceGuid</maml:name> <maml:description> <maml:para>Specify that the path is a device GUID not a full path.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: Directory --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Directory</maml:name> <maml:description> <maml:para>Specify to create a directory instead of a file.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: DirectoryAccess --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>DirectoryAccess</maml:name> <maml:description> <maml:para>Specify file access using directory access rights.</maml:para> <maml:para>Possible values: None, ListDirectory, AddFile, AddSubDirectory, ReadEa, WriteEa, Traverse, DeleteChild, ReadAttributes, WriteAttributes, GenericRead, GenericWrite, GenericExecute, GenericAll, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, MaximumAllowed, AccessSystemSecurity</maml:para> </maml:description> <command:parameterValue required="true">FileDirectoryAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.FileDirectoryAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>MaximumAllowed</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">ListDirectory</command:parameterValue> <command:parameterValue required="false" variableLength="false">AddFile</command:parameterValue> <command:parameterValue required="false" variableLength="false">AddSubDirectory</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadEa</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteEa</command:parameterValue> <command:parameterValue required="false" variableLength="false">Traverse</command:parameterValue> <command:parameterValue required="false" variableLength="false">DeleteChild</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadAttributes</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteAttributes</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> <command:parameterValue required="false" variableLength="false">AccessSystemSecurity</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: Disposition --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Disposition</maml:name> <maml:description> <maml:para>Specify the disposition for creating the file.</maml:para> <maml:para>Possible values: Supersede, Open, Create, OpenIf, Overwrite, OverwriteIf</maml:para> </maml:description> <command:parameterValue required="true">FileDisposition</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.FileDisposition</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>Create</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">Supersede</command:parameterValue> <command:parameterValue required="false" variableLength="false">Open</command:parameterValue> <command:parameterValue required="false" variableLength="false">Create</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenIf</command:parameterValue> <command:parameterValue required="false" variableLength="false">Overwrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">OverwriteIf</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: EaBuffer --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>EaBuffer</maml:name> <maml:description> <maml:para>Specify an EA buffer to pass to the create file call.</maml:para> </maml:description> <command:parameterValue required="true">EaBuffer</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.EaBuffer</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: FileAttribute --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="Attributes"> <maml:name>FileAttribute</maml:name> <maml:description> <maml:para>Specify the file attributes for the new file.</maml:para> <maml:para>Possible values: None, ReadOnly, Hidden, System, Directory, Archive, Device, Normal, Temporary, SparseFile, ReparsePoint, Compressed, Offline, NotContentIndexed, Encrypted, IntegrityStream, Virtual, NoScrubData, Ea, Pinned, Unpinned, RecallOnDataAccess</maml:para> </maml:description> <command:parameterValue required="true">FileAttributes</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.FileAttributes</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>Normal</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadOnly</command:parameterValue> <command:parameterValue required="false" variableLength="false">Hidden</command:parameterValue> <command:parameterValue required="false" variableLength="false">System</command:parameterValue> <command:parameterValue required="false" variableLength="false">Directory</command:parameterValue> <command:parameterValue required="false" variableLength="false">Archive</command:parameterValue> <command:parameterValue required="false" variableLength="false">Device</command:parameterValue> <command:parameterValue required="false" variableLength="false">Normal</command:parameterValue> <command:parameterValue required="false" variableLength="false">Temporary</command:parameterValue> <command:parameterValue required="false" variableLength="false">SparseFile</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReparsePoint</command:parameterValue> <command:parameterValue required="false" variableLength="false">Compressed</command:parameterValue> <command:parameterValue required="false" variableLength="false">Offline</command:parameterValue> <command:parameterValue required="false" variableLength="false">NotContentIndexed</command:parameterValue> <command:parameterValue required="false" variableLength="false">Encrypted</command:parameterValue> <command:parameterValue required="false" variableLength="false">IntegrityStream</command:parameterValue> <command:parameterValue required="false" variableLength="false">Virtual</command:parameterValue> <command:parameterValue required="false" variableLength="false">NoScrubData</command:parameterValue> <command:parameterValue required="false" variableLength="false">Ea</command:parameterValue> <command:parameterValue required="false" variableLength="false">Pinned</command:parameterValue> <command:parameterValue required="false" variableLength="false">Unpinned</command:parameterValue> <command:parameterValue required="false" variableLength="false">RecallOnDataAccess</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: Inherit --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Inherit</maml:name> <maml:description> <maml:para>Set to mark the new handle as inheritable. Can be used with ObjectAttributes.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: OpenById --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>OpenById</maml:name> <maml:description> <maml:para>Specify the path is a file id, in string format (e.g. 12345678) or a GUID object id.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: Options --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Options</maml:name> <maml:description> <maml:para>The options to open the file with.</maml:para> <maml:para>Possible values: None, DirectoryFile, WriteThrough, SequentialOnly, NoIntermediateBuffering, SynchronousIoAlert, SynchronousIoNonAlert, NonDirectoryFile, CreateTreeConnection, CompleteIfOplocked, NoEaKnowledge, OpenRemoteInstance, RandomAccess, DeleteOnClose, OpenByFileId, OpenForBackupIntent, NoCompression, OpenRequiringOplock, DisallowExclusive, SessionAware, ReserveOpfilter, OpenReparsePoint, OpenNoRecall, OpenForFreeSpaceQuery</maml:para> </maml:description> <command:parameterValue required="true">FileOpenOptions</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.FileOpenOptions</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">DirectoryFile</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteThrough</command:parameterValue> <command:parameterValue required="false" variableLength="false">SequentialOnly</command:parameterValue> <command:parameterValue required="false" variableLength="false">NoIntermediateBuffering</command:parameterValue> <command:parameterValue required="false" variableLength="false">SynchronousIoAlert</command:parameterValue> <command:parameterValue required="false" variableLength="false">SynchronousIoNonAlert</command:parameterValue> <command:parameterValue required="false" variableLength="false">NonDirectoryFile</command:parameterValue> <command:parameterValue required="false" variableLength="false">CreateTreeConnection</command:parameterValue> <command:parameterValue required="false" variableLength="false">CompleteIfOplocked</command:parameterValue> <command:parameterValue required="false" variableLength="false">NoEaKnowledge</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenRemoteInstance</command:parameterValue> <command:parameterValue required="false" variableLength="false">RandomAccess</command:parameterValue> <command:parameterValue required="false" variableLength="false">DeleteOnClose</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenByFileId</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenForBackupIntent</command:parameterValue> <command:parameterValue required="false" variableLength="false">NoCompression</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenRequiringOplock</command:parameterValue> <command:parameterValue required="false" variableLength="false">DisallowExclusive</command:parameterValue> <command:parameterValue required="false" variableLength="false">SessionAware</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReserveOpfilter</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenReparsePoint</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenNoRecall</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenForFreeSpaceQuery</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: Root --> <command:parameter required="false" globbing="false" pipelineInput="true (ByValue)" position="named"> <maml:name>Root</maml:name> <maml:description> <maml:para>An existing open NT object to use when Path is relative.</maml:para> </maml:description> <command:parameterValue required="true">NtObject</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtObject</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: ScriptBlock --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ScriptBlock</maml:name> <maml:description> <maml:para>Invoke a script block on the created object before writing it to the output. Can be used in combination with the Close to map objects to some value.</maml:para> </maml:description> <command:parameterValue required="true">ScriptBlock</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.ScriptBlock</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Sddl --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Sddl</maml:name> <maml:description> <maml:para>Set to provide an explicit security descriptor to a newly created object in SDDL format.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: SecurityDescriptor --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>SecurityDescriptor</maml:name> <maml:description> <maml:para>Set to provide an explicit security descriptor to a newly created object.</maml:para> </maml:description> <command:parameterValue required="true">SecurityDescriptor</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SecurityDescriptor</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: SecurityQualityOfService --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>SecurityQualityOfService</maml:name> <maml:description> <maml:para>Set to provide an explicit security quality of service when opening files/namedpipes.</maml:para> </maml:description> <command:parameterValue required="true">SecurityQualityOfService</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SecurityQualityOfService</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: ShareMode --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ShareMode</maml:name> <maml:description> <maml:para>The access share mode to open the file with.</maml:para> <maml:para>Possible values: None, Read, Write, Delete, All</maml:para> </maml:description> <command:parameterValue required="true">FileShareMode</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.FileShareMode</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">Read</command:parameterValue> <command:parameterValue required="false" variableLength="false">Write</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">All</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: Transaction --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Transaction</maml:name> <maml:description> <maml:para>Specify a transaction to create the file under.</maml:para> </maml:description> <command:parameterValue required="true">NtTransaction</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtTransaction</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Win32Path --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Win32Path</maml:name> <maml:description> <maml:para>Use a Win32 path for lookups. For NT objects this means relative to BNO, for files means a DOS style path.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <!-- Parameter: FileAttribute --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="Attributes"> <maml:name>FileAttribute</maml:name> <maml:description> <maml:para>Specify the file attributes for the new file.</maml:para> <maml:para>Possible values: None, ReadOnly, Hidden, System, Directory, Archive, Device, Normal, Temporary, SparseFile, ReparsePoint, Compressed, Offline, NotContentIndexed, Encrypted, IntegrityStream, Virtual, NoScrubData, Ea, Pinned, Unpinned, RecallOnDataAccess</maml:para> </maml:description> <command:parameterValue required="true">FileAttributes</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.FileAttributes</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>Normal</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadOnly</command:parameterValue> <command:parameterValue required="false" variableLength="false">Hidden</command:parameterValue> <command:parameterValue required="false" variableLength="false">System</command:parameterValue> <command:parameterValue required="false" variableLength="false">Directory</command:parameterValue> <command:parameterValue required="false" variableLength="false">Archive</command:parameterValue> <command:parameterValue required="false" variableLength="false">Device</command:parameterValue> <command:parameterValue required="false" variableLength="false">Normal</command:parameterValue> <command:parameterValue required="false" variableLength="false">Temporary</command:parameterValue> <command:parameterValue required="false" variableLength="false">SparseFile</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReparsePoint</command:parameterValue> <command:parameterValue required="false" variableLength="false">Compressed</command:parameterValue> <command:parameterValue required="false" variableLength="false">Offline</command:parameterValue> <command:parameterValue required="false" variableLength="false">NotContentIndexed</command:parameterValue> <command:parameterValue required="false" variableLength="false">Encrypted</command:parameterValue> <command:parameterValue required="false" variableLength="false">IntegrityStream</command:parameterValue> <command:parameterValue required="false" variableLength="false">Virtual</command:parameterValue> <command:parameterValue required="false" variableLength="false">NoScrubData</command:parameterValue> <command:parameterValue required="false" variableLength="false">Ea</command:parameterValue> <command:parameterValue required="false" variableLength="false">Pinned</command:parameterValue> <command:parameterValue required="false" variableLength="false">Unpinned</command:parameterValue> <command:parameterValue required="false" variableLength="false">RecallOnDataAccess</command:parameterValue> </command:parameterValueGroup> </command:parameter> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="Attributes"> <maml:name>Attributes</maml:name> <maml:description> <maml:para>Specify the file attributes for the new file.</maml:para> <maml:para>Possible values: None, ReadOnly, Hidden, System, Directory, Archive, Device, Normal, Temporary, SparseFile, ReparsePoint, Compressed, Offline, NotContentIndexed, Encrypted, IntegrityStream, Virtual, NoScrubData, Ea, Pinned, Unpinned, RecallOnDataAccess</maml:para> <maml:para>This is an alias of the FileAttribute parameter.</maml:para> </maml:description> <command:parameterValue required="true">FileAttributes</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.FileAttributes</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>Normal</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadOnly</command:parameterValue> <command:parameterValue required="false" variableLength="false">Hidden</command:parameterValue> <command:parameterValue required="false" variableLength="false">System</command:parameterValue> <command:parameterValue required="false" variableLength="false">Directory</command:parameterValue> <command:parameterValue required="false" variableLength="false">Archive</command:parameterValue> <command:parameterValue required="false" variableLength="false">Device</command:parameterValue> <command:parameterValue required="false" variableLength="false">Normal</command:parameterValue> <command:parameterValue required="false" variableLength="false">Temporary</command:parameterValue> <command:parameterValue required="false" variableLength="false">SparseFile</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReparsePoint</command:parameterValue> <command:parameterValue required="false" variableLength="false">Compressed</command:parameterValue> <command:parameterValue required="false" variableLength="false">Offline</command:parameterValue> <command:parameterValue required="false" variableLength="false">NotContentIndexed</command:parameterValue> <command:parameterValue required="false" variableLength="false">Encrypted</command:parameterValue> <command:parameterValue required="false" variableLength="false">IntegrityStream</command:parameterValue> <command:parameterValue required="false" variableLength="false">Virtual</command:parameterValue> <command:parameterValue required="false" variableLength="false">NoScrubData</command:parameterValue> <command:parameterValue required="false" variableLength="false">Ea</command:parameterValue> <command:parameterValue required="false" variableLength="false">Pinned</command:parameterValue> <command:parameterValue required="false" variableLength="false">Unpinned</command:parameterValue> <command:parameterValue required="false" variableLength="false">RecallOnDataAccess</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: Disposition --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Disposition</maml:name> <maml:description> <maml:para>Specify the disposition for creating the file.</maml:para> <maml:para>Possible values: Supersede, Open, Create, OpenIf, Overwrite, OverwriteIf</maml:para> </maml:description> <command:parameterValue required="true">FileDisposition</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.FileDisposition</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>Create</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">Supersede</command:parameterValue> <command:parameterValue required="false" variableLength="false">Open</command:parameterValue> <command:parameterValue required="false" variableLength="false">Create</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenIf</command:parameterValue> <command:parameterValue required="false" variableLength="false">Overwrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">OverwriteIf</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: EaBuffer --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>EaBuffer</maml:name> <maml:description> <maml:para>Specify an EA buffer to pass to the create file call.</maml:para> </maml:description> <command:parameterValue required="true">EaBuffer</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.EaBuffer</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Directory --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Directory</maml:name> <maml:description> <maml:para>Specify to create a directory instead of a file.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: AllocationSize --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>AllocationSize</maml:name> <maml:description> <maml:para>Specify initial allocation size.</maml:para> </maml:description> <command:parameterValue required="true">long</command:parameterValue> <dev:type> <maml:name>System.Int64</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Path --> <command:parameter required="true" globbing="false" pipelineInput="false" position="0"> <maml:name>Path</maml:name> <maml:description> <maml:para>The NT object manager path to the object to use.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: DeviceGuid --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>DeviceGuid</maml:name> <maml:description> <maml:para>Specify that the path is a device GUID not a full path.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: OpenById --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>OpenById</maml:name> <maml:description> <maml:para>Specify the path is a file id, in string format (e.g. 12345678) or a GUID object id.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: DirectoryAccess --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>DirectoryAccess</maml:name> <maml:description> <maml:para>Specify file access using directory access rights.</maml:para> <maml:para>Possible values: None, ListDirectory, AddFile, AddSubDirectory, ReadEa, WriteEa, Traverse, DeleteChild, ReadAttributes, WriteAttributes, GenericRead, GenericWrite, GenericExecute, GenericAll, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, MaximumAllowed, AccessSystemSecurity</maml:para> </maml:description> <command:parameterValue required="true">FileDirectoryAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.FileDirectoryAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>MaximumAllowed</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">ListDirectory</command:parameterValue> <command:parameterValue required="false" variableLength="false">AddFile</command:parameterValue> <command:parameterValue required="false" variableLength="false">AddSubDirectory</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadEa</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteEa</command:parameterValue> <command:parameterValue required="false" variableLength="false">Traverse</command:parameterValue> <command:parameterValue required="false" variableLength="false">DeleteChild</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadAttributes</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteAttributes</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> <command:parameterValue required="false" variableLength="false">AccessSystemSecurity</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: ShareMode --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ShareMode</maml:name> <maml:description> <maml:para>The access share mode to open the file with.</maml:para> <maml:para>Possible values: None, Read, Write, Delete, All</maml:para> </maml:description> <command:parameterValue required="true">FileShareMode</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.FileShareMode</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">Read</command:parameterValue> <command:parameterValue required="false" variableLength="false">Write</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">All</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: Options --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Options</maml:name> <maml:description> <maml:para>The options to open the file with.</maml:para> <maml:para>Possible values: None, DirectoryFile, WriteThrough, SequentialOnly, NoIntermediateBuffering, SynchronousIoAlert, SynchronousIoNonAlert, NonDirectoryFile, CreateTreeConnection, CompleteIfOplocked, NoEaKnowledge, OpenRemoteInstance, RandomAccess, DeleteOnClose, OpenByFileId, OpenForBackupIntent, NoCompression, OpenRequiringOplock, DisallowExclusive, SessionAware, ReserveOpfilter, OpenReparsePoint, OpenNoRecall, OpenForFreeSpaceQuery</maml:para> </maml:description> <command:parameterValue required="true">FileOpenOptions</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.FileOpenOptions</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">DirectoryFile</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteThrough</command:parameterValue> <command:parameterValue required="false" variableLength="false">SequentialOnly</command:parameterValue> <command:parameterValue required="false" variableLength="false">NoIntermediateBuffering</command:parameterValue> <command:parameterValue required="false" variableLength="false">SynchronousIoAlert</command:parameterValue> <command:parameterValue required="false" variableLength="false">SynchronousIoNonAlert</command:parameterValue> <command:parameterValue required="false" variableLength="false">NonDirectoryFile</command:parameterValue> <command:parameterValue required="false" variableLength="false">CreateTreeConnection</command:parameterValue> <command:parameterValue required="false" variableLength="false">CompleteIfOplocked</command:parameterValue> <command:parameterValue required="false" variableLength="false">NoEaKnowledge</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenRemoteInstance</command:parameterValue> <command:parameterValue required="false" variableLength="false">RandomAccess</command:parameterValue> <command:parameterValue required="false" variableLength="false">DeleteOnClose</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenByFileId</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenForBackupIntent</command:parameterValue> <command:parameterValue required="false" variableLength="false">NoCompression</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenRequiringOplock</command:parameterValue> <command:parameterValue required="false" variableLength="false">DisallowExclusive</command:parameterValue> <command:parameterValue required="false" variableLength="false">SessionAware</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReserveOpfilter</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenReparsePoint</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenNoRecall</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenForFreeSpaceQuery</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: Transaction --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Transaction</maml:name> <maml:description> <maml:para>Specify a transaction to create the file under.</maml:para> </maml:description> <command:parameterValue required="true">NtTransaction</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtTransaction</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Access --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Access</maml:name> <maml:description> <maml:para>Specify the access rights for a new handle when creating/opening an object.</maml:para> <maml:para>Possible values: None, ReadData, WriteData, AppendData, ReadEa, WriteEa, Execute, DeleteChild, ReadAttributes, WriteAttributes, GenericRead, GenericWrite, GenericExecute, GenericAll, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, MaximumAllowed, AccessSystemSecurity</maml:para> </maml:description> <command:parameterValue required="true">FileAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.FileAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>MaximumAllowed</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadData</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteData</command:parameterValue> <command:parameterValue required="false" variableLength="false">AppendData</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadEa</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteEa</command:parameterValue> <command:parameterValue required="false" variableLength="false">Execute</command:parameterValue> <command:parameterValue required="false" variableLength="false">DeleteChild</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadAttributes</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteAttributes</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> <command:parameterValue required="false" variableLength="false">AccessSystemSecurity</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: Root --> <command:parameter required="false" globbing="false" pipelineInput="true (ByValue)" position="named"> <maml:name>Root</maml:name> <maml:description> <maml:para>An existing open NT object to use when Path is relative.</maml:para> </maml:description> <command:parameterValue required="true">NtObject</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtObject</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Win32Path --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Win32Path</maml:name> <maml:description> <maml:para>Use a Win32 path for lookups. For NT objects this means relative to BNO, for files means a DOS style path.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: CloseRoot --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CloseRoot</maml:name> <maml:description> <maml:para>Automatically close the Root object when this cmdlet finishes processing. Useful for pipelines.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: CreateDirectories --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CreateDirectories</maml:name> <maml:description> <maml:para>Create any necessary NtDirectory objects to create the required object. Will return the created directories as well as the object in the output. The new object will be the first entry in the list. This doesn't work when opening an object or creating keys/files.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: AttributeFlags --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ObjectAttributes,AttributesFlags"> <maml:name>AttributeFlags</maml:name> <maml:description> <maml:para>Object Attribute flags used during Open/Create calls.</maml:para> <maml:para>Possible values: None, ProtectClose, Inherit, AuditObjectClose, Permanent, Exclusive, CaseInsensitive, OpenIf, OpenLink, KernelHandle, ForceAccessCheck, IgnoreImpersonatedDevicemap, DontReparse</maml:para> </maml:description> <command:parameterValue required="true">AttributeFlags</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.AttributeFlags</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>CaseInsensitive</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">ProtectClose</command:parameterValue> <command:parameterValue required="false" variableLength="false">Inherit</command:parameterValue> <command:parameterValue required="false" variableLength="false">AuditObjectClose</command:parameterValue> <command:parameterValue required="false" variableLength="false">Permanent</command:parameterValue> <command:parameterValue required="false" variableLength="false">Exclusive</command:parameterValue> <command:parameterValue required="false" variableLength="false">CaseInsensitive</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenIf</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenLink</command:parameterValue> <command:parameterValue required="false" variableLength="false">KernelHandle</command:parameterValue> <command:parameterValue required="false" variableLength="false">ForceAccessCheck</command:parameterValue> <command:parameterValue required="false" variableLength="false">IgnoreImpersonatedDevicemap</command:parameterValue> <command:parameterValue required="false" variableLength="false">DontReparse</command:parameterValue> </command:parameterValueGroup> </command:parameter> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ObjectAttributes,AttributesFlags"> <maml:name>ObjectAttributes</maml:name> <maml:description> <maml:para>Object Attribute flags used during Open/Create calls.</maml:para> <maml:para>Possible values: None, ProtectClose, Inherit, AuditObjectClose, Permanent, Exclusive, CaseInsensitive, OpenIf, OpenLink, KernelHandle, ForceAccessCheck, IgnoreImpersonatedDevicemap, DontReparse</maml:para> <maml:para>This is an alias of the AttributeFlags parameter.</maml:para> </maml:description> <command:parameterValue required="true">AttributeFlags</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.AttributeFlags</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>CaseInsensitive</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">ProtectClose</command:parameterValue> <command:parameterValue required="false" variableLength="false">Inherit</command:parameterValue> <command:parameterValue required="false" variableLength="false">AuditObjectClose</command:parameterValue> <command:parameterValue required="false" variableLength="false">Permanent</command:parameterValue> <command:parameterValue required="false" variableLength="false">Exclusive</command:parameterValue> <command:parameterValue required="false" variableLength="false">CaseInsensitive</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenIf</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenLink</command:parameterValue> <command:parameterValue required="false" variableLength="false">KernelHandle</command:parameterValue> <command:parameterValue required="false" variableLength="false">ForceAccessCheck</command:parameterValue> <command:parameterValue required="false" variableLength="false">IgnoreImpersonatedDevicemap</command:parameterValue> <command:parameterValue required="false" variableLength="false">DontReparse</command:parameterValue> </command:parameterValueGroup> </command:parameter> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ObjectAttributes,AttributesFlags"> <maml:name>AttributesFlags</maml:name> <maml:description> <maml:para>Object Attribute flags used during Open/Create calls.</maml:para> <maml:para>Possible values: None, ProtectClose, Inherit, AuditObjectClose, Permanent, Exclusive, CaseInsensitive, OpenIf, OpenLink, KernelHandle, ForceAccessCheck, IgnoreImpersonatedDevicemap, DontReparse</maml:para> <maml:para>This is an alias of the AttributeFlags parameter.</maml:para> </maml:description> <command:parameterValue required="true">AttributeFlags</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.AttributeFlags</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>CaseInsensitive</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">ProtectClose</command:parameterValue> <command:parameterValue required="false" variableLength="false">Inherit</command:parameterValue> <command:parameterValue required="false" variableLength="false">AuditObjectClose</command:parameterValue> <command:parameterValue required="false" variableLength="false">Permanent</command:parameterValue> <command:parameterValue required="false" variableLength="false">Exclusive</command:parameterValue> <command:parameterValue required="false" variableLength="false">CaseInsensitive</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenIf</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenLink</command:parameterValue> <command:parameterValue required="false" variableLength="false">KernelHandle</command:parameterValue> <command:parameterValue required="false" variableLength="false">ForceAccessCheck</command:parameterValue> <command:parameterValue required="false" variableLength="false">IgnoreImpersonatedDevicemap</command:parameterValue> <command:parameterValue required="false" variableLength="false">DontReparse</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: SecurityDescriptor --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>SecurityDescriptor</maml:name> <maml:description> <maml:para>Set to provide an explicit security descriptor to a newly created object.</maml:para> </maml:description> <command:parameterValue required="true">SecurityDescriptor</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SecurityDescriptor</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Inherit --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Inherit</maml:name> <maml:description> <maml:para>Set to mark the new handle as inheritable. Can be used with ObjectAttributes.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: Sddl --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Sddl</maml:name> <maml:description> <maml:para>Set to provide an explicit security descriptor to a newly created object in SDDL format.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: SecurityQualityOfService --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>SecurityQualityOfService</maml:name> <maml:description> <maml:para>Set to provide an explicit security quality of service when opening files/namedpipes.</maml:para> </maml:description> <command:parameterValue required="true">SecurityQualityOfService</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SecurityQualityOfService</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Close --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Close</maml:name> <maml:description> <maml:para>Close the object immediately and don't pass to the output. This is useful to create permanent objects without needing to close the handle manually.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: ScriptBlock --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ScriptBlock</maml:name> <maml:description> <maml:para>Invoke a script block on the created object before writing it to the output. Can be used in combination with the Close to map objects to some value.</maml:para> </maml:description> <command:parameterValue required="true">ScriptBlock</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.ScriptBlock</maml:name> <maml:uri /> </dev:type> </command:parameter> </command:parameters> <command:inputTypes> <command:inputType> <dev:type> <maml:name>NtApiDotNet.NtObject</maml:name> <maml:uri /> </dev:type> <maml:description> <maml:para>An existing open NT object to use when Path is relative.</maml:para> </maml:description> </command:inputType> </command:inputTypes> <command:returnValues> <!-- OutputType: NtFile --> <command:returnValue> <dev:type> <maml:name>NtApiDotNet.NtFile</maml:name> <maml:uri /> </dev:type> </command:returnValue> </command:returnValues> <command:examples> <command:example> <maml:title>---------- EXAMPLE 1 ----------</maml:title> <dev:code>$obj = New-NtFile \??\C:\Windows\Temp\abc.txt</dev:code> <dev:remarks> <maml:para>Creates a new file object with an absolute path.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 2 ----------</maml:title> <dev:code>$obj = New-NtFile \??\C:\Windows\Temp\ABC -Directory</dev:code> <dev:remarks> <maml:para>Creates a new directory file object with an absolute path.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 3 ----------</maml:title> <dev:code>$obj = New-NtFile \??\C:\Windows\Temp\abc.txt -Attributes Hidden</dev:code> <dev:remarks> <maml:para>Creates a new file object with an absolute path, with the hidden attribute.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 4 ----------</maml:title> <dev:code>$root = Get-NtFile \??\C:\Windows $obj = New-NtFile Temp\abc.txt -Root $root</dev:code> <dev:remarks> <maml:para>Creates a new file object with a relative path.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 5 ----------</maml:title> <dev:code>$obj = New-NtFile c:\Windows\Temp\abc.txt -Win32Path</dev:code> <dev:remarks> <maml:para>Creates a new file object with an absolute win32 path.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 6 ----------</maml:title> <dev:code>$obj = New-NtFile \??\C:\Windows\Temp\abc.txt -Disposition OpenIf</dev:code> <dev:remarks> <maml:para>Creates a new file object with an absolute path. If the file already exists then open it rather than failing.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 7 ----------</maml:title> <dev:code>$obj = New-NtFile \??\C:\Windows\Temp\abc.txt -Disposition Supersede</dev:code> <dev:remarks> <maml:para>Creates a new file object with an absolute path. If the file already exists then replace it with the new file.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 8 ----------</maml:title> <dev:code>$obj = New-NtFile \??\C:\Windows\Temp\abc.txt -Options SynchronousIoNonAlert -Access GenericRead,GenericWrite,Synchronize $stm = $obj.ToStream($true) $stm.WriteByte(1)</dev:code> <dev:remarks> <maml:para>Creates a new file object with an absolute path then writes data to it.