Created
December 9, 2016 14:03
-
-
Save robderickson/72fd62a468e1c1587ea1bd659aef3ab4 to your computer and use it in GitHub Desktop.
Script to add an entry to an access control list. Wrote this four years ago, so definitely not my best work.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <# | |
| .SYNOPSIS | |
| Creates an access control entry (ACE) and adds it to an access control list (ACL). | |
| .DESCRIPTION | |
| Creates an access control entry (ACE) and adds it to an access control list (ACL). | |
| .PARAMETER Rights | |
| A right or list of rights to be allowed or denied by the ACE. | |
| .PARAMETER Inherit | |
| Force the ACE to be inherited by child objects. | |
| .PARAMETER AccessType | |
| Used to specify whether or not the ACE allows or denies the specified rights. Accepts values of "Allow" or "Deny" | |
| .PARAMETER Identity | |
| The identity (Active Directory user account, group, computer account, etc.) the ACE applies to. | |
| .PARAMETER Object | |
| The path to the object whose ACL you are modifying. | |
| .EXAMPLE | |
| Add-ACEtoACL -Rights "Modify" -Inherit -AccessType Allow -Identity "contoso\cbabbage" -Object "C:\Data" | |
| This example allows the user cbabbage in the contoso domain to modify the C:\Data folder and all of its children. | |
| #> | |
| Param( | |
| [Parameter(Mandatory=$true)] | |
| [String] | |
| $Rights | |
| , | |
| [Switch] | |
| $Inherit | |
| , | |
| [ValidateSet("Allow","Deny")] | |
| [String] | |
| $AccessType | |
| , | |
| [Parameter(Mandatory=$true)] | |
| [String] | |
| $Identity | |
| , | |
| [Parameter(Mandatory=$true)] | |
| [String] | |
| $Object | |
| ) | |
| $colRights = [System.Security.AccessControl.FileSystemRights]$Rights | |
| if ($Inherit) { | |
| $InheritanceFlag = [System.Security.AccessControl.InheritanceFlags]"ContainerInherit, ObjectInherit" | |
| } | |
| else { | |
| $InheritanceFlag = [System.Security.AccessControl.InheritanceFlags]::None | |
| } | |
| $PropagationFlag = [System.Security.AccessControl.PropagationFlags]::None | |
| $objType =[System.Security.AccessControl.AccessControlType]::$AccessType | |
| $objUser = New-Object System.Security.Principal.NTAccount($Identity) | |
| $objACE = New-Object System.Security.AccessControl.FileSystemAccessRule ` | |
| ($objUser, $colRights, $InheritanceFlag, $PropagationFlag, $objType) | |
| $objACL = Get-ACL $Object | |
| $objACL.AddAccessRule($objACE) | |
| Set-ACL -Path $Object -AclObject $objACL |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment