Examples/Sample_cNtfsPermissionEntry.ps1
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 |
<#
.SYNOPSIS Assign NTFS permissions. .DESCRIPTION This example shows how to use the cNtfsPermissionEntry DSC resource to assign NTFS permissions. #> Configuration Sample_cNtfsPermissionEntry { param ( [Parameter(Mandatory = $false)] [ValidateNotNullOrEmpty()] [String] $Path = (Join-Path -Path ([System.IO.Path]::GetTempPath()) -ChildPath ([Guid]::NewGuid().Guid)) ) Import-DscResource -ModuleName cNtfsAccessControl Import-DscResource -ModuleName PSDesiredStateConfiguration File TestDirectory { Ensure = 'Present' DestinationPath = $Path Type = 'Directory' } # Ensure that a single permission entry is assigned to the local 'Users' group. cNtfsPermissionEntry PermissionSet1 { Ensure = 'Present' Path = $Path Principal = 'BUILTIN\Users' AccessControlInformation = @( cNtfsAccessControlInformation { AccessControlType = 'Allow' FileSystemRights = 'ReadAndExecute' Inheritance = 'ThisFolderSubfoldersAndFiles' NoPropagateInherit = $false } ) DependsOn = '[File]TestDirectory' } # Ensure that multiple permission entries are assigned to the local 'Administrators' group. cNtfsPermissionEntry PermissionSet2 { Ensure = 'Present' Path = $Path Principal = 'BUILTIN\Administrators' AccessControlInformation = @( cNtfsAccessControlInformation { AccessControlType = 'Allow' FileSystemRights = 'Modify' Inheritance = 'ThisFolderOnly' NoPropagateInherit = $false } cNtfsAccessControlInformation { AccessControlType = 'Allow' FileSystemRights = 'ReadAndExecute' Inheritance = 'ThisFolderSubfoldersAndFiles' NoPropagateInherit = $false } cNtfsAccessControlInformation { AccessControlType = 'Allow' FileSystemRights = 'AppendData', 'CreateFiles' Inheritance = 'SubfoldersAndFilesOnly' NoPropagateInherit = $false } ) DependsOn = '[File]TestDirectory' } # Ensure that all explicit permissions associated with the 'Authenticated Users' group are removed. cNtfsPermissionEntry PermissionSet3 { Ensure = 'Absent' Path = $Path Principal = 'NT AUTHORITY\Authenticated Users' DependsOn = '[File]TestDirectory' } } $OutputPath = Join-Path -Path ([System.IO.Path]::GetTempPath()) -ChildPath 'Sample_cNtfsPermissionEntry' Sample_cNtfsPermissionEntry -OutputPath $OutputPath Start-DscConfiguration -Path $OutputPath -Force -Verbose -Wait |