</maml:para> </dev:remarks> </command:example> </command:examples> <maml:relatedLinks> <maml:navigationLink> <maml:linkText>about_ManagingNtObjectLifetime</maml:linkText> </maml:navigationLink> </maml:relatedLinks> </command:command> <!-- Cmdlet: Remove-NtFile --> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"> <command:details> <command:name>Remove-NtFile</command:name> <command:verb>Remove</command:verb> <command:noun>NtFile</command:noun> <maml:description> <maml:para>Deletes a NT file object.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>This cmdlet deletes a NT file object. The absolute path to the object in the NT object manager name space can be specified. It's also possible to open the object relative to an existing object by specified the -Root parameter. To simply calling it's also possible to specify the path in a Win32 format when using the -Win32Path parameter.</maml:para> </maml:description> <command:syntax> <!-- Parameter set: __AllParameterSets --> <command:syntaxItem> <maml:name>Remove-NtFile</maml:name> <!-- Parameter: Path --> <command:parameter required="true" globbing="false" pipelineInput="false" position="0"> <maml:name>Path</maml:name> <maml:description> <maml:para>The NT object manager path to the object to use.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Access --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Access</maml:name> <maml:description> <maml:para>Specify the access rights for a new handle when creating/opening an object.</maml:para> <maml:para>Possible values: None, ReadData, WriteData, AppendData, ReadEa, WriteEa, Execute, DeleteChild, ReadAttributes, WriteAttributes, GenericRead, GenericWrite, GenericExecute, GenericAll, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, MaximumAllowed, AccessSystemSecurity</maml:para> </maml:description> <command:parameterValue required="true">FileAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.FileAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>Delete</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadData</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteData</command:parameterValue> <command:parameterValue required="false" variableLength="false">AppendData</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadEa</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteEa</command:parameterValue> <command:parameterValue required="false" variableLength="false">Execute</command:parameterValue> <command:parameterValue required="false" variableLength="false">DeleteChild</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadAttributes</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteAttributes</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> <command:parameterValue required="false" variableLength="false">AccessSystemSecurity</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: AttributeFlags --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ObjectAttributes,AttributesFlags"> <maml:name>AttributeFlags</maml:name> <maml:description> <maml:para>Object Attribute flags used during Open/Create calls.</maml:para> <maml:para>Possible values: None, ProtectClose, Inherit, AuditObjectClose, Permanent, Exclusive, CaseInsensitive, OpenIf, OpenLink, KernelHandle, ForceAccessCheck, IgnoreImpersonatedDevicemap, DontReparse</maml:para> </maml:description> <command:parameterValue required="true">AttributeFlags</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.AttributeFlags</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>CaseInsensitive</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">ProtectClose</command:parameterValue> <command:parameterValue required="false" variableLength="false">Inherit</command:parameterValue> <command:parameterValue required="false" variableLength="false">AuditObjectClose</command:parameterValue> <command:parameterValue required="false" variableLength="false">Permanent</command:parameterValue> <command:parameterValue required="false" variableLength="false">Exclusive</command:parameterValue> <command:parameterValue required="false" variableLength="false">CaseInsensitive</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenIf</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenLink</command:parameterValue> <command:parameterValue required="false" variableLength="false">KernelHandle</command:parameterValue> <command:parameterValue required="false" variableLength="false">ForceAccessCheck</command:parameterValue> <command:parameterValue required="false" variableLength="false">IgnoreImpersonatedDevicemap</command:parameterValue> <command:parameterValue required="false" variableLength="false">DontReparse</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: Close --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Close</maml:name> <maml:description> <maml:para>Close the object immediately and don't pass to the output. This is useful to create permanent objects without needing to close the handle manually.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: CloseRoot --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CloseRoot</maml:name> <maml:description> <maml:para>Automatically close the Root object when this cmdlet finishes processing. Useful for pipelines.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: CreateDirectories --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CreateDirectories</maml:name> <maml:description> <maml:para>Create any necessary NtDirectory objects to create the required object. Will return the created directories as well as the object in the output. The new object will be the first entry in the list. This doesn't work when opening an object or creating keys/files.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: DeleteReparsePoint --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>DeleteReparsePoint</maml:name> <maml:description> <maml:para>Specify whether to delete the reparse point or the target.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: DeviceGuid --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>DeviceGuid</maml:name> <maml:description> <maml:para>Specify that the path is a device GUID not a full path.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: DirectoryAccess --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>DirectoryAccess</maml:name> <maml:description> <maml:para>Specify file access using directory access rights.</maml:para> <maml:para>Possible values: None, ListDirectory, AddFile, AddSubDirectory, ReadEa, WriteEa, Traverse, DeleteChild, ReadAttributes, WriteAttributes, GenericRead, GenericWrite, GenericExecute, GenericAll, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, MaximumAllowed, AccessSystemSecurity</maml:para> </maml:description> <command:parameterValue required="true">FileDirectoryAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.FileDirectoryAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>Delete</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">ListDirectory</command:parameterValue> <command:parameterValue required="false" variableLength="false">AddFile</command:parameterValue> <command:parameterValue required="false" variableLength="false">AddSubDirectory</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadEa</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteEa</command:parameterValue> <command:parameterValue required="false" variableLength="false">Traverse</command:parameterValue> <command:parameterValue required="false" variableLength="false">DeleteChild</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadAttributes</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteAttributes</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> <command:parameterValue required="false" variableLength="false">AccessSystemSecurity</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: DispositionFlags --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>DispositionFlags</maml:name> <maml:description> <maml:para>Specify arbitrary flags for the disposition EX setting.</maml:para> <maml:para>Possible values: None, Delete, PosixSemantics, ForceImageSectionCheck, OnClose, IgnoreReadOnlyAttribute</maml:para> </maml:description> <command:parameterValue required="true">FileDispositionInformationExFlags</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.FileDispositionInformationExFlags</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">PosixSemantics</command:parameterValue> <command:parameterValue required="false" variableLength="false">ForceImageSectionCheck</command:parameterValue> <command:parameterValue required="false" variableLength="false">OnClose</command:parameterValue> <command:parameterValue required="false" variableLength="false">IgnoreReadOnlyAttribute</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: Inherit --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Inherit</maml:name> <maml:description> <maml:para>Set to mark the new handle as inheritable. Can be used with ObjectAttributes.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: OpenById --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>OpenById</maml:name> <maml:description> <maml:para>Specify the path is a file id, in string format (e.g. 12345678) or a GUID object id.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: Options --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Options</maml:name> <maml:description> <maml:para>The options to open the file with.</maml:para> <maml:para>Possible values: None, DirectoryFile, WriteThrough, SequentialOnly, NoIntermediateBuffering, SynchronousIoAlert, SynchronousIoNonAlert, NonDirectoryFile, CreateTreeConnection, CompleteIfOplocked, NoEaKnowledge, OpenRemoteInstance, RandomAccess, DeleteOnClose, OpenByFileId, OpenForBackupIntent, NoCompression, OpenRequiringOplock, DisallowExclusive, SessionAware, ReserveOpfilter, OpenReparsePoint, OpenNoRecall, OpenForFreeSpaceQuery</maml:para> </maml:description> <command:parameterValue required="true">FileOpenOptions</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.FileOpenOptions</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">DirectoryFile</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteThrough</command:parameterValue> <command:parameterValue required="false" variableLength="false">SequentialOnly</command:parameterValue> <command:parameterValue required="false" variableLength="false">NoIntermediateBuffering</command:parameterValue> <command:parameterValue required="false" variableLength="false">SynchronousIoAlert</command:parameterValue> <command:parameterValue required="false" variableLength="false">SynchronousIoNonAlert</command:parameterValue> <command:parameterValue required="false" variableLength="false">NonDirectoryFile</command:parameterValue> <command:parameterValue required="false" variableLength="false">CreateTreeConnection</command:parameterValue> <command:parameterValue required="false" variableLength="false">CompleteIfOplocked</command:parameterValue> <command:parameterValue required="false" variableLength="false">NoEaKnowledge</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenRemoteInstance</command:parameterValue> <command:parameterValue required="false" variableLength="false">RandomAccess</command:parameterValue> <command:parameterValue required="false" variableLength="false">DeleteOnClose</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenByFileId</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenForBackupIntent</command:parameterValue> <command:parameterValue required="false" variableLength="false">NoCompression</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenRequiringOplock</command:parameterValue> <command:parameterValue required="false" variableLength="false">DisallowExclusive</command:parameterValue> <command:parameterValue required="false" variableLength="false">SessionAware</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReserveOpfilter</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenReparsePoint</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenNoRecall</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenForFreeSpaceQuery</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: PosixSemantics --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>PosixSemantics</maml:name> <maml:description> <maml:para>Specify whether to delete with POSIX semantics.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: Root --> <command:parameter required="false" globbing="false" pipelineInput="true (ByValue)" position="named"> <maml:name>Root</maml:name> <maml:description> <maml:para>An existing open NT object to use when Path is relative.</maml:para> </maml:description> <command:parameterValue required="true">NtObject</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtObject</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: ScriptBlock --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ScriptBlock</maml:name> <maml:description> <maml:para>Invoke a script block on the created object before writing it to the output. Can be used in combination with the Close to map objects to some value.</maml:para> </maml:description> <command:parameterValue required="true">ScriptBlock</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.ScriptBlock</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Sddl --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Sddl</maml:name> <maml:description> <maml:para>Set to provide an explicit security descriptor to a newly created object in SDDL format.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: SecurityDescriptor --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>SecurityDescriptor</maml:name> <maml:description> <maml:para>Set to provide an explicit security descriptor to a newly created object.</maml:para> </maml:description> <command:parameterValue required="true">SecurityDescriptor</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SecurityDescriptor</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: SecurityQualityOfService --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>SecurityQualityOfService</maml:name> <maml:description> <maml:para>Set to provide an explicit security quality of service when opening files/namedpipes.</maml:para> </maml:description> <command:parameterValue required="true">SecurityQualityOfService</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SecurityQualityOfService</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: ShareMode --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ShareMode</maml:name> <maml:description> <maml:para>The access share mode to open the file with.</maml:para> <maml:para>Possible values: None, Read, Write, Delete, All</maml:para> </maml:description> <command:parameterValue required="true">FileShareMode</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.FileShareMode</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>Read, Delete</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">Read</command:parameterValue> <command:parameterValue required="false" variableLength="false">Write</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">All</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: Transaction --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Transaction</maml:name> <maml:description> <maml:para>Specify a transaction to create the file under.</maml:para> </maml:description> <command:parameterValue required="true">NtTransaction</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtTransaction</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Win32Path --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Win32Path</maml:name> <maml:description> <maml:para>Use a Win32 path for lookups. For NT objects this means relative to BNO, for files means a DOS style path.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <!-- Parameter: PosixSemantics --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>PosixSemantics</maml:name> <maml:description> <maml:para>Specify whether to delete with POSIX semantics.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: DeleteReparsePoint --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>DeleteReparsePoint</maml:name> <maml:description> <maml:para>Specify whether to delete the reparse point or the target.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: DispositionFlags --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>DispositionFlags</maml:name> <maml:description> <maml:para>Specify arbitrary flags for the disposition EX setting.</maml:para> <maml:para>Possible values: None, Delete, PosixSemantics, ForceImageSectionCheck, OnClose, IgnoreReadOnlyAttribute</maml:para> </maml:description> <command:parameterValue required="true">FileDispositionInformationExFlags</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.FileDispositionInformationExFlags</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">PosixSemantics</command:parameterValue> <command:parameterValue required="false" variableLength="false">ForceImageSectionCheck</command:parameterValue> <command:parameterValue required="false" variableLength="false">OnClose</command:parameterValue> <command:parameterValue required="false" variableLength="false">IgnoreReadOnlyAttribute</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: Path --> <command:parameter required="true" globbing="false" pipelineInput="false" position="0"> <maml:name>Path</maml:name> <maml:description> <maml:para>The NT object manager path to the object to use.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: DeviceGuid --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>DeviceGuid</maml:name> <maml:description> <maml:para>Specify that the path is a device GUID not a full path.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: OpenById --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>OpenById</maml:name> <maml:description> <maml:para>Specify the path is a file id, in string format (e.g. 12345678) or a GUID object id.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: DirectoryAccess --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>DirectoryAccess</maml:name> <maml:description> <maml:para>Specify file access using directory access rights.</maml:para> <maml:para>Possible values: None, ListDirectory, AddFile, AddSubDirectory, ReadEa, WriteEa, Traverse, DeleteChild, ReadAttributes, WriteAttributes, GenericRead, GenericWrite, GenericExecute, GenericAll, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, MaximumAllowed, AccessSystemSecurity</maml:para> </maml:description> <command:parameterValue required="true">FileDirectoryAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.FileDirectoryAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>Delete</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">ListDirectory</command:parameterValue> <command:parameterValue required="false" variableLength="false">AddFile</command:parameterValue> <command:parameterValue required="false" variableLength="false">AddSubDirectory</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadEa</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteEa</command:parameterValue> <command:parameterValue required="false" variableLength="false">Traverse</command:parameterValue> <command:parameterValue required="false" variableLength="false">DeleteChild</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadAttributes</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteAttributes</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> <command:parameterValue required="false" variableLength="false">AccessSystemSecurity</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: ShareMode --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ShareMode</maml:name> <maml:description> <maml:para>The access share mode to open the file with.</maml:para> <maml:para>Possible values: None, Read, Write, Delete, All</maml:para> </maml:description> <command:parameterValue required="true">FileShareMode</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.FileShareMode</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>Read, Delete</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">Read</command:parameterValue> <command:parameterValue required="false" variableLength="false">Write</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">All</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: Options --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Options</maml:name> <maml:description> <maml:para>The options to open the file with.</maml:para> <maml:para>Possible values: None, DirectoryFile, WriteThrough, SequentialOnly, NoIntermediateBuffering, SynchronousIoAlert, SynchronousIoNonAlert, NonDirectoryFile, CreateTreeConnection, CompleteIfOplocked, NoEaKnowledge, OpenRemoteInstance, RandomAccess, DeleteOnClose, OpenByFileId, OpenForBackupIntent, NoCompression, OpenRequiringOplock, DisallowExclusive, SessionAware, ReserveOpfilter, OpenReparsePoint, OpenNoRecall, OpenForFreeSpaceQuery</maml:para> </maml:description> <command:parameterValue required="true">FileOpenOptions</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.FileOpenOptions</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">DirectoryFile</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteThrough</command:parameterValue> <command:parameterValue required="false" variableLength="false">SequentialOnly</command:parameterValue> <command:parameterValue required="false" variableLength="false">NoIntermediateBuffering</command:parameterValue> <command:parameterValue required="false" variableLength="false">SynchronousIoAlert</command:parameterValue> <command:parameterValue required="false" variableLength="false">SynchronousIoNonAlert</command:parameterValue> <command:parameterValue required="false" variableLength="false">NonDirectoryFile</command:parameterValue> <command:parameterValue required="false" variableLength="false">CreateTreeConnection</command:parameterValue> <command:parameterValue required="false" variableLength="false">CompleteIfOplocked</command:parameterValue> <command:parameterValue required="false" variableLength="false">NoEaKnowledge</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenRemoteInstance</command:parameterValue> <command:parameterValue required="false" variableLength="false">RandomAccess</command:parameterValue> <command:parameterValue required="false" variableLength="false">DeleteOnClose</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenByFileId</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenForBackupIntent</command:parameterValue> <command:parameterValue required="false" variableLength="false">NoCompression</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenRequiringOplock</command:parameterValue> <command:parameterValue required="false" variableLength="false">DisallowExclusive</command:parameterValue> <command:parameterValue required="false" variableLength="false">SessionAware</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReserveOpfilter</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenReparsePoint</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenNoRecall</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenForFreeSpaceQuery</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: Transaction --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Transaction</maml:name> <maml:description> <maml:para>Specify a transaction to create the file under.</maml:para> </maml:description> <command:parameterValue required="true">NtTransaction</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtTransaction</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Access --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Access</maml:name> <maml:description> <maml:para>Specify the access rights for a new handle when creating/opening an object.</maml:para> <maml:para>Possible values: None, ReadData, WriteData, AppendData, ReadEa, WriteEa, Execute, DeleteChild, ReadAttributes, WriteAttributes, GenericRead, GenericWrite, GenericExecute, GenericAll, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, MaximumAllowed, AccessSystemSecurity</maml:para> </maml:description> <command:parameterValue required="true">FileAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.FileAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>Delete</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadData</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteData</command:parameterValue> <command:parameterValue required="false" variableLength="false">AppendData</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadEa</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteEa</command:parameterValue> <command:parameterValue required="false" variableLength="false">Execute</command:parameterValue> <command:parameterValue required="false" variableLength="false">DeleteChild</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadAttributes</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteAttributes</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> <command:parameterValue required="false" variableLength="false">AccessSystemSecurity</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: Root --> <command:parameter required="false" globbing="false" pipelineInput="true (ByValue)" position="named"> <maml:name>Root</maml:name> <maml:description> <maml:para>An existing open NT object to use when Path is relative.</maml:para> </maml:description> <command:parameterValue required="true">NtObject</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtObject</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Win32Path --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Win32Path</maml:name> <maml:description> <maml:para>Use a Win32 path for lookups. For NT objects this means relative to BNO, for files means a DOS style path.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: CloseRoot --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CloseRoot</maml:name> <maml:description> <maml:para>Automatically close the Root object when this cmdlet finishes processing. Useful for pipelines.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: CreateDirectories --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CreateDirectories</maml:name> <maml:description> <maml:para>Create any necessary NtDirectory objects to create the required object. Will return the created directories as well as the object in the output. The new object will be the first entry in the list. This doesn't work when opening an object or creating keys/files.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: AttributeFlags --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ObjectAttributes,AttributesFlags"> <maml:name>AttributeFlags</maml:name> <maml:description> <maml:para>Object Attribute flags used during Open/Create calls.</maml:para> <maml:para>Possible values: None, ProtectClose, Inherit, AuditObjectClose, Permanent, Exclusive, CaseInsensitive, OpenIf, OpenLink, KernelHandle, ForceAccessCheck, IgnoreImpersonatedDevicemap, DontReparse</maml:para> </maml:description> <command:parameterValue required="true">AttributeFlags</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.AttributeFlags</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>CaseInsensitive</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">ProtectClose</command:parameterValue> <command:parameterValue required="false" variableLength="false">Inherit</command:parameterValue> <command:parameterValue required="false" variableLength="false">AuditObjectClose</command:parameterValue> <command:parameterValue required="false" variableLength="false">Permanent</command:parameterValue> <command:parameterValue required="false" variableLength="false">Exclusive</command:parameterValue> <command:parameterValue required="false" variableLength="false">CaseInsensitive</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenIf</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenLink</command:parameterValue> <command:parameterValue required="false" variableLength="false">KernelHandle</command:parameterValue> <command:parameterValue required="false" variableLength="false">ForceAccessCheck</command:parameterValue> <command:parameterValue required="false" variableLength="false">IgnoreImpersonatedDevicemap</command:parameterValue> <command:parameterValue required="false" variableLength="false">DontReparse</command:parameterValue> </command:parameterValueGroup> </command:parameter> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ObjectAttributes,AttributesFlags"> <maml:name>ObjectAttributes</maml:name> <maml:description> <maml:para>Object Attribute flags used during Open/Create calls.</maml:para> <maml:para>Possible values: None, ProtectClose, Inherit, AuditObjectClose, Permanent, Exclusive, CaseInsensitive, OpenIf, OpenLink, KernelHandle, ForceAccessCheck, IgnoreImpersonatedDevicemap, DontReparse</maml:para> <maml:para>This is an alias of the AttributeFlags parameter.</maml:para> </maml:description> <command:parameterValue required="true">AttributeFlags</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.AttributeFlags</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>CaseInsensitive</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">ProtectClose</command:parameterValue> <command:parameterValue required="false" variableLength="false">Inherit</command:parameterValue> <command:parameterValue required="false" variableLength="false">AuditObjectClose</command:parameterValue> <command:parameterValue required="false" variableLength="false">Permanent</command:parameterValue> <command:parameterValue required="false" variableLength="false">Exclusive</command:parameterValue> <command:parameterValue required="false" variableLength="false">CaseInsensitive</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenIf</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenLink</command:parameterValue> <command:parameterValue required="false" variableLength="false">KernelHandle</command:parameterValue> <command:parameterValue required="false" variableLength="false">ForceAccessCheck</command:parameterValue> <command:parameterValue required="false" variableLength="false">IgnoreImpersonatedDevicemap</command:parameterValue> <command:parameterValue required="false" variableLength="false">DontReparse</command:parameterValue> </command:parameterValueGroup> </command:parameter> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ObjectAttributes,AttributesFlags"> <maml:name>AttributesFlags</maml:name> <maml:description> <maml:para>Object Attribute flags used during Open/Create calls.</maml:para> <maml:para>Possible values: None, ProtectClose, Inherit, AuditObjectClose, Permanent, Exclusive, CaseInsensitive, OpenIf, OpenLink, KernelHandle, ForceAccessCheck, IgnoreImpersonatedDevicemap, DontReparse</maml:para> <maml:para>This is an alias of the AttributeFlags parameter.</maml:para> </maml:description> <command:parameterValue required="true">AttributeFlags</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.AttributeFlags</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>CaseInsensitive</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">ProtectClose</command:parameterValue> <command:parameterValue required="false" variableLength="false">Inherit</command:parameterValue> <command:parameterValue required="false" variableLength="false">AuditObjectClose</command:parameterValue> <command:parameterValue required="false" variableLength="false">Permanent</command:parameterValue> <command:parameterValue required="false" variableLength="false">Exclusive</command:parameterValue> <command:parameterValue required="false" variableLength="false">CaseInsensitive</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenIf</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenLink</command:parameterValue> <command:parameterValue required="false" variableLength="false">KernelHandle</command:parameterValue> <command:parameterValue required="false" variableLength="false">ForceAccessCheck</command:parameterValue> <command:parameterValue required="false" variableLength="false">IgnoreImpersonatedDevicemap</command:parameterValue> <command:parameterValue required="false" variableLength="false">DontReparse</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: SecurityDescriptor --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>SecurityDescriptor</maml:name> <maml:description> <maml:para>Set to provide an explicit security descriptor to a newly created object.</maml:para> </maml:description> <command:parameterValue required="true">SecurityDescriptor</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SecurityDescriptor</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Inherit --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Inherit</maml:name> <maml:description> <maml:para>Set to mark the new handle as inheritable. Can be used with ObjectAttributes.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: Sddl --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Sddl</maml:name> <maml:description> <maml:para>Set to provide an explicit security descriptor to a newly created object in SDDL format.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: SecurityQualityOfService --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>SecurityQualityOfService</maml:name> <maml:description> <maml:para>Set to provide an explicit security quality of service when opening files/namedpipes.</maml:para> </maml:description> <command:parameterValue required="true">SecurityQualityOfService</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SecurityQualityOfService</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Close --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Close</maml:name> <maml:description> <maml:para>Close the object immediately and don't pass to the output. This is useful to create permanent objects without needing to close the handle manually.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: ScriptBlock --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ScriptBlock</maml:name> <maml:description> <maml:para>Invoke a script block on the created object before writing it to the output. Can be used in combination with the Close to map objects to some value.</maml:para> </maml:description> <command:parameterValue required="true">ScriptBlock</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.ScriptBlock</maml:name> <maml:uri /> </dev:type> </command:parameter> </command:parameters> <command:inputTypes> <command:inputType> <dev:type> <maml:name>NtApiDotNet.NtObject</maml:name> <maml:uri /> </dev:type> <maml:description> <maml:para>An existing open NT object to use when Path is relative.</maml:para> </maml:description> </command:inputType> </command:inputTypes> <command:returnValues> <!-- OutputType: NtFile --> <command:returnValue> <dev:type> <maml:name>NtApiDotNet.NtFile</maml:name> <maml:uri /> </dev:type> </command:returnValue> </command:returnValues> <command:examples> <command:example> <maml:title>---------- EXAMPLE 1 ----------</maml:title> <dev:code>Remove-NtFile \??\C:\path\file.exe</dev:code> <dev:remarks> <maml:para>Delete a file object with an absolute path.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 2 ----------</maml:title> <dev:code>$root = Get-NtFile \??\C:\path Remove-NtFile file.exe -Root $root</dev:code> <dev:remarks> <maml:para>Delete a file object with a relative path.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 3 ----------</maml:title> <dev:code>Remove-NtFile c:\path\file.exe -Win32Path</dev:code> <dev:remarks> <maml:para>Delete a file object with an absolute win32 path.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 4 ----------</maml:title> <dev:code>Remove-NtFile ..\..\..\path\file.exe -Win32Path</dev:code> <dev:remarks> <maml:para>Delete a file object with a relative win32 path.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 5 ----------</maml:title> <dev:code>Remove-NtFile \??\C:\path\file.exe -PosixSemantics</dev:code> <dev:remarks> <maml:para>Delete a file object with POSIX semantics (needs Win10 RS3+).</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 6 ----------</maml:title> <dev:code>Remove-NtFile \??\C:\path\file.exe -DeleteReparsePoint</dev:code> <dev:remarks> <maml:para>Delete a file reparse point rather than following the link.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 7 ----------</maml:title> <dev:code>Remove-NtFile \??\C:\path\file.exe -ShareMode Read</dev:code> <dev:remarks> <maml:para>Delete a file object specifying a Read sharemode.</maml:para> </dev:remarks> </command:example> </command:examples> </command:command> <!-- Cmdlet: Rename-NtFile --> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"> <command:details> <command:name>Rename-NtFile</command:name> <command:verb>Rename</command:verb> <command:noun>NtFile</command:noun> <maml:description> <maml:para>Renames a NT file object.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>This cmdlet renamed a NT file object. The absolute path to the object in the NT object manager name space can be specified. It's also possible to open the object relative to an existing object by specified the -Root parameter. To simply calling it's also possible to specify the path in a Win32 format when using the -Win32Path parameter.</maml:para> </maml:description> <command:syntax> <!-- Parameter set: __AllParameterSets --> <command:syntaxItem> <maml:name>Rename-NtFile</maml:name> <!-- Parameter: Path --> <command:parameter required="true" globbing="false" pipelineInput="false" position="0"> <maml:name>Path</maml:name> <maml:description> <maml:para>The NT object manager path to the object to use.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: NewName --> <command:parameter required="true" globbing="false" pipelineInput="false" position="1"> <maml:name>NewName</maml:name> <maml:description> <maml:para>Specify to create a link rather than do the rename.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Access --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Access</maml:name> <maml:description> <maml:para>Specify the access rights for a new handle when creating/opening an object.</maml:para> <maml:para>Possible values: None, ReadData, WriteData, AppendData, ReadEa, WriteEa, Execute, DeleteChild, ReadAttributes, WriteAttributes, GenericRead, GenericWrite, GenericExecute, GenericAll, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, MaximumAllowed, AccessSystemSecurity</maml:para> </maml:description> <command:parameterValue required="true">FileAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.FileAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadData</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteData</command:parameterValue> <command:parameterValue required="false" variableLength="false">AppendData</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadEa</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteEa</command:parameterValue> <command:parameterValue required="false" variableLength="false">Execute</command:parameterValue> <command:parameterValue required="false" variableLength="false">DeleteChild</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadAttributes</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteAttributes</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> <command:parameterValue required="false" variableLength="false">AccessSystemSecurity</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: AttributeFlags --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ObjectAttributes,AttributesFlags"> <maml:name>AttributeFlags</maml:name> <maml:description> <maml:para>Object Attribute flags used during Open/Create calls.