Register-DCAccessRule
SYNOPSIS
Registers an access rule for FileSystem paths on a domain controller.
SYNTAX
ACE
Register-DCAccessRule -Path <string> -Identity <string> -Rights <FileSystemRights>
[-Type <AccessControlType>] [-Inheritance <InheritanceFlags>] [-Propagation <PropagationFlags>]
[-AccessMode <string>] [-ServerRole <string>] [-ContextName <string>] [<CommonParameters>]
Empty
Register-DCAccessRule -Path <string> -Empty <bool> [-ServerRole <string>] [-ContextName <string>]
[<CommonParameters>]
DESCRIPTION
Registers an access rule for FileSystem paths on a domain controller.
EXAMPLES
EXAMPLE 1
Get-Content .\accessrules.json | ConvertFrom-Json | Write-Output | Register-DCAccessRule
Reads all access rule definitions from json and imports the definitions.
PARAMETERS
-AccessMode
How filesystem access rules are processed. Supports three configurations:
- Constrained: The default access mode, will remove any excess access rules.
- Additive: Ignore any access rules already on the path, even if not configured
- Defined: Ignore any access rules already on the path, even if not configured UNLESS the identity on those rules has an access level defined for it.
Type: System.String
DefaultValue: Constrained
SupportsWildcards: false
Aliases: []
ParameterSets:
- Name: ACE
Position: Named
IsRequired: false
ValueFromPipeline: false
ValueFromPipelineByPropertyName: true
ValueFromRemainingArguments: false
DontShow: false
AcceptedValues: []
HelpMessage: ''
-ContextName
The name of the context defining the setting. This allows determining the configuration set that provided this setting. Used by the ADMF, available to any other configuration management solution.
Type: System.String
DefaultValue: <Undefined>
SupportsWildcards: false
Aliases: []
ParameterSets:
- Name: (All)
Position: Named
IsRequired: false
ValueFromPipeline: false
ValueFromPipelineByPropertyName: false
ValueFromRemainingArguments: false
DontShow: false
AcceptedValues: []
HelpMessage: ''
-Empty
This path should have no explicit ACE defined.
Type: System.Boolean
DefaultValue: False
SupportsWildcards: false
Aliases: []
ParameterSets:
- Name: Empty
Position: Named
IsRequired: true
ValueFromPipeline: false
ValueFromPipelineByPropertyName: true
ValueFromRemainingArguments: false
DontShow: false
AcceptedValues: []
HelpMessage: ''
-Identity
What identity / principal to grant access. Supports string resolution.
Type: System.String
DefaultValue: ''
SupportsWildcards: false
Aliases: []
ParameterSets:
- Name: ACE
Position: Named
IsRequired: true
ValueFromPipeline: false
ValueFromPipelineByPropertyName: true
ValueFromRemainingArguments: false
DontShow: false
AcceptedValues: []
HelpMessage: ''
-Inheritance
Who and how are access rules inherited. Defaults to 'ContainerInherit, ObjectInherit', meaning everything beneath the path inherits as well.
Type: System.Security.AccessControl.InheritanceFlags
DefaultValue: ContainerInherit, ObjectInherit
SupportsWildcards: false
Aliases: []
ParameterSets:
- Name: ACE
Position: Named
IsRequired: false
ValueFromPipeline: false
ValueFromPipelineByPropertyName: true
ValueFromRemainingArguments: false
DontShow: false
AcceptedValues: []
HelpMessage: ''
-Path
The path to the filesystem object to grant permissions on. Supports string resolution.
Type: System.String
DefaultValue: ''
SupportsWildcards: false
Aliases: []
ParameterSets:
- Name: (All)
Position: Named
IsRequired: true
ValueFromPipeline: false
ValueFromPipelineByPropertyName: true
ValueFromRemainingArguments: false
DontShow: false
AcceptedValues: []
HelpMessage: ''
-Propagation
How access rules are being propagated. Defaults to "None", the windows default behavior.
Type: System.Security.AccessControl.PropagationFlags
DefaultValue: None
SupportsWildcards: false
Aliases: []
ParameterSets:
- Name: ACE
Position: Named
IsRequired: false
ValueFromPipeline: false
ValueFromPipelineByPropertyName: true
ValueFromRemainingArguments: false
DontShow: false
AcceptedValues: []
HelpMessage: ''
-Rights
What file system right to grant.
Type: System.Security.AccessControl.FileSystemRights
DefaultValue: ''
SupportsWildcards: false
Aliases: []
ParameterSets:
- Name: ACE
Position: Named
IsRequired: true
ValueFromPipeline: false
ValueFromPipelineByPropertyName: true
ValueFromRemainingArguments: false
DontShow: false
AcceptedValues: []
HelpMessage: ''
-ServerRole
What domain controller to apply this to:
- All: All DCs in the enterprise
- FSMO: Only DCs that have any FSMO role
- PDC: Only the PDCEmulator
Type: System.String
DefaultValue: All
SupportsWildcards: false
Aliases: []
ParameterSets:
- Name: (All)
Position: Named
IsRequired: false
ValueFromPipeline: false
ValueFromPipelineByPropertyName: true
ValueFromRemainingArguments: false
DontShow: false
AcceptedValues: []
HelpMessage: ''
-Type
Whether this is an allow or a deny rule. Defaults to Allow.
Type: System.Security.AccessControl.AccessControlType
DefaultValue: Allow
SupportsWildcards: false
Aliases: []
ParameterSets:
- Name: ACE
Position: Named
IsRequired: false
ValueFromPipeline: false
ValueFromPipelineByPropertyName: true
ValueFromRemainingArguments: false
DontShow: false
AcceptedValues: []
HelpMessage: ''
CommonParameters
This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutBuffer, -OutVariable, -PipelineVariable, -ProgressAction, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.