Skip to main content

Register-FMSchemaDefaultPermission

SYNOPSIS

Registers a new desired schema default permission access rule.

SYNTAX

__AllParameterSets

Register-FMSchemaDefaultPermission [-ClassName] <string> [-Identity] <string>
[-ActiveDirectoryRights] <string> [[-AccessControlType] <AccessControlType>]
[[-InheritanceType] <ActiveDirectorySecurityInheritance>] [[-ObjectType] <string>]
[[-InheritedObjectType] <string>] [[-Mode] <string>] [[-ContextName] <string>] [<CommonParameters>]

DESCRIPTION

Registers a new desired schema default permission access rule. These access rules are then used / applied when when creating a new object of the class affected.

These settings apply only to new objects created of the affected class, not already existing ones. Using this you could for example add a group to have full control over all newly created group policy objects.

EXAMPLES

EXAMPLE 1

Get-Content .\sdp.json | ConvertFrom-Json | Write-Output | Register-FMSchemaDefaultPermission

Loads all entries from the specified json file and registers them.

PARAMETERS

-AccessControlType

Allow or Deny? Defaults to: Allow

Type: System.Security.AccessControl.AccessControlType
DefaultValue: Allow
SupportsWildcards: false
Aliases: []
ParameterSets:
- Name: (All)
Position: 3
IsRequired: false
ValueFromPipeline: false
ValueFromPipelineByPropertyName: true
ValueFromRemainingArguments: false
DontShow: false
AcceptedValues: []
HelpMessage: ''

-ActiveDirectoryRights

The rights granted.

Type: System.String
DefaultValue: ''
SupportsWildcards: false
Aliases: []
ParameterSets:
- Name: (All)
Position: 2
IsRequired: true
ValueFromPipeline: false
ValueFromPipelineByPropertyName: true
ValueFromRemainingArguments: false
DontShow: false
AcceptedValues: []
HelpMessage: ''

-ClassName

The name of the object class in schema this applies to.

Type: System.String
DefaultValue: ''
SupportsWildcards: false
Aliases: []
ParameterSets:
- Name: (All)
Position: 0
IsRequired: true
ValueFromPipeline: false
ValueFromPipelineByPropertyName: true
ValueFromRemainingArguments: false
DontShow: false
AcceptedValues: []
HelpMessage: ''

-ContextName

The name of the context defining the setting. This allows determining the configuration set that provided this setting. Used by the ADMF, available to any other configuration management solution.

Type: System.String
DefaultValue: <Undefined>
SupportsWildcards: false
Aliases: []
ParameterSets:
- Name: (All)
Position: 8
IsRequired: false
ValueFromPipeline: false
ValueFromPipelineByPropertyName: true
ValueFromRemainingArguments: false
DontShow: false
AcceptedValues: []
HelpMessage: ''

-Identity

The principal to which the access rule applies. Supports limited string resolution.

Type: System.String
DefaultValue: ''
SupportsWildcards: false
Aliases: []
ParameterSets:
- Name: (All)
Position: 1
IsRequired: true
ValueFromPipeline: false
ValueFromPipelineByPropertyName: true
ValueFromRemainingArguments: false
DontShow: false
AcceptedValues: []
HelpMessage: ''

-InheritanceType

How is this privilege inherited by child objects?

Type: System.DirectoryServices.ActiveDirectorySecurityInheritance
DefaultValue: None
SupportsWildcards: false
Aliases: []
ParameterSets:
- Name: (All)
Position: 4
IsRequired: false
ValueFromPipeline: false
ValueFromPipelineByPropertyName: true
ValueFromRemainingArguments: false
DontShow: false
AcceptedValues: []
HelpMessage: ''

-InheritedObjectType

What object types does this permission apply to? Used for extended properties.

Type: System.String
DefaultValue: <All>
SupportsWildcards: false
Aliases: []
ParameterSets:
- Name: (All)
Position: 6
IsRequired: false
ValueFromPipeline: false
ValueFromPipelineByPropertyName: true
ValueFromRemainingArguments: false
DontShow: false
AcceptedValues: []
HelpMessage: ''

-Mode

How access rules are actually applied:

  • Additive: Only add new access rules, but do not touch existing ones
  • Defined: Add new access rules, remove access rules not defined in configuration that apply to a principal that has access rules defined.
  • Constrained: Add new access rules, remove all access rules not defined in configuration

All Modes of all settings for a given class are used when determining the effective Mode applied to that class. The most restrictive Mode applies.

Type: System.String
DefaultValue: ''
SupportsWildcards: false
Aliases: []
ParameterSets:
- Name: (All)
Position: 7
IsRequired: false
ValueFromPipeline: false
ValueFromPipelineByPropertyName: true
ValueFromRemainingArguments: false
DontShow: false
AcceptedValues: []
HelpMessage: ''

-ObjectType

What object types does this permission apply to?

Type: System.String
DefaultValue: <All>
SupportsWildcards: false
Aliases: []
ParameterSets:
- Name: (All)
Position: 5
IsRequired: false
ValueFromPipeline: false
ValueFromPipelineByPropertyName: true
ValueFromRemainingArguments: false
DontShow: false
AcceptedValues: []
HelpMessage: ''

CommonParameters

This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutBuffer, -OutVariable, -PipelineVariable, -ProgressAction, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.