</maml:para> <maml:para>Possible values: None, ProtectClose, Inherit, AuditObjectClose, Permanent, Exclusive, CaseInsensitive, OpenIf, OpenLink, KernelHandle, ForceAccessCheck, IgnoreImpersonatedDevicemap, DontReparse</maml:para> </maml:description> <command:parameterValue required="true">AttributeFlags</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.AttributeFlags</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>CaseInsensitive</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">ProtectClose</command:parameterValue> <command:parameterValue required="false" variableLength="false">Inherit</command:parameterValue> <command:parameterValue required="false" variableLength="false">AuditObjectClose</command:parameterValue> <command:parameterValue required="false" variableLength="false">Permanent</command:parameterValue> <command:parameterValue required="false" variableLength="false">Exclusive</command:parameterValue> <command:parameterValue required="false" variableLength="false">CaseInsensitive</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenIf</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenLink</command:parameterValue> <command:parameterValue required="false" variableLength="false">KernelHandle</command:parameterValue> <command:parameterValue required="false" variableLength="false">ForceAccessCheck</command:parameterValue> <command:parameterValue required="false" variableLength="false">IgnoreImpersonatedDevicemap</command:parameterValue> <command:parameterValue required="false" variableLength="false">DontReparse</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: Close --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Close</maml:name> <maml:description> <maml:para>Close the object immediately and don't pass to the output. This is useful to create permanent objects without needing to close the handle manually.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: CloseRoot --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CloseRoot</maml:name> <maml:description> <maml:para>Automatically close the Root object when this cmdlet finishes processing. Useful for pipelines.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: CreateDirectories --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CreateDirectories</maml:name> <maml:description> <maml:para>Create any necessary NtDirectory objects to create the required object. Will return the created directories as well as the object in the output. The new object will be the first entry in the list. This doesn't work when opening an object or creating keys/files.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: DeviceGuid --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>DeviceGuid</maml:name> <maml:description> <maml:para>Specify that the path is a device GUID not a full path.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: DirectoryAccess --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>DirectoryAccess</maml:name> <maml:description> <maml:para>Specify file access using directory access rights.</maml:para> <maml:para>Possible values: None, ListDirectory, AddFile, AddSubDirectory, ReadEa, WriteEa, Traverse, DeleteChild, ReadAttributes, WriteAttributes, GenericRead, GenericWrite, GenericExecute, GenericAll, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, MaximumAllowed, AccessSystemSecurity</maml:para> </maml:description> <command:parameterValue required="true">FileDirectoryAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.FileDirectoryAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">ListDirectory</command:parameterValue> <command:parameterValue required="false" variableLength="false">AddFile</command:parameterValue> <command:parameterValue required="false" variableLength="false">AddSubDirectory</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadEa</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteEa</command:parameterValue> <command:parameterValue required="false" variableLength="false">Traverse</command:parameterValue> <command:parameterValue required="false" variableLength="false">DeleteChild</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadAttributes</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteAttributes</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> <command:parameterValue required="false" variableLength="false">AccessSystemSecurity</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: Inherit --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Inherit</maml:name> <maml:description> <maml:para>Set to mark the new handle as inheritable. Can be used with ObjectAttributes.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: Link --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Link</maml:name> <maml:description> <maml:para>Specify to create a link rather than do the rename.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: NewNameRoot --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>NewNameRoot</maml:name> <maml:description> <maml:para>Specify a root object for the new name. This is passed verbatim to the system call unless ResolveNewName is used.</maml:para> </maml:description> <command:parameterValue required="true">NtObject</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtObject</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: OpenById --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>OpenById</maml:name> <maml:description> <maml:para>Specify the path is a file id, in string format (e.g. 12345678) or a GUID object id.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: Options --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Options</maml:name> <maml:description> <maml:para>The options to open the file with.</maml:para> <maml:para>Possible values: None, DirectoryFile, WriteThrough, SequentialOnly, NoIntermediateBuffering, SynchronousIoAlert, SynchronousIoNonAlert, NonDirectoryFile, CreateTreeConnection, CompleteIfOplocked, NoEaKnowledge, OpenRemoteInstance, RandomAccess, DeleteOnClose, OpenByFileId, OpenForBackupIntent, NoCompression, OpenRequiringOplock, DisallowExclusive, SessionAware, ReserveOpfilter, OpenReparsePoint, OpenNoRecall, OpenForFreeSpaceQuery</maml:para> </maml:description> <command:parameterValue required="true">FileOpenOptions</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.FileOpenOptions</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">DirectoryFile</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteThrough</command:parameterValue> <command:parameterValue required="false" variableLength="false">SequentialOnly</command:parameterValue> <command:parameterValue required="false" variableLength="false">NoIntermediateBuffering</command:parameterValue> <command:parameterValue required="false" variableLength="false">SynchronousIoAlert</command:parameterValue> <command:parameterValue required="false" variableLength="false">SynchronousIoNonAlert</command:parameterValue> <command:parameterValue required="false" variableLength="false">NonDirectoryFile</command:parameterValue> <command:parameterValue required="false" variableLength="false">CreateTreeConnection</command:parameterValue> <command:parameterValue required="false" variableLength="false">CompleteIfOplocked</command:parameterValue> <command:parameterValue required="false" variableLength="false">NoEaKnowledge</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenRemoteInstance</command:parameterValue> <command:parameterValue required="false" variableLength="false">RandomAccess</command:parameterValue> <command:parameterValue required="false" variableLength="false">DeleteOnClose</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenByFileId</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenForBackupIntent</command:parameterValue> <command:parameterValue required="false" variableLength="false">NoCompression</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenRequiringOplock</command:parameterValue> <command:parameterValue required="false" variableLength="false">DisallowExclusive</command:parameterValue> <command:parameterValue required="false" variableLength="false">SessionAware</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReserveOpfilter</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenReparsePoint</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenNoRecall</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenForFreeSpaceQuery</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: RenameFlags --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>RenameFlags</maml:name> <maml:description> <maml:para>Specify arbitrary flags for the rename EX setting.</maml:para> <maml:para>Possible values: None, ReplaceIfExists, PosixSemantics, SuppressPinStateInheritance, SupressStorageReserveInheritance, NoIncreaseAvailableSpace, NoDecreaseAvailableSpace, IgnoreReadOnlyAttribute, ForceResizeTargetSR, ForceResizeSourceSR, ForceResizeSR</maml:para> </maml:description> <command:parameterValue required="true">FileRenameInformationExFlags</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.FileRenameInformationExFlags</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReplaceIfExists</command:parameterValue> <command:parameterValue required="false" variableLength="false">PosixSemantics</command:parameterValue> <command:parameterValue required="false" variableLength="false">SuppressPinStateInheritance</command:parameterValue> <command:parameterValue required="false" variableLength="false">SupressStorageReserveInheritance</command:parameterValue> <command:parameterValue required="false" variableLength="false">NoIncreaseAvailableSpace</command:parameterValue> <command:parameterValue required="false" variableLength="false">NoDecreaseAvailableSpace</command:parameterValue> <command:parameterValue required="false" variableLength="false">IgnoreReadOnlyAttribute</command:parameterValue> <command:parameterValue required="false" variableLength="false">ForceResizeTargetSR</command:parameterValue> <command:parameterValue required="false" variableLength="false">ForceResizeSourceSR</command:parameterValue> <command:parameterValue required="false" variableLength="false">ForceResizeSR</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: ReplaceIfExists --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ReplaceIfExists</maml:name> <maml:description> <maml:para>Replace the file if it exists.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: ResolveNewName --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ResolveNewName</maml:name> <maml:description> <maml:para>Specify to resolve the new name to a full path based on win32 rules, otherwise it's passed verbatim.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: Root --> <command:parameter required="false" globbing="false" pipelineInput="true (ByValue)" position="named"> <maml:name>Root</maml:name> <maml:description> <maml:para>An existing open NT object to use when Path is relative.</maml:para> </maml:description> <command:parameterValue required="true">NtObject</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtObject</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: ScriptBlock --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ScriptBlock</maml:name> <maml:description> <maml:para>Invoke a script block on the created object before writing it to the output. Can be used in combination with the Close to map objects to some value.</maml:para> </maml:description> <command:parameterValue required="true">ScriptBlock</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.ScriptBlock</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Sddl --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Sddl</maml:name> <maml:description> <maml:para>Set to provide an explicit security descriptor to a newly created object in SDDL format.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: SecurityDescriptor --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>SecurityDescriptor</maml:name> <maml:description> <maml:para>Set to provide an explicit security descriptor to a newly created object.</maml:para> </maml:description> <command:parameterValue required="true">SecurityDescriptor</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SecurityDescriptor</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: SecurityQualityOfService --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>SecurityQualityOfService</maml:name> <maml:description> <maml:para>Set to provide an explicit security quality of service when opening files/namedpipes.</maml:para> </maml:description> <command:parameterValue required="true">SecurityQualityOfService</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SecurityQualityOfService</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: ShareMode --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ShareMode</maml:name> <maml:description> <maml:para>The access share mode to open the file with.</maml:para> <maml:para>Possible values: None, Read, Write, Delete, All</maml:para> </maml:description> <command:parameterValue required="true">FileShareMode</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.FileShareMode</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">Read</command:parameterValue> <command:parameterValue required="false" variableLength="false">Write</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">All</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: Transaction --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Transaction</maml:name> <maml:description> <maml:para>Specify a transaction to create the file under.</maml:para> </maml:description> <command:parameterValue required="true">NtTransaction</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtTransaction</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Win32Path --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Win32Path</maml:name> <maml:description> <maml:para>Use a Win32 path for lookups. For NT objects this means relative to BNO, for files means a DOS style path.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <!-- Parameter: Link --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Link</maml:name> <maml:description> <maml:para>Specify to create a link rather than do the rename.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: NewName --> <command:parameter required="true" globbing="false" pipelineInput="false" position="1"> <maml:name>NewName</maml:name> <maml:description> <maml:para>Specify to create a link rather than do the rename.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: NewNameRoot --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>NewNameRoot</maml:name> <maml:description> <maml:para>Specify a root object for the new name. This is passed verbatim to the system call unless ResolveNewName is used.</maml:para> </maml:description> <command:parameterValue required="true">NtObject</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtObject</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: ResolveNewName --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ResolveNewName</maml:name> <maml:description> <maml:para>Specify to resolve the new name to a full path based on win32 rules, otherwise it's passed verbatim.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: RenameFlags --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>RenameFlags</maml:name> <maml:description> <maml:para>Specify arbitrary flags for the rename EX setting.</maml:para> <maml:para>Possible values: None, ReplaceIfExists, PosixSemantics, SuppressPinStateInheritance, SupressStorageReserveInheritance, NoIncreaseAvailableSpace, NoDecreaseAvailableSpace, IgnoreReadOnlyAttribute, ForceResizeTargetSR, ForceResizeSourceSR, ForceResizeSR</maml:para> </maml:description> <command:parameterValue required="true">FileRenameInformationExFlags</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.FileRenameInformationExFlags</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReplaceIfExists</command:parameterValue> <command:parameterValue required="false" variableLength="false">PosixSemantics</command:parameterValue> <command:parameterValue required="false" variableLength="false">SuppressPinStateInheritance</command:parameterValue> <command:parameterValue required="false" variableLength="false">SupressStorageReserveInheritance</command:parameterValue> <command:parameterValue required="false" variableLength="false">NoIncreaseAvailableSpace</command:parameterValue> <command:parameterValue required="false" variableLength="false">NoDecreaseAvailableSpace</command:parameterValue> <command:parameterValue required="false" variableLength="false">IgnoreReadOnlyAttribute</command:parameterValue> <command:parameterValue required="false" variableLength="false">ForceResizeTargetSR</command:parameterValue> <command:parameterValue required="false" variableLength="false">ForceResizeSourceSR</command:parameterValue> <command:parameterValue required="false" variableLength="false">ForceResizeSR</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: ReplaceIfExists --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ReplaceIfExists</maml:name> <maml:description> <maml:para>Replace the file if it exists.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: Path --> <command:parameter required="true" globbing="false" pipelineInput="false" position="0"> <maml:name>Path</maml:name> <maml:description> <maml:para>The NT object manager path to the object to use.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: DeviceGuid --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>DeviceGuid</maml:name> <maml:description> <maml:para>Specify that the path is a device GUID not a full path.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: OpenById --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>OpenById</maml:name> <maml:description> <maml:para>Specify the path is a file id, in string format (e.g. 12345678) or a GUID object id.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: DirectoryAccess --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>DirectoryAccess</maml:name> <maml:description> <maml:para>Specify file access using directory access rights.</maml:para> <maml:para>Possible values: None, ListDirectory, AddFile, AddSubDirectory, ReadEa, WriteEa, Traverse, DeleteChild, ReadAttributes, WriteAttributes, GenericRead, GenericWrite, GenericExecute, GenericAll, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, MaximumAllowed, AccessSystemSecurity</maml:para> </maml:description> <command:parameterValue required="true">FileDirectoryAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.FileDirectoryAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">ListDirectory</command:parameterValue> <command:parameterValue required="false" variableLength="false">AddFile</command:parameterValue> <command:parameterValue required="false" variableLength="false">AddSubDirectory</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadEa</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteEa</command:parameterValue> <command:parameterValue required="false" variableLength="false">Traverse</command:parameterValue> <command:parameterValue required="false" variableLength="false">DeleteChild</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadAttributes</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteAttributes</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> <command:parameterValue required="false" variableLength="false">AccessSystemSecurity</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: ShareMode --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ShareMode</maml:name> <maml:description> <maml:para>The access share mode to open the file with.</maml:para> <maml:para>Possible values: None, Read, Write, Delete, All</maml:para> </maml:description> <command:parameterValue required="true">FileShareMode</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.FileShareMode</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">Read</command:parameterValue> <command:parameterValue required="false" variableLength="false">Write</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">All</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: Options --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Options</maml:name> <maml:description> <maml:para>The options to open the file with.</maml:para> <maml:para>Possible values: None, DirectoryFile, WriteThrough, SequentialOnly, NoIntermediateBuffering, SynchronousIoAlert, SynchronousIoNonAlert, NonDirectoryFile, CreateTreeConnection, CompleteIfOplocked, NoEaKnowledge, OpenRemoteInstance, RandomAccess, DeleteOnClose, OpenByFileId, OpenForBackupIntent, NoCompression, OpenRequiringOplock, DisallowExclusive, SessionAware, ReserveOpfilter, OpenReparsePoint, OpenNoRecall, OpenForFreeSpaceQuery</maml:para> </maml:description> <command:parameterValue required="true">FileOpenOptions</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.FileOpenOptions</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">DirectoryFile</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteThrough</command:parameterValue> <command:parameterValue required="false" variableLength="false">SequentialOnly</command:parameterValue> <command:parameterValue required="false" variableLength="false">NoIntermediateBuffering</command:parameterValue> <command:parameterValue required="false" variableLength="false">SynchronousIoAlert</command:parameterValue> <command:parameterValue required="false" variableLength="false">SynchronousIoNonAlert</command:parameterValue> <command:parameterValue required="false" variableLength="false">NonDirectoryFile</command:parameterValue> <command:parameterValue required="false" variableLength="false">CreateTreeConnection</command:parameterValue> <command:parameterValue required="false" variableLength="false">CompleteIfOplocked</command:parameterValue> <command:parameterValue required="false" variableLength="false">NoEaKnowledge</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenRemoteInstance</command:parameterValue> <command:parameterValue required="false" variableLength="false">RandomAccess</command:parameterValue> <command:parameterValue required="false" variableLength="false">DeleteOnClose</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenByFileId</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenForBackupIntent</command:parameterValue> <command:parameterValue required="false" variableLength="false">NoCompression</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenRequiringOplock</command:parameterValue> <command:parameterValue required="false" variableLength="false">DisallowExclusive</command:parameterValue> <command:parameterValue required="false" variableLength="false">SessionAware</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReserveOpfilter</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenReparsePoint</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenNoRecall</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenForFreeSpaceQuery</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: Transaction --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Transaction</maml:name> <maml:description> <maml:para>Specify a transaction to create the file under.</maml:para> </maml:description> <command:parameterValue required="true">NtTransaction</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtTransaction</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Access --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Access</maml:name> <maml:description> <maml:para>Specify the access rights for a new handle when creating/opening an object.</maml:para> <maml:para>Possible values: None, ReadData, WriteData, AppendData, ReadEa, WriteEa, Execute, DeleteChild, ReadAttributes, WriteAttributes, GenericRead, GenericWrite, GenericExecute, GenericAll, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, MaximumAllowed, AccessSystemSecurity</maml:para> </maml:description> <command:parameterValue required="true">FileAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.FileAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadData</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteData</command:parameterValue> <command:parameterValue required="false" variableLength="false">AppendData</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadEa</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteEa</command:parameterValue> <command:parameterValue required="false" variableLength="false">Execute</command:parameterValue> <command:parameterValue required="false" variableLength="false">DeleteChild</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadAttributes</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteAttributes</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> <command:parameterValue required="false" variableLength="false">AccessSystemSecurity</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: Root --> <command:parameter required="false" globbing="false" pipelineInput="true (ByValue)" position="named"> <maml:name>Root</maml:name> <maml:description> <maml:para>An existing open NT object to use when Path is relative.</maml:para> </maml:description> <command:parameterValue required="true">NtObject</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtObject</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Win32Path --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Win32Path</maml:name> <maml:description> <maml:para>Use a Win32 path for lookups. For NT objects this means relative to BNO, for files means a DOS style path.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: CloseRoot --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CloseRoot</maml:name> <maml:description> <maml:para>Automatically close the Root object when this cmdlet finishes processing. Useful for pipelines.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: CreateDirectories --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CreateDirectories</maml:name> <maml:description> <maml:para>Create any necessary NtDirectory objects to create the required object. Will return the created directories as well as the object in the output. The new object will be the first entry in the list. This doesn't work when opening an object or creating keys/files.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: AttributeFlags --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ObjectAttributes,AttributesFlags"> <maml:name>AttributeFlags</maml:name> <maml:description> <maml:para>Object Attribute flags used during Open/Create calls.</maml:para> <maml:para>Possible values: None, ProtectClose, Inherit, AuditObjectClose, Permanent, Exclusive, CaseInsensitive, OpenIf, OpenLink, KernelHandle, ForceAccessCheck, IgnoreImpersonatedDevicemap, DontReparse</maml:para> </maml:description> <command:parameterValue required="true">AttributeFlags</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.AttributeFlags</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>CaseInsensitive</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">ProtectClose</command:parameterValue> <command:parameterValue required="false" variableLength="false">Inherit</command:parameterValue> <command:parameterValue required="false" variableLength="false">AuditObjectClose</command:parameterValue> <command:parameterValue required="false" variableLength="false">Permanent</command:parameterValue> <command:parameterValue required="false" variableLength="false">Exclusive</command:parameterValue> <command:parameterValue required="false" variableLength="false">CaseInsensitive</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenIf</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenLink</command:parameterValue> <command:parameterValue required="false" variableLength="false">KernelHandle</command:parameterValue> <command:parameterValue required="false" variableLength="false">ForceAccessCheck</command:parameterValue> <command:parameterValue required="false" variableLength="false">IgnoreImpersonatedDevicemap</command:parameterValue> <command:parameterValue required="false" variableLength="false">DontReparse</command:parameterValue> </command:parameterValueGroup> </command:parameter> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ObjectAttributes,AttributesFlags"> <maml:name>ObjectAttributes</maml:name> <maml:description> <maml:para>Object Attribute flags used during Open/Create calls.</maml:para> <maml:para>Possible values: None, ProtectClose, Inherit, AuditObjectClose, Permanent, Exclusive, CaseInsensitive, OpenIf, OpenLink, KernelHandle, ForceAccessCheck, IgnoreImpersonatedDevicemap, DontReparse</maml:para> <maml:para>This is an alias of the AttributeFlags parameter.</maml:para> </maml:description> <command:parameterValue required="true">AttributeFlags</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.AttributeFlags</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>CaseInsensitive</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">ProtectClose</command:parameterValue> <command:parameterValue required="false" variableLength="false">Inherit</command:parameterValue> <command:parameterValue required="false" variableLength="false">AuditObjectClose</command:parameterValue> <command:parameterValue required="false" variableLength="false">Permanent</command:parameterValue> <command:parameterValue required="false" variableLength="false">Exclusive</command:parameterValue> <command:parameterValue required="false" variableLength="false">CaseInsensitive</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenIf</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenLink</command:parameterValue> <command:parameterValue required="false" variableLength="false">KernelHandle</command:parameterValue> <command:parameterValue required="false" variableLength="false">ForceAccessCheck</command:parameterValue> <command:parameterValue required="false" variableLength="false">IgnoreImpersonatedDevicemap</command:parameterValue> <command:parameterValue required="false" variableLength="false">DontReparse</command:parameterValue> </command:parameterValueGroup> </command:parameter> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ObjectAttributes,AttributesFlags"> <maml:name>AttributesFlags</maml:name> <maml:description> <maml:para>Object Attribute flags used during Open/Create calls.</maml:para> <maml:para>Possible values: None, ProtectClose, Inherit, AuditObjectClose, Permanent, Exclusive, CaseInsensitive, OpenIf, OpenLink, KernelHandle, ForceAccessCheck, IgnoreImpersonatedDevicemap, DontReparse</maml:para> <maml:para>This is an alias of the AttributeFlags parameter.</maml:para> </maml:description> <command:parameterValue required="true">AttributeFlags</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.AttributeFlags</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>CaseInsensitive</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">ProtectClose</command:parameterValue> <command:parameterValue required="false" variableLength="false">Inherit</command:parameterValue> <command:parameterValue required="false" variableLength="false">AuditObjectClose</command:parameterValue> <command:parameterValue required="false" variableLength="false">Permanent</command:parameterValue> <command:parameterValue required="false" variableLength="false">Exclusive</command:parameterValue> <command:parameterValue required="false" variableLength="false">CaseInsensitive</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenIf</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenLink</command:parameterValue> <command:parameterValue required="false" variableLength="false">KernelHandle</command:parameterValue> <command:parameterValue required="false" variableLength="false">ForceAccessCheck</command:parameterValue> <command:parameterValue required="false" variableLength="false">IgnoreImpersonatedDevicemap</command:parameterValue> <command:parameterValue required="false" variableLength="false">DontReparse</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: SecurityDescriptor --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>SecurityDescriptor</maml:name> <maml:description> <maml:para>Set to provide an explicit security descriptor to a newly created object.</maml:para> </maml:description> <command:parameterValue required="true">SecurityDescriptor</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SecurityDescriptor</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Inherit --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Inherit</maml:name> <maml:description> <maml:para>Set to mark the new handle as inheritable. Can be used with ObjectAttributes.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: Sddl --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Sddl</maml:name> <maml:description> <maml:para>Set to provide an explicit security descriptor to a newly created object in SDDL format.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: SecurityQualityOfService --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>SecurityQualityOfService</maml:name> <maml:description> <maml:para>Set to provide an explicit security quality of service when opening files/namedpipes.</maml:para> </maml:description> <command:parameterValue required="true">SecurityQualityOfService</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SecurityQualityOfService</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Close --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Close</maml:name> <maml:description> <maml:para>Close the object immediately and don't pass to the output. This is useful to create permanent objects without needing to close the handle manually.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: ScriptBlock --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ScriptBlock</maml:name> <maml:description> <maml:para>Invoke a script block on the created object before writing it to the output. Can be used in combination with the Close to map objects to some value.</maml:para> </maml:description> <command:parameterValue required="true">ScriptBlock</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.ScriptBlock</maml:name> <maml:uri /> </dev:type> </command:parameter> </command:parameters> <command:inputTypes> <command:inputType> <dev:type> <maml:name>NtApiDotNet.NtObject</maml:name> <maml:uri /> </dev:type> <maml:description> <maml:para>An existing open NT object to use when Path is relative.</maml:para> </maml:description> </command:inputType> </command:inputTypes> <command:returnValues> <!-- OutputType: NtFile --> <command:returnValue> <dev:type> <maml:name>NtApiDotNet.NtFile</maml:name> <maml:uri /> </dev:type> </command:returnValue> </command:returnValues> <command:examples> <command:example> <maml:title>---------- EXAMPLE 1 ----------</maml:title> <dev:code>Rename-NtFile \??\C:\path\file.exe -NewName \??\c:\newpath\file.exe</dev:code> <dev:remarks> <maml:para>Rename a file object with an absolute path.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 2 ----------</maml:title> <dev:code>Rename-NtFile \??\C:\path\file.exe -NewName \??\c:\newpath\file.exe -Link</dev:code> <dev:remarks> <maml:para>Create a link to a file object with an absolute path.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 3 ----------</maml:title> <dev:code>Rename-NtFile c:\path\file.exe -Win32Path -NewName c:\newpath\file.exe -ResolveNewName</dev:code> <dev:remarks> <maml:para>Rename a file object with an absolute win32 path.</maml:para> </dev:remarks> </command:example> </command:examples> </command:command> <!-- Cmdlet: Get-NtFileAttribute --> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"> <command:details> <command:name>Get-NtFileAttribute</command:name> <command:verb>Get</command:verb> <command:noun>NtFileAttribute</command:noun> <maml:description> <maml:para>Get the file attributes for a file.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>This cmdlet gets the file attributes for a file.</maml:para> </maml:description> <command:syntax> <!-- Parameter set: Default --> <command:syntaxItem> <maml:name>Get-NtFileAttribute</maml:name> <!-- Parameter: File --> <command:parameter required="true" globbing="false" pipelineInput="false" position="0"> <maml:name>File</maml:name> <maml:description> <maml:para>Specify the file to use.</maml:para> </maml:description> <command:parameterValue required="true">NtFile</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtFile</maml:name> <maml:uri /> </dev:type> </command:parameter> </command:syntaxItem> <!-- Parameter set: FromPath --> <command:syntaxItem> <maml:name>Get-NtFileAttribute</maml:name> <!-- Parameter: Path --> <command:parameter required="true" globbing="false" pipelineInput="false" position="0"> <maml:name>Path</maml:name> <maml:description> <maml:para>Specify the path to the file to use.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: CaseSensitive --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CaseSensitive</maml:name> <maml:description> <maml:para>Specify to open the path case sensitively.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: OpenForBackupIntent --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>OpenForBackupIntent</maml:name> <maml:description> <maml:para>Specify to open the path with backup privileges.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: OpenReparsePoint --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>OpenReparsePoint</maml:name> <maml:description> <maml:para>Specify to open the reparse point.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: Win32Path --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Win32Path</maml:name> <maml:description> <maml:para>Specify to specify the path as a Win32 path.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <!-- Parameter: File --> <command:parameter required="true" globbing="false" pipelineInput="false" position="0"> <maml:name>File</maml:name> <maml:description> <maml:para>Specify the file to use.</maml:para> </maml:description> <command:parameterValue required="true">NtFile</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtFile</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Path --> <command:parameter required="true" globbing="false" pipelineInput="false" position="0"> <maml:name>Path</maml:name> <maml:description> <maml:para>Specify the path to the file to use.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Win32Path --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Win32Path</maml:name> <maml:description> <maml:para>Specify to specify the path as a Win32 path.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: CaseSensitive --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CaseSensitive</maml:name> <maml:description> <maml:para>Specify to open the path case sensitively.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: OpenReparsePoint --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>OpenReparsePoint</maml:name> <maml:description> <maml:para>Specify to open the reparse point.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: OpenForBackupIntent --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>OpenForBackupIntent</maml:name> <maml:description> <maml:para>Specify to open the path with backup privileges.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes /> <command:returnValues> <!-- OutputType: FileAttributes --> <command:returnValue> <dev:type> <maml:name>NtApiDotNet.FileAttributes</maml:name> <maml:uri /> </dev:type> </command:returnValue> </command:returnValues> <command:examples> <command:example> <maml:title>---------- EXAMPLE 1 ----------</maml:title> <dev:code>Get-NtFileAttribute -File $f</dev:code> <dev:remarks> <maml:para>Get the file attributes for the file.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 2 ----------</maml:title> <dev:code>Get-NtFileAttribute -Path "\??\c:\windows\notepad.exe"</dev:code> <dev:remarks> <maml:para>Get the file attributes for the file by path</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 3 ----------</maml:title> <dev:code>Get-NtFileAttribute -Path "c:\windows\notepad.exe" -Win32Path</dev:code> <dev:remarks> <maml:para>Get the file attributes for the file by win32 path</maml:para> </dev:remarks> </command:example> </command:examples> </command:command> <!-- Cmdlet: Set-NtFileAttribute --> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"> <command:details> <command:name>Set-NtFileAttribute</command:name> <command:verb>Set</command:verb> <command:noun>NtFileAttribute</command:noun> <maml:description> <maml:para>Set the file attributes for a file.