cNtfsAccessControl

1.4.1

Examples/Sample_cNtfsPermissionEntry.ps1

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
                                <#

.SYNOPSIS

    Assign NTFS permissions.

.DESCRIPTION

    This example shows how to use the cNtfsPermissionEntry DSC resource to assign NTFS permissions.

#>

Configuration Sample_cNtfsPermissionEntry

{

    param

    (

        [Parameter(Mandatory = $false)]

        [ValidateNotNullOrEmpty()]

        [String]

        $Path = (Join-Path -Path ([System.IO.Path]::GetTempPath()) -ChildPath ([Guid]::NewGuid().Guid))

    )

    Import-DscResource -ModuleName cNtfsAccessControl

    Import-DscResource -ModuleName PSDesiredStateConfiguration

    File TestDirectory

    {

        Ensure = 'Present'

        DestinationPath = $Path

        Type = 'Directory'

    }

    # Ensure that a single permission entry is assigned to the local 'Users' group.

    cNtfsPermissionEntry PermissionSet1

    {

        Ensure = 'Present'

        Path = $Path

        Principal = 'BUILTIN\Users'

        AccessControlInformation = @(

            cNtfsAccessControlInformation

            {

                AccessControlType = 'Allow'

                FileSystemRights = 'ReadAndExecute'

                Inheritance = 'ThisFolderSubfoldersAndFiles'

                NoPropagateInherit = $false

            }

        )

        DependsOn = '[File]TestDirectory'

    }

    # Ensure that multiple permission entries are assigned to the local 'Administrators' group.

    cNtfsPermissionEntry PermissionSet2

    {

        Ensure = 'Present'

        Path = $Path

        Principal = 'BUILTIN\Administrators'

        AccessControlInformation = @(

            cNtfsAccessControlInformation

            {

                AccessControlType = 'Allow'

                FileSystemRights = 'Modify'

                Inheritance = 'ThisFolderOnly'

                NoPropagateInherit = $false

            }

            cNtfsAccessControlInformation

            {

                AccessControlType = 'Allow'

                FileSystemRights = 'ReadAndExecute'

                Inheritance = 'ThisFolderSubfoldersAndFiles'

                NoPropagateInherit = $false

            }

            cNtfsAccessControlInformation

            {

                AccessControlType = 'Allow'

                FileSystemRights = 'AppendData', 'CreateFiles'

                Inheritance = 'SubfoldersAndFilesOnly'

                NoPropagateInherit = $false

            }

        )

        DependsOn = '[File]TestDirectory'

    }

    # Ensure that all explicit permissions associated with the 'Authenticated Users' group are removed.

    cNtfsPermissionEntry PermissionSet3

    {

        Ensure = 'Absent'

        Path = $Path

        Principal = 'NT AUTHORITY\Authenticated Users'

        DependsOn = '[File]TestDirectory'

    }

}

$OutputPath = Join-Path -Path ([System.IO.Path]::GetTempPath()) -ChildPath 'Sample_cNtfsPermissionEntry'

Sample_cNtfsPermissionEntry -OutputPath $OutputPath

Start-DscConfiguration -Path $OutputPath -Force -Verbose -Wait