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>This cmdlet sets the file attributes for a file.</maml:para> </maml:description> <command:syntax> <!-- Parameter set: Default --> <command:syntaxItem> <maml:name>Set-NtFileAttribute</maml:name> <!-- Parameter: File --> <command:parameter required="true" globbing="false" pipelineInput="false" position="0"> <maml:name>File</maml:name> <maml:description> <maml:para>Specify the file to use.</maml:para> </maml:description> <command:parameterValue required="true">NtFile</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtFile</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: FileAttribute --> <command:parameter required="true" globbing="false" pipelineInput="false" position="1"> <maml:name>FileAttribute</maml:name> <maml:description> <maml:para>Specify attributes to set.</maml:para> <maml:para>Possible values: None, ReadOnly, Hidden, System, Directory, Archive, Device, Normal, Temporary, SparseFile, ReparsePoint, Compressed, Offline, NotContentIndexed, Encrypted, IntegrityStream, Virtual, NoScrubData, Ea, Pinned, Unpinned, RecallOnDataAccess</maml:para> </maml:description> <command:parameterValue required="true">FileAttributes</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.FileAttributes</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadOnly</command:parameterValue> <command:parameterValue required="false" variableLength="false">Hidden</command:parameterValue> <command:parameterValue required="false" variableLength="false">System</command:parameterValue> <command:parameterValue required="false" variableLength="false">Directory</command:parameterValue> <command:parameterValue required="false" variableLength="false">Archive</command:parameterValue> <command:parameterValue required="false" variableLength="false">Device</command:parameterValue> <command:parameterValue required="false" variableLength="false">Normal</command:parameterValue> <command:parameterValue required="false" variableLength="false">Temporary</command:parameterValue> <command:parameterValue required="false" variableLength="false">SparseFile</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReparsePoint</command:parameterValue> <command:parameterValue required="false" variableLength="false">Compressed</command:parameterValue> <command:parameterValue required="false" variableLength="false">Offline</command:parameterValue> <command:parameterValue required="false" variableLength="false">NotContentIndexed</command:parameterValue> <command:parameterValue required="false" variableLength="false">Encrypted</command:parameterValue> <command:parameterValue required="false" variableLength="false">IntegrityStream</command:parameterValue> <command:parameterValue required="false" variableLength="false">Virtual</command:parameterValue> <command:parameterValue required="false" variableLength="false">NoScrubData</command:parameterValue> <command:parameterValue required="false" variableLength="false">Ea</command:parameterValue> <command:parameterValue required="false" variableLength="false">Pinned</command:parameterValue> <command:parameterValue required="false" variableLength="false">Unpinned</command:parameterValue> <command:parameterValue required="false" variableLength="false">RecallOnDataAccess</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: PassThru --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>PassThru</maml:name> <maml:description> <maml:para>Specify to pass through the result.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> </command:syntaxItem> <!-- Parameter set: FromPath --> <command:syntaxItem> <maml:name>Set-NtFileAttribute</maml:name> <!-- Parameter: Path --> <command:parameter required="true" globbing="false" pipelineInput="false" position="0"> <maml:name>Path</maml:name> <maml:description> <maml:para>Specify the path to the file to use.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: FileAttribute --> <command:parameter required="true" globbing="false" pipelineInput="false" position="1"> <maml:name>FileAttribute</maml:name> <maml:description> <maml:para>Specify attributes to set.</maml:para> <maml:para>Possible values: None, ReadOnly, Hidden, System, Directory, Archive, Device, Normal, Temporary, SparseFile, ReparsePoint, Compressed, Offline, NotContentIndexed, Encrypted, IntegrityStream, Virtual, NoScrubData, Ea, Pinned, Unpinned, RecallOnDataAccess</maml:para> </maml:description> <command:parameterValue required="true">FileAttributes</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.FileAttributes</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadOnly</command:parameterValue> <command:parameterValue required="false" variableLength="false">Hidden</command:parameterValue> <command:parameterValue required="false" variableLength="false">System</command:parameterValue> <command:parameterValue required="false" variableLength="false">Directory</command:parameterValue> <command:parameterValue required="false" variableLength="false">Archive</command:parameterValue> <command:parameterValue required="false" variableLength="false">Device</command:parameterValue> <command:parameterValue required="false" variableLength="false">Normal</command:parameterValue> <command:parameterValue required="false" variableLength="false">Temporary</command:parameterValue> <command:parameterValue required="false" variableLength="false">SparseFile</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReparsePoint</command:parameterValue> <command:parameterValue required="false" variableLength="false">Compressed</command:parameterValue> <command:parameterValue required="false" variableLength="false">Offline</command:parameterValue> <command:parameterValue required="false" variableLength="false">NotContentIndexed</command:parameterValue> <command:parameterValue required="false" variableLength="false">Encrypted</command:parameterValue> <command:parameterValue required="false" variableLength="false">IntegrityStream</command:parameterValue> <command:parameterValue required="false" variableLength="false">Virtual</command:parameterValue> <command:parameterValue required="false" variableLength="false">NoScrubData</command:parameterValue> <command:parameterValue required="false" variableLength="false">Ea</command:parameterValue> <command:parameterValue required="false" variableLength="false">Pinned</command:parameterValue> <command:parameterValue required="false" variableLength="false">Unpinned</command:parameterValue> <command:parameterValue required="false" variableLength="false">RecallOnDataAccess</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: CaseSensitive --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CaseSensitive</maml:name> <maml:description> <maml:para>Specify to open the path case sensitively.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: OpenForBackupIntent --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>OpenForBackupIntent</maml:name> <maml:description> <maml:para>Specify to open the path with backup privileges.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: OpenReparsePoint --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>OpenReparsePoint</maml:name> <maml:description> <maml:para>Specify to open the reparse point.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: PassThru --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>PassThru</maml:name> <maml:description> <maml:para>Specify to pass through the result.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: Win32Path --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Win32Path</maml:name> <maml:description> <maml:para>Specify to specify the path as a Win32 path.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <!-- Parameter: FileAttribute --> <command:parameter required="true" globbing="false" pipelineInput="false" position="1"> <maml:name>FileAttribute</maml:name> <maml:description> <maml:para>Specify attributes to set.</maml:para> <maml:para>Possible values: None, ReadOnly, Hidden, System, Directory, Archive, Device, Normal, Temporary, SparseFile, ReparsePoint, Compressed, Offline, NotContentIndexed, Encrypted, IntegrityStream, Virtual, NoScrubData, Ea, Pinned, Unpinned, RecallOnDataAccess</maml:para> </maml:description> <command:parameterValue required="true">FileAttributes</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.FileAttributes</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadOnly</command:parameterValue> <command:parameterValue required="false" variableLength="false">Hidden</command:parameterValue> <command:parameterValue required="false" variableLength="false">System</command:parameterValue> <command:parameterValue required="false" variableLength="false">Directory</command:parameterValue> <command:parameterValue required="false" variableLength="false">Archive</command:parameterValue> <command:parameterValue required="false" variableLength="false">Device</command:parameterValue> <command:parameterValue required="false" variableLength="false">Normal</command:parameterValue> <command:parameterValue required="false" variableLength="false">Temporary</command:parameterValue> <command:parameterValue required="false" variableLength="false">SparseFile</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReparsePoint</command:parameterValue> <command:parameterValue required="false" variableLength="false">Compressed</command:parameterValue> <command:parameterValue required="false" variableLength="false">Offline</command:parameterValue> <command:parameterValue required="false" variableLength="false">NotContentIndexed</command:parameterValue> <command:parameterValue required="false" variableLength="false">Encrypted</command:parameterValue> <command:parameterValue required="false" variableLength="false">IntegrityStream</command:parameterValue> <command:parameterValue required="false" variableLength="false">Virtual</command:parameterValue> <command:parameterValue required="false" variableLength="false">NoScrubData</command:parameterValue> <command:parameterValue required="false" variableLength="false">Ea</command:parameterValue> <command:parameterValue required="false" variableLength="false">Pinned</command:parameterValue> <command:parameterValue required="false" variableLength="false">Unpinned</command:parameterValue> <command:parameterValue required="false" variableLength="false">RecallOnDataAccess</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: PassThru --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>PassThru</maml:name> <maml:description> <maml:para>Specify to pass through the result.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: File --> <command:parameter required="true" globbing="false" pipelineInput="false" position="0"> <maml:name>File</maml:name> <maml:description> <maml:para>Specify the file to use.</maml:para> </maml:description> <command:parameterValue required="true">NtFile</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtFile</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Path --> <command:parameter required="true" globbing="false" pipelineInput="false" position="0"> <maml:name>Path</maml:name> <maml:description> <maml:para>Specify the path to the file to use.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Win32Path --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Win32Path</maml:name> <maml:description> <maml:para>Specify to specify the path as a Win32 path.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: CaseSensitive --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CaseSensitive</maml:name> <maml:description> <maml:para>Specify to open the path case sensitively.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: OpenReparsePoint --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>OpenReparsePoint</maml:name> <maml:description> <maml:para>Specify to open the reparse point.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: OpenForBackupIntent --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>OpenForBackupIntent</maml:name> <maml:description> <maml:para>Specify to open the path with backup privileges.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes /> <command:returnValues> <!-- OutputType: FileAttributes --> <command:returnValue> <dev:type> <maml:name>NtApiDotNet.FileAttributes</maml:name> <maml:uri /> </dev:type> </command:returnValue> </command:returnValues> <command:examples> <command:example> <maml:title>---------- EXAMPLE 1 ----------</maml:title> <dev:code>Set-NtFileAttribute -File $f -FileAttribute Normal</dev:code> <dev:remarks> <maml:para>Set the file attributes for the file.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 2 ----------</maml:title> <dev:code>Set-NtFileAttribute -Path "\??\c:\windows\notepad.exe" -FileAttribute Normal</dev:code> <dev:remarks> <maml:para>Set the file attributes for the file by path</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 3 ----------</maml:title> <dev:code>Set-NtFileAttribute -Path "c:\windows\notepad.exe" -Win32Path -FileAttribute Normal</dev:code> <dev:remarks> <maml:para>Set the file attributes for the file by win32 path</maml:para> </dev:remarks> </command:example> </command:examples> </command:command> <!-- Cmdlet: Get-NtFileChild --> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"> <command:details> <command:name>Get-NtFileChild</command:name> <command:verb>Get</command:verb> <command:noun>NtFileChild</command:noun> <maml:description> <maml:para>Get the accessible children of a file directory.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>This cmdlet gets the children of a file directory object. It allows the children to be extracted recursively. You can choose to get the children through the pipeline or specify a vistor script.</maml:para> </maml:description> <command:syntax> <!-- Parameter set: __AllParameterSets --> <command:syntaxItem> <maml:name>Get-NtFileChild</maml:name> <!-- Parameter: Object --> <command:parameter required="true" globbing="false" pipelineInput="false" position="0"> <maml:name>Object</maml:name> <maml:description> <maml:para>Specify an object to get children from, should be a directory.</maml:para> </maml:description> <command:parameterValue required="true">NtFile</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtFile</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Access --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Access</maml:name> <maml:description> <maml:para>Specify the access when opening a child.</maml:para> <maml:para>Possible values: None, ReadData, WriteData, AppendData, ReadEa, WriteEa, Execute, DeleteChild, ReadAttributes, WriteAttributes, GenericRead, GenericWrite, GenericExecute, GenericAll, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, MaximumAllowed, AccessSystemSecurity</maml:para> </maml:description> <command:parameterValue required="true">FileAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.FileAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>ReadAttributes, ReadControl</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadData</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteData</command:parameterValue> <command:parameterValue required="false" variableLength="false">AppendData</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadEa</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteEa</command:parameterValue> <command:parameterValue required="false" variableLength="false">Execute</command:parameterValue> <command:parameterValue required="false" variableLength="false">DeleteChild</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadAttributes</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteAttributes</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> <command:parameterValue required="false" variableLength="false">AccessSystemSecurity</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: DirectoryAccess --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>DirectoryAccess</maml:name> <maml:description> <maml:para>Specify file access using directory access rights.</maml:para> <maml:para>Possible values: None, ListDirectory, AddFile, AddSubDirectory, ReadEa, WriteEa, Traverse, DeleteChild, ReadAttributes, WriteAttributes, GenericRead, GenericWrite, GenericExecute, GenericAll, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, MaximumAllowed, AccessSystemSecurity</maml:para> </maml:description> <command:parameterValue required="true">FileDirectoryAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.FileDirectoryAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>ReadAttributes, ReadControl</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">ListDirectory</command:parameterValue> <command:parameterValue required="false" variableLength="false">AddFile</command:parameterValue> <command:parameterValue required="false" variableLength="false">AddSubDirectory</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadEa</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteEa</command:parameterValue> <command:parameterValue required="false" variableLength="false">Traverse</command:parameterValue> <command:parameterValue required="false" variableLength="false">DeleteChild</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadAttributes</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteAttributes</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> <command:parameterValue required="false" variableLength="false">AccessSystemSecurity</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: FileMask --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>FileMask</maml:name> <maml:description> <maml:para>Specify a filter name filter such as *.txt.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>*</dev:defaultValue> </command:parameter> <!-- Parameter: Filter --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Filter</maml:name> <maml:description> <maml:para>Specify a script block to filter child objects. Return $true to keep the object.</maml:para> </maml:description> <command:parameterValue required="true">ScriptBlock</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.ScriptBlock</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: MaxDepth --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>MaxDepth</maml:name> <maml:description> <maml:para>When recursing specify the maximum depth of recursion. -1 indicates no limit.</maml:para> </maml:description> <command:parameterValue required="true">int</command:parameterValue> <dev:type> <maml:name>System.Int32</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>-1</dev:defaultValue> </command:parameter> <!-- Parameter: OpenForBackup --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>OpenForBackup</maml:name> <maml:description> <maml:para>Open keys for backup. Needs SeBackupPrivilege enabled.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: Recurse --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Recurse</maml:name> <maml:description> <maml:para>Get children recursively.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: ShareMode --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ShareMode</maml:name> <maml:description> <maml:para>The access share mode to open the files with.</maml:para> <maml:para>Possible values: None, Read, Write, Delete, All</maml:para> </maml:description> <command:parameterValue required="true">FileShareMode</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.FileShareMode</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">Read</command:parameterValue> <command:parameterValue required="false" variableLength="false">Write</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">All</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: Streams --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Streams</maml:name> <maml:description> <maml:para>Get named streams of files as well as children.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: TypeMask --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>TypeMask</maml:name> <maml:description> <maml:para>Specify the types of files to return.</maml:para> <maml:para>Possible values: All, FilesOnly, DirectoriesOnly</maml:para> </maml:description> <command:parameterValue required="true">FileTypeMask</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.FileTypeMask</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>All</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">All</command:parameterValue> <command:parameterValue required="false" variableLength="false">FilesOnly</command:parameterValue> <command:parameterValue required="false" variableLength="false">DirectoriesOnly</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: Visitor --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Visitor</maml:name> <maml:description> <maml:para>Specify a script block to run for every child. The file object will automatically be disposed once the vistor has executed. If you want to cancel enumeration return $false.</maml:para> </maml:description> <command:parameterValue required="true">ScriptBlock</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.ScriptBlock</maml:name> <maml:uri /> </dev:type> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <!-- Parameter: OpenForBackup --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>OpenForBackup</maml:name> <maml:description> <maml:para>Open keys for backup. Needs SeBackupPrivilege enabled.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: Streams --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Streams</maml:name> <maml:description> <maml:para>Get named streams of files as well as children.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: DirectoryAccess --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>DirectoryAccess</maml:name> <maml:description> <maml:para>Specify file access using directory access rights.</maml:para> <maml:para>Possible values: None, ListDirectory, AddFile, AddSubDirectory, ReadEa, WriteEa, Traverse, DeleteChild, ReadAttributes, WriteAttributes, GenericRead, GenericWrite, GenericExecute, GenericAll, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, MaximumAllowed, AccessSystemSecurity</maml:para> </maml:description> <command:parameterValue required="true">FileDirectoryAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.FileDirectoryAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>ReadAttributes, ReadControl</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">ListDirectory</command:parameterValue> <command:parameterValue required="false" variableLength="false">AddFile</command:parameterValue> <command:parameterValue required="false" variableLength="false">AddSubDirectory</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadEa</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteEa</command:parameterValue> <command:parameterValue required="false" variableLength="false">Traverse</command:parameterValue> <command:parameterValue required="false" variableLength="false">DeleteChild</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadAttributes</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteAttributes</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> <command:parameterValue required="false" variableLength="false">AccessSystemSecurity</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: ShareMode --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ShareMode</maml:name> <maml:description> <maml:para>The access share mode to open the files with.</maml:para> <maml:para>Possible values: None, Read, Write, Delete, All</maml:para> </maml:description> <command:parameterValue required="true">FileShareMode</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.FileShareMode</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">Read</command:parameterValue> <command:parameterValue required="false" variableLength="false">Write</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">All</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: FileMask --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>FileMask</maml:name> <maml:description> <maml:para>Specify a filter name filter such as *.txt.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>*</dev:defaultValue> </command:parameter> <!-- Parameter: TypeMask --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>TypeMask</maml:name> <maml:description> <maml:para>Specify the types of files to return.</maml:para> <maml:para>Possible values: All, FilesOnly, DirectoriesOnly</maml:para> </maml:description> <command:parameterValue required="true">FileTypeMask</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.FileTypeMask</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>All</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">All</command:parameterValue> <command:parameterValue required="false" variableLength="false">FilesOnly</command:parameterValue> <command:parameterValue required="false" variableLength="false">DirectoriesOnly</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: Object --> <command:parameter required="true" globbing="false" pipelineInput="false" position="0"> <maml:name>Object</maml:name> <maml:description> <maml:para>Specify an object to get children from, should be a directory.</maml:para> </maml:description> <command:parameterValue required="true">NtFile</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtFile</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Access --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Access</maml:name> <maml:description> <maml:para>Specify the access when opening a child.</maml:para> <maml:para>Possible values: None, ReadData, WriteData, AppendData, ReadEa, WriteEa, Execute, DeleteChild, ReadAttributes, WriteAttributes, GenericRead, GenericWrite, GenericExecute, GenericAll, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, MaximumAllowed, AccessSystemSecurity</maml:para> </maml:description> <command:parameterValue required="true">FileAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.FileAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>ReadAttributes, ReadControl</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadData</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteData</command:parameterValue> <command:parameterValue required="false" variableLength="false">AppendData</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadEa</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteEa</command:parameterValue> <command:parameterValue required="false" variableLength="false">Execute</command:parameterValue> <command:parameterValue required="false" variableLength="false">DeleteChild</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadAttributes</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteAttributes</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> <command:parameterValue required="false" variableLength="false">AccessSystemSecurity</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: Recurse --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Recurse</maml:name> <maml:description> <maml:para>Get children recursively.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: MaxDepth --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>MaxDepth</maml:name> <maml:description> <maml:para>When recursing specify the maximum depth of recursion. -1 indicates no limit.</maml:para> </maml:description> <command:parameterValue required="true">int</command:parameterValue> <dev:type> <maml:name>System.Int32</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>-1</dev:defaultValue> </command:parameter> <!-- Parameter: Visitor --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Visitor</maml:name> <maml:description> <maml:para>Specify a script block to run for every child. The file object will automatically be disposed once the vistor has executed. If you want to cancel enumeration return $false.</maml:para> </maml:description> <command:parameterValue required="true">ScriptBlock</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.ScriptBlock</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Filter --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Filter</maml:name> <maml:description> <maml:para>Specify a script block to filter child objects. Return $true to keep the object.</maml:para> </maml:description> <command:parameterValue required="true">ScriptBlock</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.ScriptBlock</maml:name> <maml:uri /> </dev:type> </command:parameter> </command:parameters> <command:inputTypes /> <command:returnValues /> <command:examples> <command:example> <maml:title>---------- EXAMPLE 1 ----------</maml:title> <dev:code>$files = Get-NtFileChild $file</dev:code> <dev:remarks> <maml:para>Get immediate children of a file directory.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 2 ----------</maml:title> <dev:code>$files = Get-NtFileChild $file -Streams</dev:code> <dev:remarks> <maml:para>Get immediate children and any streams of a file.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 3 ----------</maml:title> <dev:code>$files = Get-NtFileChild $file -Recurse</dev:code> <dev:remarks> <maml:para>Get children of a file directory recursively.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 4 ----------</maml:title> <dev:code>$files = Get-NtFileChild $file -Recurse -OpenForBackup</dev:code> <dev:remarks> <maml:para>Get children of a file directory recursively.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 5 ----------</maml:title> <dev:code>$files = Get-NtFileChild $file -Recurse -MaxDepth 2</dev:code> <dev:remarks> <maml:para>Get children of a file directory recursively up to a maximum depth of 2.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 6 ----------</maml:title> <dev:code>$files = Get-NtFileChild $file -Recurse -FileMask *.txt</dev:code> <dev:remarks> <maml:para>Get children of a file directory recursively, only returning files which match the pattern *.txt.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 7 ----------</maml:title> <dev:code>$files = Get-NtFileChild $file -Recurse -TypeMask DirectoriesOnly</dev:code> <dev:remarks> <maml:para>Get children of a file directory recursively, only returning directories.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 8 ----------</maml:title> <dev:code>$files = Get-NtFileChild $file Access ReadControl</dev:code> <dev:remarks> <maml:para>Get children of a file directory which can be opened for ReadControl access.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 9 ----------</maml:title> <dev:code>Get-NtFileChild $file -Visitor { $path = $_.FullPath; Write-Host $path }</dev:code> <dev:remarks> <maml:para>Get children of a file directory via the visitor pattern.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 10 ----------</maml:title> <dev:code>Get-NtFileChild $file -Recurse -Visitor { $path = $_.FullPath; Write-Host $path; $path -notmatch "BLAH" }</dev:code> <dev:remarks> <maml:para>Get children of a file directory via the visitor pattern, exiting the recursion if the object path contains the string BLAH.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 11 ----------</maml:title> <dev:code>$files = Get-NtFileChild $file -Recurse -Filter { $_.FullPath -match "BLAH" }</dev:code> <dev:remarks> <maml:para>Get children of a file directory filtering out any objects which don't have BLAH in the name.</maml:para> </dev:remarks> </command:example> </command:examples> <maml:relatedLinks> <maml:navigationLink> <maml:linkText>about_ManagingNtObjectLifetime</maml:linkText> </maml:navigationLink> </maml:relatedLinks> </command:command> <!-- Cmdlet: Get-NtFileCompression --> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"> <command:details> <command:name>Get-NtFileCompression</command:name> <command:verb>Get</command:verb> <command:noun>NtFileCompression</command:noun> <maml:description> <maml:para>Get the compression format for a file.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>This cmdlet gets the compression format for a file.</maml:para> </maml:description> <command:syntax> <!-- Parameter set: Default --> <command:syntaxItem> <maml:name>Get-NtFileCompression</maml:name> <!-- Parameter: File --> <command:parameter required="true" globbing="false" pipelineInput="false" position="0"> <maml:name>File</maml:name> <maml:description> <maml:para>Specify the file to use.</maml:para> </maml:description> <command:parameterValue required="true">NtFile</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtFile</maml:name> <maml:uri /> </dev:type> </command:parameter> </command:syntaxItem> <!-- Parameter set: FromPath --> <command:syntaxItem> <maml:name>Get-NtFileCompression</maml:name> <!-- Parameter: Path --> <command:parameter required="true" globbing="false" pipelineInput="false" position="0"> <maml:name>Path</maml:name> <maml:description> <maml:para>Specify the path to the file to use.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: CaseSensitive --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CaseSensitive</maml:name> <maml:description> <maml:para>Specify to open the path case sensitively.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: OpenForBackupIntent --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>OpenForBackupIntent</maml:name> <maml:description> <maml:para>Specify to open the path with backup privileges.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: OpenReparsePoint --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>OpenReparsePoint</maml:name> <maml:description> <maml:para>Specify to open the reparse point.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: Win32Path --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Win32Path</maml:name> <maml:description> <maml:para>Specify to specify the path as a Win32 path.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <!-- Parameter: File --> <command:parameter required="true" globbing="false" pipelineInput="false" position="0"> <maml:name>File</maml:name> <maml:description> <maml:para>Specify the file to use.</maml:para> </maml:description> <command:parameterValue required="true">NtFile</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtFile</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Path --> <command:parameter required="true" globbing="false" pipelineInput="false" position="0"> <maml:name>Path</maml:name> <maml:description> <maml:para>Specify the path to the file to use.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Win32Path --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Win32Path</maml:name> <maml:description> <maml:para>Specify to specify the path as a Win32 path.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: CaseSensitive --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CaseSensitive</maml:name> <maml:description> <maml:para>Specify to open the path case sensitively.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: OpenReparsePoint --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>OpenReparsePoint</maml:name> <maml:description> <maml:para>Specify to open the reparse point.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: OpenForBackupIntent --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>OpenForBackupIntent</maml:name> <maml:description> <maml:para>Specify to open the path with backup privileges.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes /> <command:returnValues> <!-- OutputType: CompressionFormat --> <command:returnValue> <dev:type> <maml:name>NtApiDotNet.CompressionFormat</maml:name> <maml:uri /> </dev:type> </command:returnValue> </command:returnValues> <command:examples> <command:example> <maml:title>---------- EXAMPLE 1 ----------</maml:title> <dev:code>Get-NtFileCompression -File $f</dev:code> <dev:remarks> <maml:para>Get the compression format for the file.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 2 ----------</maml:title> <dev:code>Get-NtFileCompression -Path "\??\c:\windows\notepad.exe"</dev:code> <dev:remarks> <maml:para>Get the compression format for the file by path</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 3 ----------</maml:title> <dev:code>Get-NtFileCompression -Path "c:\windows\notepad.exe" -Win32Path</dev:code> <dev:remarks> <maml:para>Get the compression format for the file by win32 path</maml:para> </dev:remarks> </command:example> </command:examples> </command:command> <!-- Cmdlet: Set-NtFileCompression --> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"> <command:details> <command:name>Set-NtFileCompression</command:name> <command:verb>Set</command:verb> <command:noun>NtFileCompression</command:noun> <maml:description> <maml:para>Set the compression format for a file.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>This cmdlet sets the compression format for a file.</maml:para> </maml:description> <command:syntax> <!-- Parameter set: Default --> <command:syntaxItem> <maml:name>Set-NtFileCompression</maml:name> <!-- Parameter: File --> <command:parameter required="true" globbing="false" pipelineInput="false" position="0"> <maml:name>File</maml:name> <maml:description> <maml:para>Specify the file to use.</maml:para> </maml:description> <command:parameterValue required="true">NtFile</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtFile</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Format --> <command:parameter required="true" globbing="false" pipelineInput="false" position="1"> <maml:name>Format</maml:name> <maml:description> <maml:para>Specify compression format to set.</maml:para> <maml:para>Possible values: None, Default, LZNT1, XPress, XPressHuff</maml:para> </maml:description> <command:parameterValue required="true">CompressionFormat</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.CompressionFormat</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">Default</command:parameterValue> <command:parameterValue required="false" variableLength="false">LZNT1</command:parameterValue> <command:parameterValue required="false" variableLength="false">XPress</command:parameterValue> <command:parameterValue required="false" variableLength="false">XPressHuff</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: PassThru --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>PassThru</maml:name> <maml:description> <maml:para>Specify to pass through the result.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> </command:syntaxItem> <!-- Parameter set: FromPath --> <command:syntaxItem> <maml:name>Set-NtFileCompression</maml:name> <!-- Parameter: Path --> <command:parameter required="true" globbing="false" pipelineInput="false" position="0"> <maml:name>Path</maml:name> <maml:description> <maml:para>Specify the path to the file to use.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Format --> <command:parameter required="true" globbing="false" pipelineInput="false" position="1"> <maml:name>Format</maml:name> <maml:description> <maml:para>Specify compression format to set.</maml:para> <maml:para>Possible values: None, Default, LZNT1, XPress, XPressHuff</maml:para> </maml:description> <command:parameterValue required="true">CompressionFormat</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.CompressionFormat</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">Default</command:parameterValue> <command:parameterValue required="false" variableLength="false">LZNT1</command:parameterValue> <command:parameterValue required="false" variableLength="false">XPress</command:parameterValue> <command:parameterValue required="false" variableLength="false">XPressHuff</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: CaseSensitive --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CaseSensitive</maml:name> <maml:description> <maml:para>Specify to open the path case sensitively.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: OpenForBackupIntent --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>OpenForBackupIntent</maml:name> <maml:description> <maml:para>Specify to open the path with backup privileges.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: OpenReparsePoint --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>OpenReparsePoint</maml:name> <maml:description> <maml:para>Specify to open the reparse point.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: PassThru --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>PassThru</maml:name> <maml:description> <maml:para>Specify to pass through the result.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: Win32Path --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Win32Path</maml:name> <maml:description> <maml:para>Specify to specify the path as a Win32 path.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <!-- Parameter: PassThru --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>PassThru</maml:name> <maml:description> <maml:para>Specify to pass through the result.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: Format --> <command:parameter required="true" globbing="false" pipelineInput="false" position="1"> <maml:name>Format</maml:name> <maml:description> <maml:para>Specify compression format to set.</maml:para> <maml:para>Possible values: None, Default, LZNT1, XPress, XPressHuff</maml:para> </maml:description> <command:parameterValue required="true">CompressionFormat</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.CompressionFormat</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">Default</command:parameterValue> <command:parameterValue required="false" variableLength="false">LZNT1</command:parameterValue> <command:parameterValue required="false" variableLength="false">XPress</command:parameterValue> <command:parameterValue required="false" variableLength="false">XPressHuff</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: File --> <command:parameter required="true" globbing="false" pipelineInput="false" position="0"> <maml:name>File</maml:name> <maml:description> <maml:para>Specify the file to use.</maml:para> </maml:description> <command:parameterValue required="true">NtFile</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtFile</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Path --> <command:parameter required="true" globbing="false" pipelineInput="false" position="0"> <maml:name>Path</maml:name> <maml:description> <maml:para>Specify the path to the file to use.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Win32Path --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Win32Path</maml:name> <maml:description> <maml:para>Specify to specify the path as a Win32 path.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: CaseSensitive --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CaseSensitive</maml:name> <maml:description> <maml:para>Specify to open the path case sensitively.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: OpenReparsePoint --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>OpenReparsePoint</maml:name> <maml:description> <maml:para>Specify to open the reparse point.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: OpenForBackupIntent --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>OpenForBackupIntent</maml:name> <maml:description> <maml:para>Specify to open the path with backup privileges.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes /> <command:returnValues> <!-- OutputType: CompressionFormat --> <command:returnValue> <dev:type> <maml:name>NtApiDotNet.CompressionFormat</maml:name> <maml:uri /> </dev:type> </command:returnValue> </command:returnValues> <command:examples> <command:example> <maml:title>---------- EXAMPLE 1 ----------</maml:title> <dev:code>Set-NtFileCompression -File $f -Format Default</dev:code> <dev:remarks> <maml:para>Set the compression format for the file.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 2 ----------</maml:title> <dev:code>Set-NtFileCompression -Path "\??\c:\windows\notepad.exe" -Format Default</dev:code> <dev:remarks> <maml:para>Set the compression format for the file by path</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 3 ----------</maml:title> <dev:code>Set-NtFileCompression -Path "c:\windows\notepad.exe" -Win32Path -Format Default</dev:code> <dev:remarks> <maml:para>Set the compression format for the file by win32 path</maml:para> </dev:remarks> </command:example> </command:examples> </command:command> <!-- Cmdlet: Send-NtFileControl --> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"> <command:details> <command:name>Send-NtFileControl</command:name> <command:verb>Send</command:verb> <command:noun>NtFileControl</command:noun> <maml:description> <maml:para>Sends a control code to a file.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>This cmdlet sends a control code to a file.</maml:para> </maml:description> <command:syntax> <!-- Parameter set: __AllParameterSets --> <command:syntaxItem> <maml:name>Send-NtFileControl</maml:name> <!-- Parameter: File --> <command:parameter required="true" globbing="false" pipelineInput="false" position="0"> <maml:name>File</maml:name> <maml:description> <maml:para>The file object to send the control code to.</maml:para> </maml:description> <command:parameterValue required="true">NtFile</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtFile</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: ControlCode --> <command:parameter required="true" globbing="false" pipelineInput="false" position="1"> <maml:name>ControlCode</maml:name> <maml:description> <maml:para>The control code to send.</maml:para> </maml:description> <command:parameterValue required="true">NtIoControlCode</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtIoControlCode</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>DeviceType: 0 Function: 0 Method: Buffered Access: Any</dev:defaultValue> </command:parameter> <!-- Parameter: Function --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Function</maml:name> <maml:description> <maml:para>Specify the IO control function to send to.</maml:para> <maml:para>Possible values: Default, FsControl, DeviceIoControl</maml:para> </maml:description> <command:parameterValue required="true">SendNtFileControlFunc</command:parameterValue> <dev:type> <maml:name>NtObjectManager.Cmdlets.Object.SendNtFileControlFunc</maml:name> <maml:uri /> <maml:description> <maml:para>Choose the function to send the IO control code to.</maml:para> </maml:description> </dev:type> <dev:defaultValue>Default</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">Default</command:parameterValue> <command:parameterValue required="false" variableLength="false">FsControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">DeviceIoControl</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: Input --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Input</maml:name> <maml:description> <maml:para>The input bytes to send.</maml:para> </maml:description> <command:parameterValue required="true">byte[]</command:parameterValue> <dev:type> <maml:name>System.Byte[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: OutputLength --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>OutputLength</maml:name> <maml:description> <maml:para>The number of bytes maximum to get from the output.</maml:para> </maml:description> <command:parameterValue required="true">int</command:parameterValue> <dev:type> <maml:name>System.Int32</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>0</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <!-- Parameter: File --> <command:parameter required="true" globbing="false" pipelineInput="false" position="0"> <maml:name>File</maml:name> <maml:description> <maml:para>The file object to send the control code to.</maml:para> </maml:description> <command:parameterValue required="true">NtFile</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtFile</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: ControlCode --> <command:parameter required="true" globbing="false" pipelineInput="false" position="1"> <maml:name>ControlCode</maml:name> <maml:description> <maml:para>The control code to send.</maml:para> </maml:description> <command:parameterValue required="true">NtIoControlCode</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtIoControlCode</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>DeviceType: 0 Function: 0 Method: Buffered Access: Any</dev:defaultValue> </command:parameter> <!-- Parameter: Input --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Input</maml:name> <maml:description> <maml:para>The input bytes to send.</maml:para> </maml:description> <command:parameterValue required="true">byte[]</command:parameterValue> <dev:type> <maml:name>System.Byte[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: OutputLength --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>OutputLength</maml:name> <maml:description> <maml:para>The number of bytes maximum to get from the output.</maml:para> </maml:description> <command:parameterValue required="true">int</command:parameterValue> <dev:type> <maml:name>System.Int32</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>0</dev:defaultValue> </command:parameter> <!-- Parameter: Function --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Function</maml:name> <maml:description> <maml:para>Specify the IO control function to send to.</maml:para> <maml:para>Possible values: Default, FsControl, DeviceIoControl</maml:para> </maml:description> <command:parameterValue required="true">SendNtFileControlFunc</command:parameterValue> <dev:type> <maml:name>NtObjectManager.Cmdlets.Object.SendNtFileControlFunc</maml:name> <maml:uri /> <maml:description> <maml:para>Choose the function to send the IO control code to.</maml:para> </maml:description> </dev:type> <dev:defaultValue>Default</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">Default</command:parameterValue> <command:parameterValue required="false" variableLength="false">FsControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">DeviceIoControl</command:parameterValue> </command:parameterValueGroup> </command:parameter> </command:parameters> <command:inputTypes /> <command:returnValues> <!-- OutputType: Byte[] --> <command:returnValue> <dev:type> <maml:name>System.Byte[]</maml:name> <maml:uri /> </dev:type> </command:returnValue> </command:returnValues> <command:examples> <command:example> <maml:title>---------- EXAMPLE 1 ----------</maml:title> <dev:code>Send-NtFileControl -File $file -ControlCode 1234 -Input @(1, 2, 3, 4) -OutputLength 100</dev:code> <dev:remarks> <maml:para>Send the control code 1234 with input and a maximum output length of 100 bytes.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 2 ----------</maml:title> <dev:code>Send-NtFileControl -File $file -ControlCode 4567 -OutputLength 100</dev:code> <dev:remarks> <maml:para>Send the control code 4567 with no input and a maximum output length of 100 bytes.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 3 ----------</maml:title> <dev:code>Send-NtFileControl -File $file -ControlCode 4567 -Input @(1, 2, 3, 4)</dev:code> <dev:remarks> <maml:para>Send the control code 4567 with input and no output.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 4 ----------</maml:title> <dev:code>Send-NtFileControl -File $file -ControlCode 4567 -Input @(1, 2, 3, 4) -Function FsControl</dev:code> <dev:remarks> <maml:para>Send the control code 4567 with input and no output. Always sends to FsControl regardless of the control code.</maml:para> </dev:remarks> </command:example> </command:examples> </command:command> <!-- Cmdlet: Get-NtFileFinalPath --> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"> <command:details> <command:name>Get-NtFileFinalPath</command:name> <command:verb>Get</command:verb> <command:noun>NtFileFinalPath</command:noun> <maml:description> <maml:para>Get the final path name for a file.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>This cmdlet gets the final pathname for a file.</maml:para> </maml:description> <command:syntax> <!-- Parameter set: Default --> <command:syntaxItem> <maml:name>Get-NtFileFinalPath</maml:name> <!-- Parameter: File --> <command:parameter required="true" globbing="false" pipelineInput="false" position="0"> <maml:name>File</maml:name> <maml:description> <maml:para>Specify the file to use.</maml:para> </maml:description> <command:parameterValue required="true">NtFile</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtFile</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Flags --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Flags</maml:name> <maml:description> <maml:para>Specify the name format when formatting as a Win32 path.</maml:para> <maml:para>Possible values: None, NameGuid, NameNt, NameNone, Opened</maml:para> </maml:description> <command:parameterValue required="true">Win32PathNameFlags</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.Win32.Win32PathNameFlags</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">NameGuid</command:parameterValue> <command:parameterValue required="false" variableLength="false">NameNt</command:parameterValue> <command:parameterValue required="false" variableLength="false">NameNone</command:parameterValue> <command:parameterValue required="false" variableLength="false">Opened</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: FormatWin32Path --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>FormatWin32Path</maml:name> <maml:description> <maml:para>Specify to format the links as Win32 paths.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> </command:syntaxItem> <!-- Parameter set: FromPath --> <command:syntaxItem> <maml:name>Get-NtFileFinalPath</maml:name> <!-- Parameter: Path --> <command:parameter required="true" globbing="false" pipelineInput="false" position="0"> <maml:name>Path</maml:name> <maml:description> <maml:para>Specify the path to the file to use.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: CaseSensitive --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CaseSensitive</maml:name> <maml:description> <maml:para>Specify to open the path case sensitively.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: Flags --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Flags</maml:name> <maml:description> <maml:para>Specify the name format when formatting as a Win32 path.</maml:para> <maml:para>Possible values: None, NameGuid, NameNt, NameNone, Opened</maml:para> </maml:description> <command:parameterValue required="true">Win32PathNameFlags</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.Win32.Win32PathNameFlags</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">NameGuid</command:parameterValue> <command:parameterValue required="false" variableLength="false">NameNt</command:parameterValue> <command:parameterValue required="false" variableLength="false">NameNone</command:parameterValue> <command:parameterValue required="false" variableLength="false">Opened</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: FormatWin32Path --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>FormatWin32Path</maml:name> <maml:description> <maml:para>Specify to format the links as Win32 paths.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: OpenForBackupIntent --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>OpenForBackupIntent</maml:name> <maml:description> <maml:para>Specify to open the path with backup privileges.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: OpenReparsePoint --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>OpenReparsePoint</maml:name> <maml:description> <maml:para>Specify to open the reparse point.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: Win32Path --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Win32Path</maml:name> <maml:description> <maml:para>Specify to specify the path as a Win32 path.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <!-- Parameter: FormatWin32Path --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>FormatWin32Path</maml:name> <maml:description> <maml:para>Specify to format the links as Win32 paths.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: Flags --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Flags</maml:name> <maml:description> <maml:para>Specify the name format when formatting as a Win32 path.</maml:para> <maml:para>Possible values: None, NameGuid, NameNt, NameNone, Opened</maml:para> </maml:description> <command:parameterValue required="true">Win32PathNameFlags</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.Win32.Win32PathNameFlags</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">NameGuid</command:parameterValue> <command:parameterValue required="false" variableLength="false">NameNt</command:parameterValue> <command:parameterValue required="false" variableLength="false">NameNone</command:parameterValue> <command:parameterValue required="false" variableLength="false">Opened</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: File --> <command:parameter required="true" globbing="false" pipelineInput="false" position="0"> <maml:name>File</maml:name> <maml:description> <maml:para>Specify the file to use.</maml:para> </maml:description> <command:parameterValue required="true">NtFile</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtFile</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Path --> <command:parameter required="true" globbing="false" pipelineInput="false" position="0"> <maml:name>Path</maml:name> <maml:description> <maml:para>Specify the path to the file to use.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Win32Path --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Win32Path</maml:name> <maml:description> <maml:para>Specify to specify the path as a Win32 path.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: CaseSensitive --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CaseSensitive</maml:name> <maml:description> <maml:para>Specify to open the path case sensitively.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: OpenReparsePoint --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>OpenReparsePoint</maml:name> <maml:description> <maml:para>Specify to open the reparse point.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: OpenForBackupIntent --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>OpenForBackupIntent</maml:name> <maml:description> <maml:para>Specify to open the path with backup privileges.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes /> <command:returnValues> <!-- OutputType: String --> <command:returnValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:returnValue> </command:returnValues> <command:examples> <command:example> <maml:title>---------- EXAMPLE 1 ----------</maml:title> <dev:code>Get-NtFileFinalPath -File $f</dev:code> <dev:remarks> <maml:para>Get the path for the file.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 2 ----------</maml:title> <dev:code>Get-NtFileFinalPath -Path "\??\c:\windows\notepad.exe"</dev:code> <dev:remarks> <maml:para>Get the path for the file by path.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 3 ----------</maml:title> <dev:code>Get-NtFileFinalPath -Path "c:\windows\notepad.exe" -Win32Path</dev:code> <dev:remarks> <maml:para>Get the path for the file by win32 path.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 4 ----------</maml:title> <dev:code>Get-NtFileFinalPath -Path "\??\c:\windows\notepad.exe" -FormatWin32Path</dev:code> <dev:remarks> <maml:para>Get the path as a win32 path.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 5 ----------</maml:title> <dev:code>Get-NtFileFinalPath -Path "\??\c:\windows\notepad.exe" -FormatWin32Path -Flags NameGuid</dev:code> <dev:remarks> <maml:para>Get the path as a volume GUID win32 path.</maml:para> </dev:remarks> </command:example> </command:examples> </command:command> <!-- Cmdlet: New-NtFileHardlink --> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"> <command:details> <command:name>New-NtFileHardlink</command:name> <command:verb>New</command:verb> <command:noun>NtFileHardlink</command:noun> <maml:description> <maml:para>Creates a hardlink for a file.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>This cmdlet creates a hard link to an existing file. The absolute path to the object in the NT object manager name space can be specified. To simplify calling it's also possible to specify the path in a Win32 format when using the -Win32Path parameter.</maml:para> </maml:description> <command:syntax> <!-- Parameter set: __AllParameterSets --> <command:syntaxItem> <maml:name>New-NtFileHardlink</maml:name> <!-- Parameter: Path --> <command:parameter required="true" globbing="false" pipelineInput="false" position="0"> <maml:name>Path</maml:name> <maml:description> <maml:para>The NT object manager path to the object to use.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: LinkName --> <command:parameter required="true" globbing="false" pipelineInput="false" position="1"> <maml:name>LinkName</maml:name> <maml:description> <maml:para>Specify the path to the new link. This is passed verbatim to the system call unless ResolveLinkName is used.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Access --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Access</maml:name> <maml:description> <maml:para>Specify the access rights for a new handle when creating/opening an object.</maml:para> <maml:para>Possible values: None, ReadData, WriteData, AppendData, ReadEa, WriteEa, Execute, DeleteChild, ReadAttributes, WriteAttributes, GenericRead, GenericWrite, GenericExecute, GenericAll, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, MaximumAllowed, AccessSystemSecurity</maml:para> </maml:description> <command:parameterValue required="true">FileAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.FileAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>MaximumAllowed</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadData</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteData</command:parameterValue> <command:parameterValue required="false" variableLength="false">AppendData</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadEa</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteEa</command:parameterValue> <command:parameterValue required="false" variableLength="false">Execute</command:parameterValue> <command:parameterValue required="false" variableLength="false">DeleteChild</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadAttributes</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteAttributes</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> <command:parameterValue required="false" variableLength="false">AccessSystemSecurity</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: AttributeFlags --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ObjectAttributes,AttributesFlags"> <maml:name>AttributeFlags</maml:name> <maml:description> <maml:para>Object Attribute flags used during Open/Create calls.</maml:para> <maml:para>Possible values: None, ProtectClose, Inherit, AuditObjectClose, Permanent, Exclusive, CaseInsensitive, OpenIf, OpenLink, KernelHandle, ForceAccessCheck, IgnoreImpersonatedDevicemap, DontReparse</maml:para> </maml:description> <command:parameterValue required="true">AttributeFlags</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.AttributeFlags</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>CaseInsensitive</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">ProtectClose</command:parameterValue> <command:parameterValue required="false" variableLength="false">Inherit</command:parameterValue> <command:parameterValue required="false" variableLength="false">AuditObjectClose</command:parameterValue> <command:parameterValue required="false" variableLength="false">Permanent</command:parameterValue> <command:parameterValue required="false" variableLength="false">Exclusive</command:parameterValue> <command:parameterValue required="false" variableLength="false">CaseInsensitive</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenIf</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenLink</command:parameterValue> <command:parameterValue required="false" variableLength="false">KernelHandle</command:parameterValue> <command:parameterValue required="false" variableLength="false">ForceAccessCheck</command:parameterValue> <command:parameterValue required="false" variableLength="false">IgnoreImpersonatedDevicemap</command:parameterValue> <command:parameterValue required="false" variableLength="false">DontReparse</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: Close --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Close</maml:name> <maml:description> <maml:para>Close the object immediately and don't pass to the output. This is useful to create permanent objects without needing to close the handle manually.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: CloseRoot --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CloseRoot</maml:name> <maml:description> <maml:para>Automatically close the Root object when this cmdlet finishes processing. Useful for pipelines.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: CreateDirectories --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CreateDirectories</maml:name> <maml:description> <maml:para>Create any necessary NtDirectory objects to create the required object. Will return the created directories as well as the object in the output. The new object will be the first entry in the list. This doesn't work when opening an object or creating keys/files.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: DeviceGuid --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>DeviceGuid</maml:name> <maml:description> <maml:para>Specify that the path is a device GUID not a full path.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: DirectoryAccess --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>DirectoryAccess</maml:name> <maml:description> <maml:para>Specify file access using directory access rights.</maml:para> <maml:para>Possible values: None, ListDirectory, AddFile, AddSubDirectory, ReadEa, WriteEa, Traverse, DeleteChild, ReadAttributes, WriteAttributes, GenericRead, GenericWrite, GenericExecute, GenericAll, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, MaximumAllowed, AccessSystemSecurity</maml:para> </maml:description> <command:parameterValue required="true">FileDirectoryAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.FileDirectoryAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>MaximumAllowed</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">ListDirectory</command:parameterValue> <command:parameterValue required="false" variableLength="false">AddFile</command:parameterValue> <command:parameterValue required="false" variableLength="false">AddSubDirectory</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadEa</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteEa</command:parameterValue> <command:parameterValue required="false" variableLength="false">Traverse</command:parameterValue> <command:parameterValue required="false" variableLength="false">DeleteChild</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadAttributes</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteAttributes</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> <command:parameterValue required="false" variableLength="false">AccessSystemSecurity</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: Inherit --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Inherit</maml:name> <maml:description> <maml:para>Set to mark the new handle as inheritable. Can be used with ObjectAttributes.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: LinkFlags --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>LinkFlags</maml:name> <maml:description> <maml:para>Specify arbitrary flags for the link EX setting.</maml:para> <maml:para>Possible values: None, ReplaceIfExists, PosixSemantics, SuppressPinStateInheritance, SupressStorageReserveInheritance, NoIncreaseAvailableSpace, NoDecreaseAvailableSpace, IgnoreReadOnlyAttribute, ForceResizeTargetSR, ForceResizeSourceSR, ForceResizeSR</maml:para> </maml:description> <command:parameterValue required="true">FileRenameInformationExFlags</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.FileRenameInformationExFlags</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReplaceIfExists</command:parameterValue> <command:parameterValue required="false" variableLength="false">PosixSemantics</command:parameterValue> <command:parameterValue required="false" variableLength="false">SuppressPinStateInheritance</command:parameterValue> <command:parameterValue required="false" variableLength="false">SupressStorageReserveInheritance</command:parameterValue> <command:parameterValue required="false" variableLength="false">NoIncreaseAvailableSpace</command:parameterValue> <command:parameterValue required="false" variableLength="false">NoDecreaseAvailableSpace</command:parameterValue> <command:parameterValue required="false" variableLength="false">IgnoreReadOnlyAttribute</command:parameterValue> <command:parameterValue required="false" variableLength="false">ForceResizeTargetSR</command:parameterValue> <command:parameterValue required="false" variableLength="false">ForceResizeSourceSR</command:parameterValue> <command:parameterValue required="false" variableLength="false">ForceResizeSR</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: LinkRoot --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>LinkRoot</maml:name> <maml:description> <maml:para>Specify a root object if TargetPath is relative.</maml:para> </maml:description> <command:parameterValue required="true">NtObject</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtObject</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: OpenById --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>OpenById</maml:name> <maml:description> <maml:para>Specify the path is a file id, in string format (e.g. 12345678) or a GUID object id.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: Options --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Options</maml:name> <maml:description> <maml:para>The options to open the file with.</maml:para> <maml:para>Possible values: None, DirectoryFile, WriteThrough, SequentialOnly, NoIntermediateBuffering, SynchronousIoAlert, SynchronousIoNonAlert, NonDirectoryFile, CreateTreeConnection, CompleteIfOplocked, NoEaKnowledge, OpenRemoteInstance, RandomAccess, DeleteOnClose, OpenByFileId, OpenForBackupIntent, NoCompression, OpenRequiringOplock, DisallowExclusive, SessionAware, ReserveOpfilter, OpenReparsePoint, OpenNoRecall, OpenForFreeSpaceQuery</maml:para> </maml:description> <command:parameterValue required="true">FileOpenOptions</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.FileOpenOptions</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">DirectoryFile</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteThrough</command:parameterValue> <command:parameterValue required="false" variableLength="false">SequentialOnly</command:parameterValue> <command:parameterValue required="false" variableLength="false">NoIntermediateBuffering</command:parameterValue> <command:parameterValue required="false" variableLength="false">SynchronousIoAlert</command:parameterValue> <command:parameterValue required="false" variableLength="false">SynchronousIoNonAlert</command:parameterValue> <command:parameterValue required="false" variableLength="false">NonDirectoryFile</command:parameterValue> <command:parameterValue required="false" variableLength="false">CreateTreeConnection</command:parameterValue> <command:parameterValue required="false" variableLength="false">CompleteIfOplocked</command:parameterValue> <command:parameterValue required="false" variableLength="false">NoEaKnowledge</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenRemoteInstance</command:parameterValue> <command:parameterValue required="false" variableLength="false">RandomAccess</command:parameterValue> <command:parameterValue required="false" variableLength="false">DeleteOnClose</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenByFileId</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenForBackupIntent</command:parameterValue> <command:parameterValue required="false" variableLength="false">NoCompression</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenRequiringOplock</command:parameterValue> <command:parameterValue required="false" variableLength="false">DisallowExclusive</command:parameterValue> <command:parameterValue required="false" variableLength="false">SessionAware</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReserveOpfilter</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenReparsePoint</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenNoRecall</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenForFreeSpaceQuery</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: ReplaceIfExists --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ReplaceIfExists</maml:name> <maml:description> <maml:para>Specify to replace the target if it already exists.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: ResolveLinkName --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ResolveLinkName</maml:name> <maml:description> <maml:para>Specify to resolve the link name to a full path using win32 rules.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: Root --> <command:parameter required="false" globbing="false" pipelineInput="true (ByValue)" position="named"> <maml:name>Root</maml:name> <maml:description> <maml:para>An existing open NT object to use when Path is relative.</maml:para> </maml:description> <command:parameterValue required="true">NtObject</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtObject</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: ScriptBlock --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ScriptBlock</maml:name> <maml:description> <maml:para>Invoke a script block on the created object before writing it to the output. Can be used in combination with the Close to map objects to some value.</maml:para> </maml:description> <command:parameterValue required="true">ScriptBlock</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.ScriptBlock</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Sddl --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Sddl</maml:name> <maml:description> <maml:para>Set to provide an explicit security descriptor to a newly created object in SDDL format.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: SecurityDescriptor --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>SecurityDescriptor</maml:name> <maml:description> <maml:para>Set to provide an explicit security descriptor to a newly created object.</maml:para> </maml:description> <command:parameterValue required="true">SecurityDescriptor</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SecurityDescriptor</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: SecurityQualityOfService --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>SecurityQualityOfService</maml:name> <maml:description> <maml:para>Set to provide an explicit security quality of service when opening files/namedpipes.</maml:para> </maml:description> <command:parameterValue required="true">SecurityQualityOfService</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SecurityQualityOfService</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: ShareMode --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ShareMode</maml:name> <maml:description> <maml:para>The access share mode to open the file with.</maml:para> <maml:para>Possible values: None, Read, Write, Delete, All</maml:para> </maml:description> <command:parameterValue required="true">FileShareMode</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.FileShareMode</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">Read</command:parameterValue> <command:parameterValue required="false" variableLength="false">Write</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">All</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: Transaction --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Transaction</maml:name> <maml:description> <maml:para>Specify a transaction to create the file under.</maml:para> </maml:description> <command:parameterValue required="true">NtTransaction</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtTransaction</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Win32Path --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Win32Path</maml:name> <maml:description> <maml:para>Use a Win32 path for lookups. For NT objects this means relative to BNO, for files means a DOS style path.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <!-- Parameter: LinkName --> <command:parameter required="true" globbing="false" pipelineInput="false" position="1"> <maml:name>LinkName</maml:name> <maml:description> <maml:para>Specify the path to the new link. This is passed verbatim to the system call unless ResolveLinkName is used.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: LinkRoot --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>LinkRoot</maml:name> <maml:description> <maml:para>Specify a root object if TargetPath is relative.</maml:para> </maml:description> <command:parameterValue required="true">NtObject</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtObject</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: ReplaceIfExists --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ReplaceIfExists</maml:name> <maml:description> <maml:para>Specify to replace the target if it already exists.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: ResolveLinkName --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ResolveLinkName</maml:name> <maml:description> <maml:para>Specify to resolve the link name to a full path using win32 rules.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: LinkFlags --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>LinkFlags</maml:name> <maml:description> <maml:para>Specify arbitrary flags for the link EX setting.</maml:para> <maml:para>Possible values: None, ReplaceIfExists, PosixSemantics, SuppressPinStateInheritance, SupressStorageReserveInheritance, NoIncreaseAvailableSpace, NoDecreaseAvailableSpace, IgnoreReadOnlyAttribute, ForceResizeTargetSR, ForceResizeSourceSR, ForceResizeSR</maml:para> </maml:description> <command:parameterValue required="true">FileRenameInformationExFlags</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.FileRenameInformationExFlags</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReplaceIfExists</command:parameterValue> <command:parameterValue required="false" variableLength="false">PosixSemantics</command:parameterValue> <command:parameterValue required="false" variableLength="false">SuppressPinStateInheritance</command:parameterValue> <command:parameterValue required="false" variableLength="false">SupressStorageReserveInheritance</command:parameterValue> <command:parameterValue required="false" variableLength="false">NoIncreaseAvailableSpace</command:parameterValue> <command:parameterValue required="false" variableLength="false">NoDecreaseAvailableSpace</command:parameterValue> <command:parameterValue required="false" variableLength="false">IgnoreReadOnlyAttribute</command:parameterValue> <command:parameterValue required="false" variableLength="false">ForceResizeTargetSR</command:parameterValue> <command:parameterValue required="false" variableLength="false">ForceResizeSourceSR</command:parameterValue> <command:parameterValue required="false" variableLength="false">ForceResizeSR</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: Path --> <command:parameter required="true" globbing="false" pipelineInput="false" position="0"> <maml:name>Path</maml:name> <maml:description> <maml:para>The NT object manager path to the object to use.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: DeviceGuid --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>DeviceGuid</maml:name> <maml:description> <maml:para>Specify that the path is a device GUID not a full path.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: OpenById --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>OpenById</maml:name> <maml:description> <maml:para>Specify the path is a file id, in string format (e.g. 12345678) or a GUID object id.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: DirectoryAccess --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>DirectoryAccess</maml:name> <maml:description> <maml:para>Specify file access using directory access rights.</maml:para> <maml:para>Possible values: None, ListDirectory, AddFile, AddSubDirectory, ReadEa, WriteEa, Traverse, DeleteChild, ReadAttributes, WriteAttributes, GenericRead, GenericWrite, GenericExecute, GenericAll, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, MaximumAllowed, AccessSystemSecurity</maml:para> </maml:description> <command:parameterValue required="true">FileDirectoryAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.FileDirectoryAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>MaximumAllowed</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">ListDirectory</command:parameterValue> <command:parameterValue required="false" variableLength="false">AddFile</command:parameterValue> <command:parameterValue required="false" variableLength="false">AddSubDirectory</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadEa</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteEa</command:parameterValue> <command:parameterValue required="false" variableLength="false">Traverse</command:parameterValue> <command:parameterValue required="false" variableLength="false">DeleteChild</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadAttributes</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteAttributes</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> <command:parameterValue required="false" variableLength="false">AccessSystemSecurity</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: ShareMode --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ShareMode</maml:name> <maml:description> <maml:para>The access share mode to open the file with.</maml:para> <maml:para>Possible values: None, Read, Write, Delete, All</maml:para> </maml:description> <command:parameterValue required="true">FileShareMode</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.FileShareMode</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">Read</command:parameterValue> <command:parameterValue required="false" variableLength="false">Write</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">All</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: Options --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Options</maml:name> <maml:description> <maml:para>The options to open the file with.</maml:para> <maml:para>Possible values: None, DirectoryFile, WriteThrough, SequentialOnly, NoIntermediateBuffering, SynchronousIoAlert, SynchronousIoNonAlert, NonDirectoryFile, CreateTreeConnection, CompleteIfOplocked, NoEaKnowledge, OpenRemoteInstance, RandomAccess, DeleteOnClose, OpenByFileId, OpenForBackupIntent, NoCompression, OpenRequiringOplock, DisallowExclusive, SessionAware, ReserveOpfilter, OpenReparsePoint, OpenNoRecall, OpenForFreeSpaceQuery</maml:para> </maml:description> <command:parameterValue required="true">FileOpenOptions</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.FileOpenOptions</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">DirectoryFile</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteThrough</command:parameterValue> <command:parameterValue required="false" variableLength="false">SequentialOnly</command:parameterValue> <command:parameterValue required="false" variableLength="false">NoIntermediateBuffering</command:parameterValue> <command:parameterValue required="false" variableLength="false">SynchronousIoAlert</command:parameterValue> <command:parameterValue required="false" variableLength="false">SynchronousIoNonAlert</command:parameterValue> <command:parameterValue required="false" variableLength="false">NonDirectoryFile</command:parameterValue> <command:parameterValue required="false" variableLength="false">CreateTreeConnection</command:parameterValue> <command:parameterValue required="false" variableLength="false">CompleteIfOplocked</command:parameterValue> <command:parameterValue required="false" variableLength="false">NoEaKnowledge</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenRemoteInstance</command:parameterValue> <command:parameterValue required="false" variableLength="false">RandomAccess</command:parameterValue> <command:parameterValue required="false" variableLength="false">DeleteOnClose</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenByFileId</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenForBackupIntent</command:parameterValue> <command:parameterValue required="false" variableLength="false">NoCompression</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenRequiringOplock</command:parameterValue> <command:parameterValue required="false" variableLength="false">DisallowExclusive</command:parameterValue> <command:parameterValue required="false" variableLength="false">SessionAware</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReserveOpfilter</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenReparsePoint</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenNoRecall</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenForFreeSpaceQuery</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: Transaction --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Transaction</maml:name> <maml:description> <maml:para>Specify a transaction to create the file under.</maml:para> </maml:description> <command:parameterValue required="true">NtTransaction</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtTransaction</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Access --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Access</maml:name> <maml:description> <maml:para>Specify the access rights for a new handle when creating/opening an object.</maml:para> <maml:para>Possible values: None, ReadData, WriteData, AppendData, ReadEa, WriteEa, Execute, DeleteChild, ReadAttributes, WriteAttributes, GenericRead, GenericWrite, GenericExecute, GenericAll, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, MaximumAllowed, AccessSystemSecurity</maml:para> </maml:description> <command:parameterValue required="true">FileAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.FileAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>MaximumAllowed</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadData</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteData</command:parameterValue> <command:parameterValue required="false" variableLength="false">AppendData</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadEa</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteEa</command:parameterValue> <command:parameterValue required="false" variableLength="false">Execute</command:parameterValue> <command:parameterValue required="false" variableLength="false">DeleteChild</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadAttributes</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteAttributes</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> <command:parameterValue required="false" variableLength="false">AccessSystemSecurity</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: Root --> <command:parameter required="false" globbing="false" pipelineInput="true (ByValue)" position="named"> <maml:name>Root</maml:name> <maml:description> <maml:para>An existing open NT object to use when Path is relative.</maml:para> </maml:description> <command:parameterValue required="true">NtObject</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtObject</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Win32Path --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Win32Path</maml:name> <maml:description> <maml:para>Use a Win32 path for lookups. For NT objects this means relative to BNO, for files means a DOS style path.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: CloseRoot --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CloseRoot</maml:name> <maml:description> <maml:para>Automatically close the Root object when this cmdlet finishes processing. Useful for pipelines.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: CreateDirectories --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CreateDirectories</maml:name> <maml:description> <maml:para>Create any necessary NtDirectory objects to create the required object. Will return the created directories as well as the object in the output. The new object will be the first entry in the list. This doesn't work when opening an object or creating keys/files.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: AttributeFlags --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ObjectAttributes,AttributesFlags"> <maml:name>AttributeFlags</maml:name> <maml:description> <maml:para>Object Attribute flags used during Open/Create calls.</maml:para> <maml:para>Possible values: None, ProtectClose, Inherit, AuditObjectClose, Permanent, Exclusive, CaseInsensitive, OpenIf, OpenLink, KernelHandle, ForceAccessCheck, IgnoreImpersonatedDevicemap, DontReparse</maml:para> </maml:description> <command:parameterValue required="true">AttributeFlags</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.AttributeFlags</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>CaseInsensitive</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">ProtectClose</command:parameterValue> <command:parameterValue required="false" variableLength="false">Inherit</command:parameterValue> <command:parameterValue required="false" variableLength="false">AuditObjectClose</command:parameterValue> <command:parameterValue required="false" variableLength="false">Permanent</command:parameterValue> <command:parameterValue required="false" variableLength="false">Exclusive</command:parameterValue> <command:parameterValue required="false" variableLength="false">CaseInsensitive</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenIf</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenLink</command:parameterValue> <command:parameterValue required="false" variableLength="false">KernelHandle</command:parameterValue> <command:parameterValue required="false" variableLength="false">ForceAccessCheck</command:parameterValue> <command:parameterValue required="false" variableLength="false">IgnoreImpersonatedDevicemap</command:parameterValue> <command:parameterValue required="false" variableLength="false">DontReparse</command:parameterValue> </command:parameterValueGroup> </command:parameter> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ObjectAttributes,AttributesFlags"> <maml:name>ObjectAttributes</maml:name> <maml:description> <maml:para>Object Attribute flags used during Open/Create calls.</maml:para> <maml:para>Possible values: None, ProtectClose, Inherit, AuditObjectClose, Permanent, Exclusive, CaseInsensitive, OpenIf, OpenLink, KernelHandle, ForceAccessCheck, IgnoreImpersonatedDevicemap, DontReparse</maml:para> <maml:para>This is an alias of the AttributeFlags parameter.</maml:para> </maml:description> <command:parameterValue required="true">AttributeFlags</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.AttributeFlags</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>CaseInsensitive</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">ProtectClose</command:parameterValue> <command:parameterValue required="false" variableLength="false">Inherit</command:parameterValue> <command:parameterValue required="false" variableLength="false">AuditObjectClose</command:parameterValue> <command:parameterValue required="false" variableLength="false">Permanent</command:parameterValue> <command:parameterValue required="false" variableLength="false">Exclusive</command:parameterValue> <command:parameterValue required="false" variableLength="false">CaseInsensitive</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenIf</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenLink</command:parameterValue> <command:parameterValue required="false" variableLength="false">KernelHandle</command:parameterValue> <command:parameterValue required="false" variableLength="false">ForceAccessCheck</command:parameterValue> <command:parameterValue required="false" variableLength="false">IgnoreImpersonatedDevicemap</command:parameterValue> <command:parameterValue required="false" variableLength="false">DontReparse</command:parameterValue> </command:parameterValueGroup> </command:parameter> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ObjectAttributes,AttributesFlags"> <maml:name>AttributesFlags</maml:name> <maml:description> <maml:para>Object Attribute flags used during Open/Create calls.</maml:para> <maml:para>Possible values: None, ProtectClose, Inherit, AuditObjectClose, Permanent, Exclusive, CaseInsensitive, OpenIf, OpenLink, KernelHandle, ForceAccessCheck, IgnoreImpersonatedDevicemap, DontReparse</maml:para> <maml:para>This is an alias of the AttributeFlags parameter.</maml:para> </maml:description> <command:parameterValue required="true">AttributeFlags</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.AttributeFlags</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>CaseInsensitive</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">ProtectClose</command:parameterValue> <command:parameterValue required="false" variableLength="false">Inherit</command:parameterValue> <command:parameterValue required="false" variableLength="false">AuditObjectClose</command:parameterValue> <command:parameterValue required="false" variableLength="false">Permanent</command:parameterValue> <command:parameterValue required="false" variableLength="false">Exclusive</command:parameterValue> <command:parameterValue required="false" variableLength="false">CaseInsensitive</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenIf</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenLink</command:parameterValue> <command:parameterValue required="false" variableLength="false">KernelHandle</command:parameterValue> <command:parameterValue required="false" variableLength="false">ForceAccessCheck</command:parameterValue> <command:parameterValue required="false" variableLength="false">IgnoreImpersonatedDevicemap</command:parameterValue> <command:parameterValue required="false" variableLength="false">DontReparse</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: SecurityDescriptor --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>SecurityDescriptor</maml:name> <maml:description> <maml:para>Set to provide an explicit security descriptor to a newly created object.</maml:para> </maml:description> <command:parameterValue required="true">SecurityDescriptor</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SecurityDescriptor</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Inherit --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Inherit</maml:name> <maml:description> <maml:para>Set to mark the new handle as inheritable. Can be used with ObjectAttributes.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: Sddl --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Sddl</maml:name> <maml:description> <maml:para>Set to provide an explicit security descriptor to a newly created object in SDDL format.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: SecurityQualityOfService --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>SecurityQualityOfService</maml:name> <maml:description> <maml:para>Set to provide an explicit security quality of service when opening files/namedpipes.</maml:para> </maml:description> <command:parameterValue required="true">SecurityQualityOfService</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SecurityQualityOfService</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Close --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Close</maml:name> <maml:description> <maml:para>Close the object immediately and don't pass to the output. This is useful to create permanent objects without needing to close the handle manually.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: ScriptBlock --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ScriptBlock</maml:name> <maml:description> <maml:para>Invoke a script block on the created object before writing it to the output. Can be used in combination with the Close to map objects to some value.</maml:para> </maml:description> <command:parameterValue required="true">ScriptBlock</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.ScriptBlock</maml:name> <maml:uri /> </dev:type> </command:parameter> </command:parameters> <command:inputTypes> <command:inputType> <dev:type> <maml:name>NtApiDotNet.NtObject</maml:name> <maml:uri /> </dev:type> <maml:description> <maml:para>An existing open NT object to use when Path is relative.</maml:para> </maml:description> </command:inputType> </command:inputTypes> <command:returnValues> <!-- OutputType: NtFile --> <command:returnValue> <dev:type> <maml:name>NtApiDotNet.NtFile</maml:name> <maml:uri /> </dev:type> </command:returnValue> </command:returnValues> <command:examples> <command:example> <maml:title>---------- EXAMPLE 1 ----------</maml:title> <dev:code>New-NtFileHardlink -Path \??\C:\ABC\XYZ.TXT -LinkName \??\C:\TEMP\ABC.TXT</dev:code> <dev:remarks> <maml:para>Create a hardlink for file \??\C:\ABC\XYZ.TXT as \??\C:\XYZ.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 2 ----------</maml:title> <dev:code>New-NtFileHardlink -Path C:\ABC\XYZ.TXT -LinkName C:\TEMP\ABC.TXT -Win32Path -ResolveLinkName</dev:code> <dev:remarks> <maml:para>Create a hardlink for file C:\ABC\XYZ.TXT as C:\TEMP\ABC.TXT.</maml:para> </dev:remarks> </command:example> </command:examples> </command:command> <!-- Cmdlet: Get-NtFileId --> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"> <command:details> <command:name>Get-NtFileId</command:name> <command:verb>Get</command:verb> <command:noun>NtFileId</command:noun> <maml:description> <maml:para>Get the file ID for a file.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>This cmdlet gets the file ID for a file.</maml:para> </maml:description> <command:syntax> <!-- Parameter set: Default --> <command:syntaxItem> <maml:name>Get-NtFileId</maml:name> <!-- Parameter: File --> <command:parameter required="true" globbing="false" pipelineInput="false" position="0"> <maml:name>File</maml:name> <maml:description> <maml:para>Specify the file to use.</maml:para> </maml:description> <command:parameterValue required="true">NtFile</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtFile</maml:name> <maml:uri /> </dev:type> </command:parameter> </command:syntaxItem> <!-- Parameter set: FromPath --> <command:syntaxItem> <maml:name>Get-NtFileId</maml:name> <!-- Parameter: Path --> <command:parameter required="true" globbing="false" pipelineInput="false" position="0"> <maml:name>Path</maml:name> <maml:description> <maml:para>Specify the path to the file to use.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: CaseSensitive --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CaseSensitive</maml:name> <maml:description> <maml:para>Specify to open the path case sensitively.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: OpenForBackupIntent --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>OpenForBackupIntent</maml:name> <maml:description> <maml:para>Specify to open the path with backup privileges.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: OpenReparsePoint --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>OpenReparsePoint</maml:name> <maml:description> <maml:para>Specify to open the reparse point.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: Win32Path --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Win32Path</maml:name> <maml:description> <maml:para>Specify to specify the path as a Win32 path.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <!-- Parameter: File --> <command:parameter required="true" globbing="false" pipelineInput="false" position="0"> <maml:name>File</maml:name> <maml:description> <maml:para>Specify the file to use.</maml:para> </maml:description> <command:parameterValue required="true">NtFile</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtFile</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Path --> <command:parameter required="true" globbing="false" pipelineInput="false" position="0"> <maml:name>Path</maml:name> <maml:description> <maml:para>Specify the path to the file to use.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Win32Path --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Win32Path</maml:name> <maml:description> <maml:para>Specify to specify the path as a Win32 path.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: CaseSensitive --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CaseSensitive</maml:name> <maml:description> <maml:para>Specify to open the path case sensitively.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: OpenReparsePoint --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>OpenReparsePoint</maml:name> <maml:description> <maml:para>Specify to open the reparse point.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: OpenForBackupIntent --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>OpenForBackupIntent</maml:name> <maml:description> <maml:para>Specify to open the path with backup privileges.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes /> <command:returnValues> <!-- OutputType: Int64 --> <command:returnValue> <dev:type> <maml:name>System.Int64</maml:name> <maml:uri /> </dev:type> </command:returnValue> </command:returnValues> <command:examples> <command:example> <maml:title>---------- EXAMPLE 1 ----------</maml:title> <dev:code>Get-NtFileId -File $f</dev:code> <dev:remarks> <maml:para>Get the file ID for the file.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 2 ----------</maml:title> <dev:code>Get-NtFileId -Path "\??\c:\windows\notepad.exe"</dev:code> <dev:remarks> <maml:para>Get the file ID for the file by path</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 3 ----------</maml:title> <dev:code>Get-NtFileId -Path "c:\windows\notepad.exe" -Win32Path</dev:code> <dev:remarks> <maml:para>Get the file ID for the file by win32 path</maml:para> </dev:remarks> </command:example> </command:examples> </command:command> <!-- Cmdlet: Get-NtFileLink --> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"> <command:details> <command:name>Get-NtFileLink</command:name> <command:verb>Get</command:verb> <command:noun>NtFileLink</command:noun> <maml:description> <maml:para>Get link names for a file.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>This cmdlet gets a list of link names to a file.</maml:para> </maml:description> <command:syntax> <!-- Parameter set: Default --> <command:syntaxItem> <maml:name>Get-NtFileLink</maml:name> <!-- Parameter: File --> <command:parameter required="true" globbing="false" pipelineInput="false" position="0"> <maml:name>File</maml:name> <maml:description> <maml:para>Specify the file to use.</maml:para> </maml:description> <command:parameterValue required="true">NtFile</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtFile</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: FormatWin32Path --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>FormatWin32Path</maml:name> <maml:description> <maml:para>Specify to format the links as Win32 paths.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> </command:syntaxItem> <!-- Parameter set: FromPath --> <command:syntaxItem> <maml:name>Get-NtFileLink</maml:name> <!-- Parameter: Path --> <command:parameter required="true" globbing="false" pipelineInput="false" position="0"> <maml:name>Path</maml:name> <maml:description> <maml:para>Specify the path to the file to use.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: CaseSensitive --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CaseSensitive</maml:name> <maml:description> <maml:para>Specify to open the path case sensitively.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: FormatWin32Path --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>FormatWin32Path</maml:name> <maml:description> <maml:para>Specify to format the links as Win32 paths.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: OpenForBackupIntent --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>OpenForBackupIntent</maml:name> <maml:description> <maml:para>Specify to open the path with backup privileges.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: OpenReparsePoint --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>OpenReparsePoint</maml:name> <maml:description> <maml:para>Specify to open the reparse point.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: Win32Path --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Win32Path</maml:name> <maml:description> <maml:para>Specify to specify the path as a Win32 path.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <!-- Parameter: FormatWin32Path --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>FormatWin32Path</maml:name> <maml:description> <maml:para>Specify to format the links as Win32 paths.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: File --> <command:parameter required="true" globbing="false" pipelineInput="false" position="0"> <maml:name>File</maml:name> <maml:description> <maml:para>Specify the file to use.</maml:para> </maml:description> <command:parameterValue required="true">NtFile</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtFile</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Path --> <command:parameter required="true" globbing="false" pipelineInput="false" position="0"> <maml:name>Path</maml:name> <maml:description> <maml:para>Specify the path to the file to use.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Win32Path --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Win32Path</maml:name> <maml:description> <maml:para>Specify to specify the path as a Win32 path.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: CaseSensitive --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CaseSensitive</maml:name> <maml:description> <maml:para>Specify to open the path case sensitively.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: OpenReparsePoint --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>OpenReparsePoint</maml:name> <maml:description> <maml:para>Specify to open the reparse point.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: OpenForBackupIntent --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>OpenForBackupIntent</maml:name> <maml:description> <maml:para>Specify to open the path with backup privileges.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes /> <command:returnValues> <!-- OutputType: String --> <command:returnValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:returnValue> </command:returnValues> <command:examples> <command:example> <maml:title>---------- EXAMPLE 1 ----------</maml:title> <dev:code>Get-NtFileLink -File $f</dev:code> <dev:remarks> <maml:para>Get the links for the file.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 2 ----------</maml:title> <dev:code>Get-NtFileLink -Path "\??\c:\windows\notepad.exe"</dev:code> <dev:remarks> <maml:para>Get the links for the file by path.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 3 ----------</maml:title> <dev:code>Get-NtFileLink -Path "c:\windows\notepad.exe" -Win32Path</dev:code> <dev:remarks> <maml:para>Get the links for the file by win32 path.</maml:para> </dev:remarks> </command:example> </command:examples> </command:command> <!-- Cmdlet: Get-NtFileObjectId --> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"> <command:details> <command:name>Get-NtFileObjectId</command:name> <command:verb>Get</command:verb> <command:noun>NtFileObjectId</command:noun> <maml:description> <maml:para>Get the object ID for a file.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>This cmdlet gets the object ID for a file.</maml:para> </maml:description> <command:syntax> <!-- Parameter set: Default --> <command:syntaxItem> <maml:name>Get-NtFileObjectId</maml:name> <!-- Parameter: File --> <command:parameter required="true" globbing="false" pipelineInput="false" position="0"> <maml:name>File</maml:name> <maml:description> <maml:para>Specify the file to use.</maml:para> </maml:description> <command:parameterValue required="true">NtFile</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtFile</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Create --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Create</maml:name> <maml:description> <maml:para>Specify to create the object ID if it doesn't already exist.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: ExtendedInformation --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ExtendedInformation</maml:name> <maml:description> <maml:para>Specify to get extended object ID information.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> </command:syntaxItem> <!-- Parameter set: FromPath --> <command:syntaxItem> <maml:name>Get-NtFileObjectId</maml:name> <!-- Parameter: Path --> <command:parameter required="true" globbing="false" pipelineInput="false" position="0"> <maml:name>Path</maml:name> <maml:description> <maml:para>Specify the path to the file to use.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: CaseSensitive --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CaseSensitive</maml:name> <maml:description> <maml:para>Specify to open the path case sensitively.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: Create --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Create</maml:name> <maml:description> <maml:para>Specify to create the object ID if it doesn't already exist.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: ExtendedInformation --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ExtendedInformation</maml:name> <maml:description> <maml:para>Specify to get extended object ID information.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: OpenForBackupIntent --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>OpenForBackupIntent</maml:name> <maml:description> <maml:para>Specify to open the path with backup privileges.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: OpenReparsePoint --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>OpenReparsePoint</maml:name> <maml:description> <maml:para>Specify to open the reparse point.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: Win32Path --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Win32Path</maml:name> <maml:description> <maml:para>Specify to specify the path as a Win32 path.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <!-- Parameter: ExtendedInformation --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ExtendedInformation</maml:name> <maml:description> <maml:para>Specify to get extended object ID information.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: Create --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Create</maml:name> <maml:description> <maml:para>Specify to create the object ID if it doesn't already exist.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: File --> <command:parameter required="true" globbing="false" pipelineInput="false" position="0"> <maml:name>File</maml:name> <maml:description> <maml:para>Specify the file to use.</maml:para> </maml:description> <command:parameterValue required="true">NtFile</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtFile</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Path --> <command:parameter required="true" globbing="false" pipelineInput="false" position="0"> <maml:name>Path</maml:name> <maml:description> <maml:para>Specify the path to the file to use.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Win32Path --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Win32Path</maml:name> <maml:description> <maml:para>Specify to specify the path as a Win32 path.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: CaseSensitive --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CaseSensitive</maml:name> <maml:description> <maml:para>Specify to open the path case sensitively.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: OpenReparsePoint --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>OpenReparsePoint</maml:name> <maml:description> <maml:para>Specify to open the reparse point.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: OpenForBackupIntent --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>OpenForBackupIntent</maml:name> <maml:description> <maml:para>Specify to open the path with backup privileges.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes /> <command:returnValues> <!-- OutputType: FileObjectIdBuffer --> <command:returnValue> <dev:type> <maml:name>NtApiDotNet.FileObjectIdBuffer</maml:name> <maml:uri /> </dev:type> </command:returnValue> <!-- OutputType: Guid --> <command:returnValue> <dev:type> <maml:name>System.Guid</maml:name> <maml:uri /> </dev:type> </command:returnValue> </command:returnValues> <command:examples> <command:example> <maml:title>---------- EXAMPLE 1 ----------</maml:title> <dev:code>Get-NtFileObjectId -File $f</dev:code> <dev:remarks> <maml:para>Get the object ID for the file.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 2 ----------</maml:title> <dev:code>Get-NtFileObjectId -Path "\??\c:\windows\notepad.exe"</dev:code> <dev:remarks> <maml:para>Get the object ID for the file by path</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 3 ----------</maml:title> <dev:code>Get-NtFileObjectId -Path "c:\windows\notepad.exe" -Win32Path</dev:code> <dev:remarks> <maml:para>Get the object ID for the file by win32 path</maml:para> </dev:remarks> </command:example> </command:examples> </command:command> <!-- Cmdlet: Remove-NtFileObjectId --> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"> <command:details> <command:name>Remove-NtFileObjectId</command:name> <command:verb>Remove</command:verb> <command:noun>NtFileObjectId</command:noun> <maml:description> <maml:para>Remove the object ID for a file.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>This cmdlet removes the object ID for a file.</maml:para> </maml:description> <command:syntax> <!-- Parameter set: Default --> <command:syntaxItem> <maml:name>Remove-NtFileObjectId</maml:name> <!-- Parameter: File --> <command:parameter required="true" globbing="false" pipelineInput="false" position="0"> <maml:name>File</maml:name> <maml:description> <maml:para>Specify the file to use.</maml:para> </maml:description> <command:parameterValue required="true">NtFile</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtFile</maml:name> <maml:uri /> </dev:type> </command:parameter> </command:syntaxItem> <!-- Parameter set: FromPath --> <command:syntaxItem> <maml:name>Remove-NtFileObjectId</maml:name> <!-- Parameter: Path --> <command:parameter required="true" globbing="false" pipelineInput="false" position="0"> <maml:name>Path</maml:name> <maml:description> <maml:para>Specify the path to the file to use.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: CaseSensitive --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CaseSensitive</maml:name> <maml:description> <maml:para>Specify to open the path case sensitively.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: OpenForBackupIntent --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>OpenForBackupIntent</maml:name> <maml:description> <maml:para>Specify to open the path with backup privileges.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: OpenReparsePoint --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>OpenReparsePoint</maml:name> <maml:description> <maml:para>Specify to open the reparse point.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: Win32Path --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Win32Path</maml:name> <maml:description> <maml:para>Specify to specify the path as a Win32 path.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <!-- Parameter: File --> <command:parameter required="true" globbing="false" pipelineInput="false" position="0"> <maml:name>File</maml:name> <maml:description> <maml:para>Specify the file to use.</maml:para> </maml:description> <command:parameterValue required="true">NtFile</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtFile</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Path --> <command:parameter required="true" globbing="false" pipelineInput="false" position="0"> <maml:name>Path</maml:name> <maml:description> <maml:para>Specify the path to the file to use.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Win32Path --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Win32Path</maml:name> <maml:description> <maml:para>Specify to specify the path as a Win32 path.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: CaseSensitive --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CaseSensitive</maml:name> <maml:description> <maml:para>Specify to open the path case sensitively.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: OpenReparsePoint --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>OpenReparsePoint</maml:name> <maml:description> <maml:para>Specify to open the reparse point.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: OpenForBackupIntent --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>OpenForBackupIntent</maml:name> <maml:description> <maml:para>Specify to open the path with backup privileges.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes /> <command:returnValues /> <command:examples> <command:example> <maml:title>---------- EXAMPLE 1 ----------</maml:title> <dev:code>Remove-NtFileObjectId -File $f</dev:code> <dev:remarks> <maml:para>Remove the object ID for the file.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 2 ----------</maml:title> <dev:code>Remove-NtFileObjectId -Path "\??\c:\windows\notepad.exe"</dev:code> <dev:remarks> <maml:para>Remove the object ID for the file by path</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 3 ----------</maml:title> <dev:code>Remove-NtFileObjectId -Path "c:\windows\notepad.exe" -Win32Path</dev:code> <dev:remarks> <maml:para>Remove the object ID for the file by win32 path</maml:para> </dev:remarks> </command:example> </command:examples> </command:command> <!-- Cmdlet: Set-NtFileObjectId --> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"> <command:details> <command:name>Set-NtFileObjectId</command:name> <command:verb>Set</command:verb> <command:noun>NtFileObjectId</command:noun> <maml:description> <maml:para>Set the object ID for a file.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>This cmdlet sets the object ID for a file.</maml:para> </maml:description> <command:syntax> <!-- Parameter set: Default --> <command:syntaxItem> <maml:name>Set-NtFileObjectId</maml:name> <!-- Parameter: File --> <command:parameter required="true" globbing="false" pipelineInput="false" position="0"> <maml:name>File</maml:name> <maml:description> <maml:para>Specify the file to use.</maml:para> </maml:description> <command:parameterValue required="true">NtFile</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtFile</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: ObjectId --> <command:parameter required="true" globbing="false" pipelineInput="false" position="1"> <maml:name>ObjectId</maml:name> <maml:description> <maml:para>Specify to the object ID to set.</maml:para> </maml:description> <command:parameterValue required="true">Guid</command:parameterValue> <dev:type> <maml:name>System.Guid</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>00000000-0000-0000-0000-000000000000</dev:defaultValue> </command:parameter> <!-- Parameter: BirthObjectId --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>BirthObjectId</maml:name> <maml:description> <maml:para>Specify birth object ID.</maml:para> </maml:description> <command:parameterValue required="true">Guid</command:parameterValue> <dev:type> <maml:name>System.Guid</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: BirthVolumeId --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>BirthVolumeId</maml:name> <maml:description> <maml:para>Specify birth volume ID.</maml:para> </maml:description> <command:parameterValue required="true">Guid</command:parameterValue> <dev:type> <maml:name>System.Guid</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: DomainId --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>DomainId</maml:name> <maml:description> <maml:para>Specify domain ID.</maml:para> </maml:description> <command:parameterValue required="true">Guid</command:parameterValue> <dev:type> <maml:name>System.Guid</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: ExtendedInfo --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ExtendedInfo</maml:name> <maml:description> <maml:para>Specify extended information.</maml:para> </maml:description> <command:parameterValue required="true">byte[]</command:parameterValue> <dev:type> <maml:name>System.Byte[]</maml:name> <maml:uri /> </dev:type> </command:parameter> </command:syntaxItem> <!-- Parameter set: FromPath --> <command:syntaxItem> <maml:name>Set-NtFileObjectId</maml:name> <!-- Parameter: Path --> <command:parameter required="true" globbing="false" pipelineInput="false" position="0"> <maml:name>Path</maml:name> <maml:description> <maml:para>Specify the path to the file to use.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: ObjectId --> <command:parameter required="true" globbing="false" pipelineInput="false" position="1"> <maml:name>ObjectId</maml:name> <maml:description> <maml:para>Specify to the object ID to set.</maml:para> </maml:description> <command:parameterValue required="true">Guid</command:parameterValue> <dev:type> <maml:name>System.Guid</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>00000000-0000-0000-0000-000000000000</dev:defaultValue> </command:parameter> <!-- Parameter: BirthObjectId --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>BirthObjectId</maml:name> <maml:description> <maml:para>Specify birth object ID.</maml:para> </maml:description> <command:parameterValue required="true">Guid</command:parameterValue> <dev:type> <maml:name>System.Guid</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: BirthVolumeId --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>BirthVolumeId</maml:name> <maml:description> <maml:para>Specify birth volume ID.</maml:para> </maml:description> <command:parameterValue required="true">Guid</command:parameterValue> <dev:type> <maml:name>System.Guid</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: CaseSensitive --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CaseSensitive</maml:name> <maml:description> <maml:para>Specify to open the path case sensitively.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: DomainId --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>DomainId</maml:name> <maml:description> <maml:para>Specify domain ID.</maml:para> </maml:description> <command:parameterValue required="true">Guid</command:parameterValue> <dev:type> <maml:name>System.Guid</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: ExtendedInfo --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ExtendedInfo</maml:name> <maml:description> <maml:para>Specify extended information.</maml:para> </maml:description> <command:parameterValue required="true">byte[]</command:parameterValue> <dev:type> <maml:name>System.Byte[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: OpenForBackupIntent --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>OpenForBackupIntent</maml:name> <maml:description> <maml:para>Specify to open the path with backup privileges.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>True</dev:defaultValue> </command:parameter> <!-- Parameter: OpenReparsePoint --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>OpenReparsePoint</maml:name> <maml:description> <maml:para>Specify to open the reparse point.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: Win32Path --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Win32Path</maml:name> <maml:description> <maml:para>Specify to specify the path as a Win32 path.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <!-- Parameter: ObjectId --> <command:parameter required="true" globbing="false" pipelineInput="false" position="1"> <maml:name>ObjectId</maml:name> <maml:description> <maml:para>Specify to the object ID to set.</maml:para> </maml:description> <command:parameterValue required="true">Guid</command:parameterValue> <dev:type> <maml:name>System.Guid</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>00000000-0000-0000-0000-000000000000</dev:defaultValue> </command:parameter> <!-- Parameter: BirthVolumeId --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>BirthVolumeId</maml:name> <maml:description> <maml:para>Specify birth volume ID.</maml:para> </maml:description> <command:parameterValue required="true">Guid</command:parameterValue> <dev:type> <maml:name>System.Guid</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: BirthObjectId --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>BirthObjectId</maml:name> <maml:description> <maml:para>Specify birth object ID.</maml:para> </maml:description> <command:parameterValue required="true">Guid</command:parameterValue> <dev:type> <maml:name>System.Guid</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: DomainId --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>DomainId</maml:name> <maml:description> <maml:para>Specify domain ID.</maml:para> </maml:description> <command:parameterValue required="true">Guid</command:parameterValue> <dev:type> <maml:name>System.Guid</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: ExtendedInfo --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ExtendedInfo</maml:name> <maml:description> <maml:para>Specify extended information.</maml:para> </maml:description> <command:parameterValue required="true">byte[]</command:parameterValue> <dev:type> <maml:name>System.Byte[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: File --> <command:parameter required="true" globbing="false" pipelineInput="false" position="0"> <maml:name>File</maml:name> <maml:description> <maml:para>Specify the file to use.</maml:para> </maml:description> <command:parameterValue required="true">NtFile</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtFile</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Path --> <command:parameter required="true" globbing="false" pipelineInput="false" position="0"> <maml:name>Path</maml:name> <maml:description> <maml:para>Specify the path to the file to use.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Win32Path --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Win32Path</maml:name> <maml:description> <maml:para>Specify to specify the path as a Win32 path.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: CaseSensitive --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CaseSensitive</maml:name> <maml:description> <maml:para>Specify to open the path case sensitively.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: OpenReparsePoint --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>OpenReparsePoint</maml:name> <maml:description> <maml:para>Specify to open the reparse point.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: OpenForBackupIntent --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>OpenForBackupIntent</maml:name> <maml:description> <maml:para>Specify to open the path with backup privileges.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>True</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes /> <command:returnValues /> <command:examples> <command:example> <maml:title>---------- EXAMPLE 1 ----------</maml:title> <dev:code>Set-NtFileObjectId -File $f</dev:code> <dev:remarks> <maml:para>Set the object ID for the file.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 2 ----------</maml:title> <dev:code>Set-NtFileObjectId -Path "\??\c:\windows\notepad.exe"</dev:code> <dev:remarks> <maml:para>Set the object ID for the file by path</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 3 ----------</maml:title> <dev:code>Set-NtFileObjectId -Path "c:\windows\notepad.exe" -Win32Path</dev:code> <dev:remarks> <maml:para>Set the object ID for the file by win32 path</maml:para> </dev:remarks> </command:example> </command:examples> </command:command> <!-- Cmdlet: Get-NtFileReparsePoint --> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"> <command:details> <command:name>Get-NtFileReparsePoint</command:name> <command:verb>Get</command:verb> <command:noun>NtFileReparsePoint</command:noun> <maml:description> <maml:para>Open and reads the reparse point buffer for file.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>This cmdlet opens a existing NT file object and reads out the reparse point buffer data. The absolute path to the object in the NT object manager name space can be specified. It's also possible to open the object relative to an existing object by specified the -Root parameter. To simplify calling it's also possible to specify the path in a Win32 format when using the -Win32Path parameter.</maml:para> </maml:description> <command:syntax> <!-- Parameter set: __AllParameterSets --> <command:syntaxItem> <maml:name>Get-NtFileReparsePoint</maml:name> <!-- Parameter: Path --> <command:parameter required="true" globbing="false" pipelineInput="false" position="0"> <maml:name>Path</maml:name> <maml:description> <maml:para>The NT object manager path to the object to use.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Access --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Access</maml:name> <maml:description> <maml:para>Specify the access rights for a new handle when creating/opening an object.</maml:para> <maml:para>Possible values: None, ReadData, WriteData, AppendData, ReadEa, WriteEa, Execute, DeleteChild, ReadAttributes, WriteAttributes, GenericRead, GenericWrite, GenericExecute, GenericAll, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, MaximumAllowed, AccessSystemSecurity</maml:para> </maml:description> <command:parameterValue required="true">FileAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.FileAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>MaximumAllowed</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadData</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteData</command:parameterValue> <command:parameterValue required="false" variableLength="false">AppendData</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadEa</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteEa</command:parameterValue> <command:parameterValue required="false" variableLength="false">Execute</command:parameterValue> <command:parameterValue required="false" variableLength="false">DeleteChild</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadAttributes</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteAttributes</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> <command:parameterValue required="false" variableLength="false">AccessSystemSecurity</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: AttributeFlags --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ObjectAttributes,AttributesFlags"> <maml:name>AttributeFlags</maml:name> <maml:description> <maml:para>Object Attribute flags used during Open/Create calls.</maml:para> <maml:para>Possible values: None, ProtectClose, Inherit, AuditObjectClose, Permanent, Exclusive, CaseInsensitive, OpenIf, OpenLink, KernelHandle, ForceAccessCheck, IgnoreImpersonatedDevicemap, DontReparse</maml:para> </maml:description> <command:parameterValue required="true">AttributeFlags</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.AttributeFlags</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>CaseInsensitive</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">ProtectClose</command:parameterValue> <command:parameterValue required="false" variableLength="false">Inherit</command:parameterValue> <command:parameterValue required="false" variableLength="false">AuditObjectClose</command:parameterValue> <command:parameterValue required="false" variableLength="false">Permanent</command:parameterValue> <command:parameterValue required="false" variableLength="false">Exclusive</command:parameterValue> <command:parameterValue required="false" variableLength="false">CaseInsensitive</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenIf</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenLink</command:parameterValue> <command:parameterValue required="false" variableLength="false">KernelHandle</command:parameterValue> <command:parameterValue required="false" variableLength="false">ForceAccessCheck</command:parameterValue> <command:parameterValue required="false" variableLength="false">IgnoreImpersonatedDevicemap</command:parameterValue> <command:parameterValue required="false" variableLength="false">DontReparse</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: Bytes --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Bytes</maml:name> <maml:description> <maml:para>Specify reading the reparse point data as a raw byte array.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: Close --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Close</maml:name> <maml:description> <maml:para>Close the object immediately and don't pass to the output. This is useful to create permanent objects without needing to close the handle manually.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: CloseRoot --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CloseRoot</maml:name> <maml:description> <maml:para>Automatically close the Root object when this cmdlet finishes processing. Useful for pipelines.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: CreateDirectories --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CreateDirectories</maml:name> <maml:description> <maml:para>Create any necessary NtDirectory objects to create the required object. Will return the created directories as well as the object in the output. The new object will be the first entry in the list. This doesn't work when opening an object or creating keys/files.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: DeviceGuid --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>DeviceGuid</maml:name> <maml:description> <maml:para>Specify that the path is a device GUID not a full path.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: DirectoryAccess --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>DirectoryAccess</maml:name> <maml:description> <maml:para>Specify file access using directory access rights.</maml:para> <maml:para>Possible values: None, ListDirectory, AddFile, AddSubDirectory, ReadEa, WriteEa, Traverse, DeleteChild, ReadAttributes, WriteAttributes, GenericRead, GenericWrite, GenericExecute, GenericAll, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, MaximumAllowed, AccessSystemSecurity</maml:para> </maml:description> <command:parameterValue required="true">FileDirectoryAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.FileDirectoryAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>MaximumAllowed</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">ListDirectory</command:parameterValue> <command:parameterValue required="false" variableLength="false">AddFile</command:parameterValue> <command:parameterValue required="false" variableLength="false">AddSubDirectory</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadEa</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteEa</command:parameterValue> <command:parameterValue required="false" variableLength="false">Traverse</command:parameterValue> <command:parameterValue required="false" variableLength="false">DeleteChild</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadAttributes</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteAttributes</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> <command:parameterValue required="false" variableLength="false">AccessSystemSecurity</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: Inherit --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Inherit</maml:name> <maml:description> <maml:para>Set to mark the new handle as inheritable. Can be used with ObjectAttributes.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: OpenById --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>OpenById</maml:name> <maml:description> <maml:para>Specify the path is a file id, in string format (e.g. 12345678) or a GUID object id.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: Options --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Options</maml:name> <maml:description> <maml:para>The options to open the file with.</maml:para> <maml:para>Possible values: None, DirectoryFile, WriteThrough, SequentialOnly, NoIntermediateBuffering, SynchronousIoAlert, SynchronousIoNonAlert, NonDirectoryFile, CreateTreeConnection, CompleteIfOplocked, NoEaKnowledge, OpenRemoteInstance, RandomAccess, DeleteOnClose, OpenByFileId, OpenForBackupIntent, NoCompression, OpenRequiringOplock, DisallowExclusive, SessionAware, ReserveOpfilter, OpenReparsePoint, OpenNoRecall, OpenForFreeSpaceQuery</maml:para> </maml:description> <command:parameterValue required="true">FileOpenOptions</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.FileOpenOptions</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>OpenReparsePoint</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">DirectoryFile</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteThrough</command:parameterValue> <command:parameterValue required="false" variableLength="false">SequentialOnly</command:parameterValue> <command:parameterValue required="false" variableLength="false">NoIntermediateBuffering</command:parameterValue> <command:parameterValue required="false" variableLength="false">SynchronousIoAlert</command:parameterValue> <command:parameterValue required="false" variableLength="false">SynchronousIoNonAlert</command:parameterValue> <command:parameterValue required="false" variableLength="false">NonDirectoryFile</command:parameterValue> <command:parameterValue required="false" variableLength="false">CreateTreeConnection</command:parameterValue> <command:parameterValue required="false" variableLength="false">CompleteIfOplocked</command:parameterValue> <command:parameterValue required="false" variableLength="false">NoEaKnowledge</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenRemoteInstance</command:parameterValue> <command:parameterValue required="false" variableLength="false">RandomAccess</command:parameterValue> <command:parameterValue required="false" variableLength="false">DeleteOnClose</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenByFileId</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenForBackupIntent</command:parameterValue> <command:parameterValue required="false" variableLength="false">NoCompression</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenRequiringOplock</command:parameterValue> <command:parameterValue required="false" variableLength="false">DisallowExclusive</command:parameterValue> <command:parameterValue required="false" variableLength="false">SessionAware</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReserveOpfilter</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenReparsePoint</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenNoRecall</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenForFreeSpaceQuery</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: Root --> <command:parameter required="false" globbing="false" pipelineInput="true (ByValue)" position="named"> <maml:name>Root</maml:name> <maml:description> <maml:para>An existing open NT object to use when Path is relative.</maml:para> </maml:description> <command:parameterValue required="true">NtObject</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtObject</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: ScriptBlock --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ScriptBlock</maml:name> <maml:description> <maml:para>Invoke a script block on the created object before writing it to the output. Can be used in combination with the Close to map objects to some value.</maml:para> </maml:description> <command:parameterValue required="true">ScriptBlock</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.ScriptBlock</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Sddl --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Sddl</maml:name> <maml:description> <maml:para>Set to provide an explicit security descriptor to a newly created object in SDDL format.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: SecurityDescriptor --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>SecurityDescriptor</maml:name> <maml:description> <maml:para>Set to provide an explicit security descriptor to a newly created object.</maml:para> </maml:description> <command:parameterValue required="true">SecurityDescriptor</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SecurityDescriptor</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: SecurityQualityOfService --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>SecurityQualityOfService</maml:name> <maml:description> <maml:para>Set to provide an explicit security quality of service when opening files/namedpipes.</maml:para> </maml:description> <command:parameterValue required="true">SecurityQualityOfService</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SecurityQualityOfService</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: ShareMode --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ShareMode</maml:name> <maml:description> <maml:para>The access share mode to open the file with.</maml:para> <maml:para>Possible values: None, Read, Write, Delete, All</maml:para> </maml:description> <command:parameterValue required="true">FileShareMode</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.FileShareMode</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">Read</command:parameterValue> <command:parameterValue required="false" variableLength="false">Write</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">All</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: Transaction --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Transaction</maml:name> <maml:description> <maml:para>Specify a transaction to create the file under.</maml:para> </maml:description> <command:parameterValue required="true">NtTransaction</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtTransaction</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Win32Path --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Win32Path</maml:name> <maml:description> <maml:para>Use a Win32 path for lookups. For NT objects this means relative to BNO, for files means a DOS style path.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <!-- Parameter: Bytes --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Bytes</maml:name> <maml:description> <maml:para>Specify reading the reparse point data as a raw byte array.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: Path --> <command:parameter required="true" globbing="false" pipelineInput="false" position="0"> <maml:name>Path</maml:name> <maml:description> <maml:para>The NT object manager path to the object to use.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: DeviceGuid --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>DeviceGuid</maml:name> <maml:description> <maml:para>Specify that the path is a device GUID not a full path.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: OpenById --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>OpenById</maml:name> <maml:description> <maml:para>Specify the path is a file id, in string format (e.g. 12345678) or a GUID object id.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: DirectoryAccess --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>DirectoryAccess</maml:name> <maml:description> <maml:para>Specify file access using directory access rights.</maml:para> <maml:para>Possible values: None, ListDirectory, AddFile, AddSubDirectory, ReadEa, WriteEa, Traverse, DeleteChild, ReadAttributes, WriteAttributes, GenericRead, GenericWrite, GenericExecute, GenericAll, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, MaximumAllowed, AccessSystemSecurity</maml:para> </maml:description> <command:parameterValue required="true">FileDirectoryAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.FileDirectoryAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>MaximumAllowed</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">ListDirectory</command:parameterValue> <command:parameterValue required="false" variableLength="false">AddFile</command:parameterValue> <command:parameterValue required="false" variableLength="false">AddSubDirectory</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadEa</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteEa</command:parameterValue> <command:parameterValue required="false" variableLength="false">Traverse</command:parameterValue> <command:parameterValue required="false" variableLength="false">DeleteChild</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadAttributes</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteAttributes</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> <command:parameterValue required="false" variableLength="false">AccessSystemSecurity</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: ShareMode --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ShareMode</maml:name> <maml:description> <maml:para>The access share mode to open the file with.</maml:para> <maml:para>Possible values: None, Read, Write, Delete, All</maml:para> </maml:description> <command:parameterValue required="true">FileShareMode</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.FileShareMode</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">Read</command:parameterValue> <command:parameterValue required="false" variableLength="false">Write</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">All</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: Options --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Options</maml:name> <maml:description> <maml:para>The options to open the file with.</maml:para> <maml:para>Possible values: None, DirectoryFile, WriteThrough, SequentialOnly, NoIntermediateBuffering, SynchronousIoAlert, SynchronousIoNonAlert, NonDirectoryFile, CreateTreeConnection, CompleteIfOplocked, NoEaKnowledge, OpenRemoteInstance, RandomAccess, DeleteOnClose, OpenByFileId, OpenForBackupIntent, NoCompression, OpenRequiringOplock, DisallowExclusive, SessionAware, ReserveOpfilter, OpenReparsePoint, OpenNoRecall, OpenForFreeSpaceQuery</maml:para> </maml:description> <command:parameterValue required="true">FileOpenOptions</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.FileOpenOptions</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>OpenReparsePoint</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">DirectoryFile</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteThrough</command:parameterValue> <command:parameterValue required="false" variableLength="false">SequentialOnly</command:parameterValue> <command:parameterValue required="false" variableLength="false">NoIntermediateBuffering</command:parameterValue> <command:parameterValue required="false" variableLength="false">SynchronousIoAlert</command:parameterValue> <command:parameterValue required="false" variableLength="false">SynchronousIoNonAlert</command:parameterValue> <command:parameterValue required="false" variableLength="false">NonDirectoryFile</command:parameterValue> <command:parameterValue required="false" variableLength="false">CreateTreeConnection</command:parameterValue> <command:parameterValue required="false" variableLength="false">CompleteIfOplocked</command:parameterValue> <command:parameterValue required="false" variableLength="false">NoEaKnowledge</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenRemoteInstance</command:parameterValue> <command:parameterValue required="false" variableLength="false">RandomAccess</command:parameterValue> <command:parameterValue required="false" variableLength="false">DeleteOnClose</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenByFileId</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenForBackupIntent</command:parameterValue> <command:parameterValue required="false" variableLength="false">NoCompression</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenRequiringOplock</command:parameterValue> <command:parameterValue required="false" variableLength="false">DisallowExclusive</command:parameterValue> <command:parameterValue required="false" variableLength="false">SessionAware</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReserveOpfilter</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenReparsePoint</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenNoRecall</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenForFreeSpaceQuery</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: Transaction --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Transaction</maml:name> <maml:description> <maml:para>Specify a transaction to create the file under.</maml:para> </maml:description> <command:parameterValue required="true">NtTransaction</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtTransaction</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Access --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Access</maml:name> <maml:description> <maml:para>Specify the access rights for a new handle when creating/opening an object.</maml:para> <maml:para>Possible values: None, ReadData, WriteData, AppendData, ReadEa, WriteEa, Execute, DeleteChild, ReadAttributes, WriteAttributes, GenericRead, GenericWrite, GenericExecute, GenericAll, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, MaximumAllowed, AccessSystemSecurity</maml:para> </maml:description> <command:parameterValue required="true">FileAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.FileAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>MaximumAllowed</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadData</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteData</command:parameterValue> <command:parameterValue required="false" variableLength="false">AppendData</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadEa</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteEa</command:parameterValue> <command:parameterValue required="false" variableLength="false">Execute</command:parameterValue> <command:parameterValue required="false" variableLength="false">DeleteChild</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadAttributes</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteAttributes</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> <command:parameterValue required="false" variableLength="false">AccessSystemSecurity</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: Root --> <command:parameter required="false" globbing="false" pipelineInput="true (ByValue)" position="named"> <maml:name>Root</maml:name> <maml:description> <maml:para>An existing open NT object to use when Path is relative.</maml:para> </maml:description> <command:parameterValue required="true">NtObject</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtObject</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Win32Path --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Win32Path</maml:name> <maml:description> <maml:para>Use a Win32 path for lookups. For NT objects this means relative to BNO, for files means a DOS style path.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: CloseRoot --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CloseRoot</maml:name> <maml:description> <maml:para>Automatically close the Root object when this cmdlet finishes processing. Useful for pipelines.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: CreateDirectories --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CreateDirectories</maml:name> <maml:description> <maml:para>Create any necessary NtDirectory objects to create the required object. Will return the created directories as well as the object in the output. The new object will be the first entry in the list. This doesn't work when opening an object or creating keys/files.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: AttributeFlags --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ObjectAttributes,AttributesFlags"> <maml:name>AttributeFlags</maml:name> <maml:description> <maml:para>Object Attribute flags used during Open/Create calls.</maml:para> <maml:para>Possible values: None, ProtectClose, Inherit, AuditObjectClose, Permanent, Exclusive, CaseInsensitive, OpenIf, OpenLink, KernelHandle, ForceAccessCheck, IgnoreImpersonatedDevicemap, DontReparse</maml:para> </maml:description> <command:parameterValue required="true">AttributeFlags</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.AttributeFlags</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>CaseInsensitive</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">ProtectClose</command:parameterValue> <command:parameterValue required="false" variableLength="false">Inherit</command:parameterValue> <command:parameterValue required="false" variableLength="false">AuditObjectClose</command:parameterValue> <command:parameterValue required="false" variableLength="false">Permanent</command:parameterValue> <command:parameterValue required="false" variableLength="false">Exclusive</command:parameterValue> <command:parameterValue required="false" variableLength="false">CaseInsensitive</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenIf</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenLink</command:parameterValue> <command:parameterValue required="false" variableLength="false">KernelHandle</command:parameterValue> <command:parameterValue required="false" variableLength="false">ForceAccessCheck</command:parameterValue> <command:parameterValue required="false" variableLength="false">IgnoreImpersonatedDevicemap</command:parameterValue> <command:parameterValue required="false" variableLength="false">DontReparse</command:parameterValue> </command:parameterValueGroup> </command:parameter> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ObjectAttributes,AttributesFlags"> <maml:name>ObjectAttributes</maml:name> <maml:description> <maml:para>Object Attribute flags used during Open/Create calls.</maml:para> <maml:para>Possible values: None, ProtectClose, Inherit, AuditObjectClose, Permanent, Exclusive, CaseInsensitive, OpenIf, OpenLink, KernelHandle, ForceAccessCheck, IgnoreImpersonatedDevicemap, DontReparse</maml:para> <maml:para>This is an alias of the AttributeFlags parameter.</maml:para> </maml:description> <command:parameterValue required="true">AttributeFlags</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.AttributeFlags</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>CaseInsensitive</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">ProtectClose</command:parameterValue> <command:parameterValue required="false" variableLength="false">Inherit</command:parameterValue> <command:parameterValue required="false" variableLength="false">AuditObjectClose</command:parameterValue> <command:parameterValue required="false" variableLength="false">Permanent</command:parameterValue> <command:parameterValue required="false" variableLength="false">Exclusive</command:parameterValue> <command:parameterValue required="false" variableLength="false">CaseInsensitive</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenIf</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenLink</command:parameterValue> <command:parameterValue required="false" variableLength="false">KernelHandle</command:parameterValue> <command:parameterValue required="false" variableLength="false">ForceAccessCheck</command:parameterValue> <command:parameterValue required="false" variableLength="false">IgnoreImpersonatedDevicemap</command:parameterValue> <command:parameterValue required="false" variableLength="false">DontReparse</command:parameterValue> </command:parameterValueGroup> </command:parameter> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ObjectAttributes,AttributesFlags"> <maml:name>AttributesFlags</maml:name> <maml:description> <maml:para>Object Attribute flags used during Open/Create calls.</maml:para> <maml:para>Possible values: None, ProtectClose, Inherit, AuditObjectClose, Permanent, Exclusive, CaseInsensitive, OpenIf, OpenLink, KernelHandle, ForceAccessCheck, IgnoreImpersonatedDevicemap, DontReparse</maml:para> <maml:para>This is an alias of the AttributeFlags parameter.</maml:para> </maml:description> <command:parameterValue required="true">AttributeFlags</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.AttributeFlags</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>CaseInsensitive</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">ProtectClose</command:parameterValue> <command:parameterValue required="false" variableLength="false">Inherit</command:parameterValue> <command:parameterValue required="false" variableLength="false">AuditObjectClose</command:parameterValue> <command:parameterValue required="false" variableLength="false">Permanent</command:parameterValue> <command:parameterValue required="false" variableLength="false">Exclusive</command:parameterValue> <command:parameterValue required="false" variableLength="false">CaseInsensitive</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenIf</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenLink</command:parameterValue> <command:parameterValue required="false" variableLength="false">KernelHandle</command:parameterValue> <command:parameterValue required="false" variableLength="false">ForceAccessCheck</command:parameterValue> <command:parameterValue required="false" variableLength="false">IgnoreImpersonatedDevicemap</command:parameterValue> <command:parameterValue required="false" variableLength="false">DontReparse</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: SecurityDescriptor --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>SecurityDescriptor</maml:name> <maml:description> <maml:para>Set to provide an explicit security descriptor to a newly created object.</maml:para> </maml:description> <command:parameterValue required="true">SecurityDescriptor</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SecurityDescriptor</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Inherit --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Inherit</maml:name> <maml:description> <maml:para>Set to mark the new handle as inheritable. Can be used with ObjectAttributes.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: Sddl --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Sddl</maml:name> <maml:description> <maml:para>Set to provide an explicit security descriptor to a newly created object in SDDL format.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: SecurityQualityOfService --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>SecurityQualityOfService</maml:name> <maml:description> <maml:para>Set to provide an explicit security quality of service when opening files/namedpipes.</maml:para> </maml:description> <command:parameterValue required="true">SecurityQualityOfService</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SecurityQualityOfService</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Close --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Close</maml:name> <maml:description> <maml:para>Close the object immediately and don't pass to the output. This is useful to create permanent objects without needing to close the handle manually.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: ScriptBlock --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ScriptBlock</maml:name> <maml:description> <maml:para>Invoke a script block on the created object before writing it to the output. Can be used in combination with the Close to map objects to some value.</maml:para> </maml:description> <command:parameterValue required="true">ScriptBlock</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.ScriptBlock</maml:name> <maml:uri /> </dev:type> </command:parameter> </command:parameters> <command:inputTypes> <command:inputType> <dev:type> <maml:name>NtApiDotNet.NtObject</maml:name> <maml:uri /> </dev:type> <maml:description> <maml:para>An existing open NT object to use when Path is relative.</maml:para> </maml:description> </command:inputType> </command:inputTypes> <command:returnValues> <!-- OutputType: NtFile --> <command:returnValue> <dev:type> <maml:name>NtApiDotNet.NtFile</maml:name> <maml:uri /> </dev:type> </command:returnValue> <!-- OutputType: ReparseBuffer --> <command:returnValue> <dev:type> <maml:name>NtApiDotNet.ReparseBuffer</maml:name> <maml:uri /> </dev:type> </command:returnValue> </command:returnValues> <command:examples> <command:example> <maml:title>---------- EXAMPLE 1 ----------</maml:title> <dev:code>$obj = Get-NtFileReparsePoint \??\C:\XYZ</dev:code> <dev:remarks> <maml:para>Reads the reparse point with an absolute path.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 2 ----------</maml:title> <dev:code>$root = Get-NtFile \??\C:\ $obj = Get-NtFileReparsePoint XYZ -Root $root</dev:code> <dev:remarks> <maml:para>Reads the reparse point with a relative path.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 3 ----------</maml:title> <dev:code>$obj = Get-NtFileReparsePoint C:\XYZ -Win32Path</dev:code> <dev:remarks> <maml:para>Reads the reparse point with an absolute win32 path.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 4 ----------</maml:title> <dev:code>$obj = Get-NtFileReparsePoint ..\..\..\XYZ -Win32Path</dev:code> <dev:remarks> <maml:para>Reads the reparse point with a relative win32 path.</maml:para> </dev:remarks> </command:example> </command:examples> </command:command> <!-- Cmdlet: Remove-NtFileReparsePoint --> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"> <command:details> <command:name>Remove-NtFileReparsePoint</command:name> <command:verb>Remove</command:verb> <command:noun>NtFileReparsePoint</command:noun> <maml:description> <maml:para>Removes the reparse point buffer for file.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>This cmdlet removes the reparse point buffer from an existing NT file object. The absolute path to the object in the NT object manager name space can be specified. It's also possible to open the object relative to an existing object by specified the -Root parameter. To simplify calling it's also possible to specify the path in a Win32 format when using the -Win32Path parameter. It will return the original reparse buffer that was removed.</maml:para> </maml:description> <command:syntax> <!-- Parameter set: __AllParameterSets --> <command:syntaxItem> <maml:name>Remove-NtFileReparsePoint</maml:name> <!-- Parameter: Path --> <command:parameter required="true" globbing="false" pipelineInput="false" position="0"> <maml:name>Path</maml:name> <maml:description> <maml:para>The NT object manager path to the object to use.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Access --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Access</maml:name> <maml:description> <maml:para>Specify the access rights for a new handle when creating/opening an object.</maml:para> <maml:para>Possible values: None, ReadData, WriteData, AppendData, ReadEa, WriteEa, Execute, DeleteChild, ReadAttributes, WriteAttributes, GenericRead, GenericWrite, GenericExecute, GenericAll, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, MaximumAllowed, AccessSystemSecurity</maml:para> </maml:description> <command:parameterValue required="true">FileAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.FileAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>MaximumAllowed</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadData</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteData</command:parameterValue> <command:parameterValue required="false" variableLength="false">AppendData</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadEa</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteEa</command:parameterValue> <command:parameterValue required="false" variableLength="false">Execute</command:parameterValue> <command:parameterValue required="false" variableLength="false">DeleteChild</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadAttributes</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteAttributes</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> <command:parameterValue required="false" variableLength="false">AccessSystemSecurity</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: AttributeFlags --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ObjectAttributes,AttributesFlags"> <maml:name>AttributeFlags</maml:name> <maml:description> <maml:para>Object Attribute flags used during Open/Create calls.</maml:para> <maml:para>Possible values: None, ProtectClose, Inherit, AuditObjectClose, Permanent, Exclusive, CaseInsensitive, OpenIf, OpenLink, KernelHandle, ForceAccessCheck, IgnoreImpersonatedDevicemap, DontReparse</maml:para> </maml:description> <command:parameterValue required="true">AttributeFlags</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.AttributeFlags</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>CaseInsensitive</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">ProtectClose</command:parameterValue> <command:parameterValue required="false" variableLength="false">Inherit</command:parameterValue> <command:parameterValue required="false" variableLength="false">AuditObjectClose</command:parameterValue> <command:parameterValue required="false" variableLength="false">Permanent</command:parameterValue> <command:parameterValue required="false" variableLength="false">Exclusive</command:parameterValue> <command:parameterValue required="false" variableLength="false">CaseInsensitive</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenIf</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenLink</command:parameterValue> <command:parameterValue required="false" variableLength="false">KernelHandle</command:parameterValue> <command:parameterValue required="false" variableLength="false">ForceAccessCheck</command:parameterValue> <command:parameterValue required="false" variableLength="false">IgnoreImpersonatedDevicemap</command:parameterValue> <command:parameterValue required="false" variableLength="false">DontReparse</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: Close --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Close</maml:name> <maml:description> <maml:para>Close the object immediately and don't pass to the output. This is useful to create permanent objects without needing to close the handle manually.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: CloseRoot --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CloseRoot</maml:name> <maml:description> <maml:para>Automatically close the Root object when this cmdlet finishes processing. Useful for pipelines.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: CreateDirectories --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CreateDirectories</maml:name> <maml:description> <maml:para>Create any necessary NtDirectory objects to create the required object. Will return the created directories as well as the object in the output. The new object will be the first entry in the list. This doesn't work when opening an object or creating keys/files.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: DeviceGuid --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>DeviceGuid</maml:name> <maml:description> <maml:para>Specify that the path is a device GUID not a full path.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: DirectoryAccess --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>DirectoryAccess</maml:name> <maml:description> <maml:para>Specify file access using directory access rights.</maml:para> <maml:para>Possible values: None, ListDirectory, AddFile, AddSubDirectory, ReadEa, WriteEa, Traverse, DeleteChild, ReadAttributes, WriteAttributes, GenericRead, GenericWrite, GenericExecute, GenericAll, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, MaximumAllowed, AccessSystemSecurity</maml:para> </maml:description> <command:parameterValue required="true">FileDirectoryAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.FileDirectoryAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>MaximumAllowed</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">ListDirectory</command:parameterValue> <command:parameterValue required="false" variableLength="false">AddFile</command:parameterValue> <command:parameterValue required="false" variableLength="false">AddSubDirectory</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadEa</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteEa</command:parameterValue> <command:parameterValue required="false" variableLength="false">Traverse</command:parameterValue> <command:parameterValue required="false" variableLength="false">DeleteChild</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadAttributes</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteAttributes</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> <command:parameterValue required="false" variableLength="false">AccessSystemSecurity</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: Inherit --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Inherit</maml:name> <maml:description> <maml:para>Set to mark the new handle as inheritable. Can be used with ObjectAttributes.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: OpenById --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>OpenById</maml:name> <maml:description> <maml:para>Specify the path is a file id, in string format (e.g. 12345678) or a GUID object id.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: Options --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Options</maml:name> <maml:description> <maml:para>The options to open the file with.</maml:para> <maml:para>Possible values: None, DirectoryFile, WriteThrough, SequentialOnly, NoIntermediateBuffering, SynchronousIoAlert, SynchronousIoNonAlert, NonDirectoryFile, CreateTreeConnection, CompleteIfOplocked, NoEaKnowledge, OpenRemoteInstance, RandomAccess, DeleteOnClose, OpenByFileId, OpenForBackupIntent, NoCompression, OpenRequiringOplock, DisallowExclusive, SessionAware, ReserveOpfilter, OpenReparsePoint, OpenNoRecall, OpenForFreeSpaceQuery</maml:para> </maml:description> <command:parameterValue required="true">FileOpenOptions</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.FileOpenOptions</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>OpenReparsePoint</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">DirectoryFile</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteThrough</command:parameterValue> <command:parameterValue required="false" variableLength="false">SequentialOnly</command:parameterValue> <command:parameterValue required="false" variableLength="false">NoIntermediateBuffering</command:parameterValue> <command:parameterValue required="false" variableLength="false">SynchronousIoAlert</command:parameterValue> <command:parameterValue required="false" variableLength="false">SynchronousIoNonAlert</command:parameterValue> <command:parameterValue required="false" variableLength="false">NonDirectoryFile</command:parameterValue> <command:parameterValue required="false" variableLength="false">CreateTreeConnection</command:parameterValue> <command:parameterValue required="false" variableLength="false">CompleteIfOplocked</command:parameterValue> <command:parameterValue required="false" variableLength="false">NoEaKnowledge</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenRemoteInstance</command:parameterValue> <command:parameterValue required="false" variableLength="false">RandomAccess</command:parameterValue> <command:parameterValue required="false" variableLength="false">DeleteOnClose</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenByFileId</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenForBackupIntent</command:parameterValue> <command:parameterValue required="false" variableLength="false">NoCompression</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenRequiringOplock</command:parameterValue> <command:parameterValue required="false" variableLength="false">DisallowExclusive</command:parameterValue> <command:parameterValue required="false" variableLength="false">SessionAware</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReserveOpfilter</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenReparsePoint</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenNoRecall</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenForFreeSpaceQuery</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: ReparseTag --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ReparseTag</maml:name> <maml:description> <maml:para>Specify an existing reparse tag to delete. Default is to query for the existing reparse tag.</maml:para> <maml:para>Possible values: NONE, MOUNT_POINT, HSM, DRIVE_EXTENDER, HSM2, SIS, WIM, CSV, DFS, FILTER_MANAGER, SYMLINK, IIS_CACHE, DFSR, DEDUP, APPXSTRM, NFS, FILE_PLACEHOLDER, DFM, WOF, WCI, WCI_1, GLOBAL_REPARSE, CLOUD, CLOUD_1, CLOUD_2, CLOUD_3, CLOUD_4, CLOUD_5, CLOUD_6, CLOUD_7, CLOUD_8, CLOUD_9, CLOUD_A, CLOUD_B, CLOUD_C, CLOUD_D, CLOUD_E, CLOUD_F, CLOUD_MASK, APPEXECLINK, PROJFS, LX_SYMLINK, STORAGE_SYNC, WCI_TOMBSTONE, UNHANDLED, ONEDRIVE, PROJFS_TOMBSTONE, AF_UNIX, LX_FIFO, LX_CHR, LX_BLK</maml:para> </maml:description> <command:parameterValue required="true">ReparseTag</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.ReparseTag</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>NONE</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">NONE</command:parameterValue> <command:parameterValue required="false" variableLength="false">MOUNT_POINT</command:parameterValue> <command:parameterValue required="false" variableLength="false">HSM</command:parameterValue> <command:parameterValue required="false" variableLength="false">DRIVE_EXTENDER</command:parameterValue> <command:parameterValue required="false" variableLength="false">HSM2</command:parameterValue> <command:parameterValue required="false" variableLength="false">SIS</command:parameterValue> <command:parameterValue required="false" variableLength="false">WIM</command:parameterValue> <command:parameterValue required="false" variableLength="false">CSV</command:parameterValue> <command:parameterValue required="false" variableLength="false">DFS</command:parameterValue> <command:parameterValue required="false" variableLength="false">FILTER_MANAGER</command:parameterValue> <command:parameterValue required="false" variableLength="false">SYMLINK</command:parameterValue> <command:parameterValue required="false" variableLength="false">IIS_CACHE</command:parameterValue> <command:parameterValue required="false" variableLength="false">DFSR</command:parameterValue> <command:parameterValue required="false" variableLength="false">DEDUP</command:parameterValue> <command:parameterValue required="false" variableLength="false">APPXSTRM</command:parameterValue> <command:parameterValue required="false" variableLength="false">NFS</command:parameterValue> <command:parameterValue required="false" variableLength="false">FILE_PLACEHOLDER</command:parameterValue> <command:parameterValue required="false" variableLength="false">DFM</command:parameterValue> <command:parameterValue required="false" variableLength="false">WOF</command:parameterValue> <command:parameterValue required="false" variableLength="false">WCI</command:parameterValue> <command:parameterValue required="false" variableLength="false">WCI_1</command:parameterValue> <command:parameterValue required="false" variableLength="false">GLOBAL_REPARSE</command:parameterValue> <command:parameterValue required="false" variableLength="false">CLOUD</command:parameterValue> <command:parameterValue required="false" variableLength="false">CLOUD_1</command:parameterValue> <command:parameterValue required="false" variableLength="false">CLOUD_2</command:parameterValue> <command:parameterValue required="false" variableLength="false">CLOUD_3</command:parameterValue> <command:parameterValue required="false" variableLength="false">CLOUD_4</command:parameterValue> <command:parameterValue required="false" variableLength="false">CLOUD_5</command:parameterValue> <command:parameterValue required="false" variableLength="false">CLOUD_6</command:parameterValue> <command:parameterValue required="false" variableLength="false">CLOUD_7</command:parameterValue> <command:parameterValue required="false" variableLength="false">CLOUD_8</command:parameterValue> <command:parameterValue required="false" variableLength="false">CLOUD_9</command:parameterValue> <command:parameterValue required="false" variableLength="false">CLOUD_A</command:parameterValue> <command:parameterValue required="false" variableLength="false">CLOUD_B</command:parameterValue> <command:parameterValue required="false" variableLength="false">CLOUD_C</command:parameterValue> <command:parameterValue required="false" variableLength="false">CLOUD_D</command:parameterValue> <command:parameterValue required="false" variableLength="false">CLOUD_E</command:parameterValue> <command:parameterValue required="false" variableLength="false">CLOUD_F</command:parameterValue> <command:parameterValue required="false" variableLength="false">CLOUD_MASK</command:parameterValue> <command:parameterValue required="false" variableLength="false">APPEXECLINK</command:parameterValue> <command:parameterValue required="false" variableLength="false">PROJFS</command:parameterValue> <command:parameterValue required="false" variableLength="false">LX_SYMLINK</command:parameterValue> <command:parameterValue required="false" variableLength="false">STORAGE_SYNC</command:parameterValue> <command:parameterValue required="false" variableLength="false">WCI_TOMBSTONE</command:parameterValue> <command:parameterValue required="false" variableLength="false">UNHANDLED</command:parameterValue> <command:parameterValue required="false" variableLength="false">ONEDRIVE</command:parameterValue> <command:parameterValue required="false" variableLength="false">PROJFS_TOMBSTONE</command:parameterValue> <command:parameterValue required="false" variableLength="false">AF_UNIX</command:parameterValue> <command:parameterValue required="false" variableLength="false">LX_FIFO</command:parameterValue> <command:parameterValue required="false" variableLength="false">LX_CHR</command:parameterValue> <command:parameterValue required="false" variableLength="false">LX_BLK</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: Root --> <command:parameter required="false" globbing="false" pipelineInput="true (ByValue)" position="named"> <maml:name>Root</maml:name> <maml:description> <maml:para>An existing open NT object to use when Path is relative.</maml:para> </maml:description> <command:parameterValue required="true">NtObject</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtObject</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: ScriptBlock --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ScriptBlock</maml:name> <maml:description> <maml:para>Invoke a script block on the created object before writing it to the output. Can be used in combination with the Close to map objects to some value.</maml:para> </maml:description> <command:parameterValue required="true">ScriptBlock</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.ScriptBlock</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Sddl --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Sddl</maml:name> <maml:description> <maml:para>Set to provide an explicit security descriptor to a newly created object in SDDL format.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: SecurityDescriptor --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>SecurityDescriptor</maml:name> <maml:description> <maml:para>Set to provide an explicit security descriptor to a newly created object.</maml:para> </maml:description> <command:parameterValue required="true">SecurityDescriptor</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SecurityDescriptor</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: SecurityQualityOfService --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>SecurityQualityOfService</maml:name> <maml:description> <maml:para>Set to provide an explicit security quality of service when opening files/namedpipes.</maml:para> </maml:description> <command:parameterValue required="true">SecurityQualityOfService</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SecurityQualityOfService</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: ShareMode --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ShareMode</maml:name> <maml:description> <maml:para>The access share mode to open the file with.</maml:para> <maml:para>Possible values: None, Read, Write, Delete, All</maml:para> </maml:description> <command:parameterValue required="true">FileShareMode</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.FileShareMode</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">Read</command:parameterValue> <command:parameterValue required="false" variableLength="false">Write</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">All</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: Transaction --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Transaction</maml:name> <maml:description> <maml:para>Specify a transaction to create the file under.</maml:para> </maml:description> <command:parameterValue required="true">NtTransaction</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtTransaction</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Win32Path --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Win32Path</maml:name> <maml:description> <maml:para>Use a Win32 path for lookups. For NT objects this means relative to BNO, for files means a DOS style path.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <!-- Parameter: ReparseTag --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ReparseTag</maml:name> <maml:description> <maml:para>Specify an existing reparse tag to delete. Default is to query for the existing reparse tag.</maml:para> <maml:para>Possible values: NONE, MOUNT_POINT, HSM, DRIVE_EXTENDER, HSM2, SIS, WIM, CSV, DFS, FILTER_MANAGER, SYMLINK, IIS_CACHE, DFSR, DEDUP, APPXSTRM, NFS, FILE_PLACEHOLDER, DFM, WOF, WCI, WCI_1, GLOBAL_REPARSE, CLOUD, CLOUD_1, CLOUD_2, CLOUD_3, CLOUD_4, CLOUD_5, CLOUD_6, CLOUD_7, CLOUD_8, CLOUD_9, CLOUD_A, CLOUD_B, CLOUD_C, CLOUD_D, CLOUD_E, CLOUD_F, CLOUD_MASK, APPEXECLINK, PROJFS, LX_SYMLINK, STORAGE_SYNC, WCI_TOMBSTONE, UNHANDLED, ONEDRIVE, PROJFS_TOMBSTONE, AF_UNIX, LX_FIFO, LX_CHR, LX_BLK</maml:para> </maml:description> <command:parameterValue required="true">ReparseTag</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.ReparseTag</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>NONE</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">NONE</command:parameterValue> <command:parameterValue required="false" variableLength="false">MOUNT_POINT</command:parameterValue> <command:parameterValue required="false" variableLength="false">HSM</command:parameterValue> <command:parameterValue required="false" variableLength="false">DRIVE_EXTENDER</command:parameterValue> <command:parameterValue required="false" variableLength="false">HSM2</command:parameterValue> <command:parameterValue required="false" variableLength="false">SIS</command:parameterValue> <command:parameterValue required="false" variableLength="false">WIM</command:parameterValue> <command:parameterValue required="false" variableLength="false">CSV</command:parameterValue> <command:parameterValue required="false" variableLength="false">DFS</command:parameterValue> <command:parameterValue required="false" variableLength="false">FILTER_MANAGER</command:parameterValue> <command:parameterValue required="false" variableLength="false">SYMLINK</command:parameterValue> <command:parameterValue required="false" variableLength="false">IIS_CACHE</command:parameterValue> <command:parameterValue required="false" variableLength="false">DFSR</command:parameterValue> <command:parameterValue required="false" variableLength="false">DEDUP</command:parameterValue> <command:parameterValue required="false" variableLength="false">APPXSTRM</command:parameterValue> <command:parameterValue required="false" variableLength="false">NFS</command:parameterValue> <command:parameterValue required="false" variableLength="false">FILE_PLACEHOLDER</command:parameterValue> <command:parameterValue required="false" variableLength="false">DFM</command:parameterValue> <command:parameterValue required="false" variableLength="false">WOF</command:parameterValue> <command:parameterValue required="false" variableLength="false">WCI</command:parameterValue> <command:parameterValue required="false" variableLength="false">WCI_1</command:parameterValue> <command:parameterValue required="false" variableLength="false">GLOBAL_REPARSE</command:parameterValue> <command:parameterValue required="false" variableLength="false">CLOUD</command:parameterValue> <command:parameterValue required="false" variableLength="false">CLOUD_1</command:parameterValue> <command:parameterValue required="false" variableLength="false">CLOUD_2</command:parameterValue> <command:parameterValue required="false" variableLength="false">CLOUD_3</command:parameterValue> <command:parameterValue required="false" variableLength="false">CLOUD_4</command:parameterValue> <command:parameterValue required="false" variableLength="false">CLOUD_5</command:parameterValue> <command:parameterValue required="false" variableLength="false">CLOUD_6</command:parameterValue> <command:parameterValue required="false" variableLength="false">CLOUD_7</command:parameterValue> <command:parameterValue required="false" variableLength="false">CLOUD_8</command:parameterValue> <command:parameterValue required="false" variableLength="false">CLOUD_9</command:parameterValue> <command:parameterValue required="false" variableLength="false">CLOUD_A</command:parameterValue> <command:parameterValue required="false" variableLength="false">CLOUD_B</command:parameterValue> <command:parameterValue required="false" variableLength="false">CLOUD_C</command:parameterValue> <command:parameterValue required="false" variableLength="false">CLOUD_D</command:parameterValue> <command:parameterValue required="false" variableLength="false">CLOUD_E</command:parameterValue> <command:parameterValue required="false" variableLength="false">CLOUD_F</command:parameterValue> <command:parameterValue required="false" variableLength="false">CLOUD_MASK</command:parameterValue> <command:parameterValue required="false" variableLength="false">APPEXECLINK</command:parameterValue> <command:parameterValue required="false" variableLength="false">PROJFS</command:parameterValue> <command:parameterValue required="false" variableLength="false">LX_SYMLINK</command:parameterValue> <command:parameterValue required="false" variableLength="false">STORAGE_SYNC</command:parameterValue> <command:parameterValue required="false" variableLength="false">WCI_TOMBSTONE</command:parameterValue> <command:parameterValue required="false" variableLength="false">UNHANDLED</command:parameterValue> <command:parameterValue required="false" variableLength="false">ONEDRIVE</command:parameterValue> <command:parameterValue required="false" variableLength="false">PROJFS_TOMBSTONE</command:parameterValue> <command:parameterValue required="false" variableLength="false">AF_UNIX</command:parameterValue> <command:parameterValue required="false" variableLength="false">LX_FIFO</command:parameterValue> <command:parameterValue required="false" variableLength="false">LX_CHR</command:parameterValue> <command:parameterValue required="false" variableLength="false">LX_BLK</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: Path --> <command:parameter required="true" globbing="false" pipelineInput="false" position="0"> <maml:name>Path</maml:name> <maml:description> <maml:para>The NT object manager path to the object to use.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: DeviceGuid --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>DeviceGuid</maml:name> <maml:description> <maml:para>Specify that the path is a device GUID not a full path.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: OpenById --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>OpenById</maml:name> <maml:description> <maml:para>Specify the path is a file id, in string format (e.g. 12345678) or a GUID object id.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: DirectoryAccess --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>DirectoryAccess</maml:name> <maml:description> <maml:para>Specify file access using directory access rights.</maml:para> <maml:para>Possible values: None, ListDirectory, AddFile, AddSubDirectory, ReadEa, WriteEa, Traverse, DeleteChild, ReadAttributes, WriteAttributes, GenericRead, GenericWrite, GenericExecute, GenericAll, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, MaximumAllowed, AccessSystemSecurity</maml:para> </maml:description> <command:parameterValue required="true">FileDirectoryAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.FileDirectoryAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>MaximumAllowed</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">ListDirectory</command:parameterValue> <command:parameterValue required="false" variableLength="false">AddFile</command:parameterValue> <command:parameterValue required="false" variableLength="false">AddSubDirectory</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadEa</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteEa</command:parameterValue> <command:parameterValue required="false" variableLength="false">Traverse</command:parameterValue> <command:parameterValue required="false" variableLength="false">DeleteChild</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadAttributes</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteAttributes</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> <command:parameterValue required="false" variableLength="false">AccessSystemSecurity</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: ShareMode --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ShareMode</maml:name> <maml:description> <maml:para>The access share mode to open the file with.</maml:para> <maml:para>Possible values: None, Read, Write, Delete, All</maml:para> </maml:description> <command:parameterValue required="true">FileShareMode</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.FileShareMode</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">Read</command:parameterValue> <command:parameterValue required="false" variableLength="false">Write</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">All</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: Options --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Options</maml:name> <maml:description> <maml:para>The options to open the file with.</maml:para> <maml:para>Possible values: None, DirectoryFile, WriteThrough, SequentialOnly, NoIntermediateBuffering, SynchronousIoAlert, SynchronousIoNonAlert, NonDirectoryFile, CreateTreeConnection, CompleteIfOplocked, NoEaKnowledge, OpenRemoteInstance, RandomAccess, DeleteOnClose, OpenByFileId, OpenForBackupIntent, NoCompression, OpenRequiringOplock, DisallowExclusive, SessionAware, ReserveOpfilter, OpenReparsePoint, OpenNoRecall, OpenForFreeSpaceQuery</maml:para> </maml:description> <command:parameterValue required="true">FileOpenOptions</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.FileOpenOptions</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>OpenReparsePoint</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">DirectoryFile</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteThrough</command:parameterValue> <command:parameterValue required="false" variableLength="false">SequentialOnly</command:parameterValue> <command:parameterValue required="false" variableLength="false">NoIntermediateBuffering</command:parameterValue> <command:parameterValue required="false" variableLength="false">SynchronousIoAlert</command:parameterValue> <command:parameterValue required="false" variableLength="false">SynchronousIoNonAlert</command:parameterValue> <command:parameterValue required="false" variableLength="false">NonDirectoryFile</command:parameterValue> <command:parameterValue required="false" variableLength="false">CreateTreeConnection</command:parameterValue> <command:parameterValue required="false" variableLength="false">CompleteIfOplocked</command:parameterValue> <command:parameterValue required="false" variableLength="false">NoEaKnowledge</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenRemoteInstance</command:parameterValue> <command:parameterValue required="false" variableLength="false">RandomAccess</command:parameterValue> <command:parameterValue required="false" variableLength="false">DeleteOnClose</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenByFileId</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenForBackupIntent</command:parameterValue> <command:parameterValue required="false" variableLength="false">NoCompression</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenRequiringOplock</command:parameterValue> <command:parameterValue required="false" variableLength="false">DisallowExclusive</command:parameterValue> <command:parameterValue required="false" variableLength="false">SessionAware</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReserveOpfilter</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenReparsePoint</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenNoRecall</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenForFreeSpaceQuery</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: Transaction --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Transaction</maml:name> <maml:description> <maml:para>Specify a transaction to create the file under.</maml:para> </maml:description> <command:parameterValue required="true">NtTransaction</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtTransaction</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Access --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Access</maml:name> <maml:description> <maml:para>Specify the access rights for a new handle when creating/opening an object.</maml:para> <maml:para>Possible values: None, ReadData, WriteData, AppendData, ReadEa, WriteEa, Execute, DeleteChild, ReadAttributes, WriteAttributes, GenericRead, GenericWrite, GenericExecute, GenericAll, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, MaximumAllowed, AccessSystemSecurity</maml:para> </maml:description> <command:parameterValue required="true">FileAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.FileAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>MaximumAllowed</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadData</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteData</command:parameterValue> <command:parameterValue required="false" variableLength="false">AppendData</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadEa</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteEa</command:parameterValue> <command:parameterValue required="false" variableLength="false">Execute</command:parameterValue> <command:parameterValue required="false" variableLength="false">DeleteChild</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadAttributes</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteAttributes</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> <command:parameterValue required="false" variableLength="false">AccessSystemSecurity</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: Root --> <command:parameter required="false" globbing="false" pipelineInput="true (ByValue)" position="named"> <maml:name>Root</maml:name> <maml:description> <maml:para>An existing open NT object to use when Path is relative.</maml:para> </maml:description> <command:parameterValue required="true">NtObject</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtObject</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Win32Path --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Win32Path</maml:name> <maml:description> <maml:para>Use a Win32 path for lookups. For NT objects this means relative to BNO, for files means a DOS style path.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: CloseRoot --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CloseRoot</maml:name> <maml:description> <maml:para>Automatically close the Root object when this cmdlet finishes processing. Useful for pipelines.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: CreateDirectories --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CreateDirectories</maml:name> <maml:description> <maml:para>Create any necessary NtDirectory objects to create the required object. Will return the created directories as well as the object in the output. The new object will be the first entry in the list. This doesn't work when opening an object or creating keys/files.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: AttributeFlags --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ObjectAttributes,AttributesFlags"> <maml:name>AttributeFlags</maml:name> <maml:description> <maml:para>Object Attribute flags used during Open/Create calls.</maml:para> <maml:para>Possible values: None, ProtectClose, Inherit, AuditObjectClose, Permanent, Exclusive, CaseInsensitive, OpenIf, OpenLink, KernelHandle, ForceAccessCheck, IgnoreImpersonatedDevicemap, DontReparse</maml:para> </maml:description> <command:parameterValue required="true">AttributeFlags</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.AttributeFlags</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>CaseInsensitive</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">ProtectClose</command:parameterValue> <command:parameterValue required="false" variableLength="false">Inherit</command:parameterValue> <command:parameterValue required="false" variableLength="false">AuditObjectClose</command:parameterValue> <command:parameterValue required="false" variableLength="false">Permanent</command:parameterValue> <command:parameterValue required="false" variableLength="false">Exclusive</command:parameterValue> <command:parameterValue required="false" variableLength="false">CaseInsensitive</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenIf</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenLink</command:parameterValue> <command:parameterValue required="false" variableLength="false">KernelHandle</command:parameterValue> <command:parameterValue required="false" variableLength="false">ForceAccessCheck</command:parameterValue> <command:parameterValue required="false" variableLength="false">IgnoreImpersonatedDevicemap</command:parameterValue> <command:parameterValue required="false" variableLength="false">DontReparse</command:parameterValue> </command:parameterValueGroup> </command:parameter> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ObjectAttributes,AttributesFlags"> <maml:name>ObjectAttributes</maml:name> <maml:description> <maml:para>Object Attribute flags used during Open/Create calls.</maml:para> <maml:para>Possible values: None, ProtectClose, Inherit, AuditObjectClose, Permanent, Exclusive, CaseInsensitive, OpenIf, OpenLink, KernelHandle, ForceAccessCheck, IgnoreImpersonatedDevicemap, DontReparse</maml:para> <maml:para>This is an alias of the AttributeFlags parameter.</maml:para> </maml:description> <command:parameterValue required="true">AttributeFlags</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.AttributeFlags</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>CaseInsensitive</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">ProtectClose</command:parameterValue> <command:parameterValue required="false" variableLength="false">Inherit</command:parameterValue> <command: |