Register-FMSchemaDefaultPermission
SYNOPSIS
Registers a new desired schema default permission access rule.
SYNTAX
__AllParameterSets
Register-FMSchemaDefaultPermission [-ClassName] <string> [-Identity] <string>
[-ActiveDirectoryRights] <string> [[-AccessControlType] <AccessControlType>]
[[-InheritanceType] <ActiveDirectorySecurityInheritance>] [[-ObjectType] <string>]
[[-InheritedObjectType] <string>] [[-Mode] <string>] [[-ContextName] <string>] [<CommonParameters>]
DESCRIPTION
Registers a new desired schema default permission access rule. These access rules are then used / applied when when creating a new object of the class affected.
These settings apply only to new objects created of the affected class, not already existing ones. Using this you could for example add a group to have full control over all newly created group policy objects.
EXAMPLES
EXAMPLE 1
Get-Content .\sdp.json | ConvertFrom-Json | Write-Output | Register-FMSchemaDefaultPermission
Loads all entries from the specified json file and registers them.
PARAMETERS
-AccessControlType
Allow or Deny? Defaults to: Allow
Type: System.Security.AccessControl.AccessControlType
DefaultValue: Allow
SupportsWildcards: false
Aliases: []
ParameterSets:
- Name: (All)
Position: 3
IsRequired: false
ValueFromPipeline: false
ValueFromPipelineByPropertyName: true
ValueFromRemainingArguments: false
DontShow: false
AcceptedValues: []
HelpMessage: ''
-ActiveDirectoryRights
The rights granted.
Type: System.String
DefaultValue: ''
SupportsWildcards: false
Aliases: []
ParameterSets:
- Name: (All)
Position: 2
IsRequired: true
ValueFromPipeline: false
ValueFromPipelineByPropertyName: true
ValueFromRemainingArguments: false
DontShow: false
AcceptedValues: []
HelpMessage: ''
-ClassName
The name of the object class in schema this applies to.
Type: System.String
DefaultValue: ''
SupportsWildcards: false
Aliases: []
ParameterSets:
- Name: (All)
Position: 0
IsRequired: true
ValueFromPipeline: false
ValueFromPipelineByPropertyName: true
ValueFromRemainingArguments: false
DontShow: false
AcceptedValues: []
HelpMessage: ''
-ContextName
The name of the context defining the setting. This allows determining the configuration set that provided this setting. Used by the ADMF, available to any other configuration management solution.
Type: System.String
DefaultValue: <Undefined>
SupportsWildcards: false
Aliases: []
ParameterSets:
- Name: (All)
Position: 8
IsRequired: false
ValueFromPipeline: false
ValueFromPipelineByPropertyName: true
ValueFromRemainingArguments: false
DontShow: false
AcceptedValues: []
HelpMessage: ''
-Identity
The principal to which the access rule applies. Supports limited string resolution.
Type: System.String
DefaultValue: ''
SupportsWildcards: false
Aliases: []
ParameterSets:
- Name: (All)
Position: 1
IsRequired: true
ValueFromPipeline: false
ValueFromPipelineByPropertyName: true
ValueFromRemainingArguments: false
DontShow: false
AcceptedValues: []
HelpMessage: ''
-InheritanceType
How is this privilege inherited by child objects?
Type: System.DirectoryServices.ActiveDirectorySecurityInheritance
DefaultValue: None
SupportsWildcards: false
Aliases: []
ParameterSets:
- Name: (All)
Position: 4
IsRequired: false
ValueFromPipeline: false
ValueFromPipelineByPropertyName: true
ValueFromRemainingArguments: false
DontShow: false
AcceptedValues: []
HelpMessage: ''
-InheritedObjectType
What object types does this permission apply to? Used for extended properties.
Type: System.String
DefaultValue: <All>
SupportsWildcards: false
Aliases: []
ParameterSets:
- Name: (All)
Position: 6
IsRequired: false
ValueFromPipeline: false
ValueFromPipelineByPropertyName: true
ValueFromRemainingArguments: false
DontShow: false
AcceptedValues: []
HelpMessage: ''
-Mode
How access rules are actually applied:
- Additive: Only add new access rules, but do not touch existing ones
- Defined: Add new access rules, remove access rules not defined in configuration that apply to a principal that has access rules defined.
- Constrained: Add new access rules, remove all access rules not defined in configuration
All Modes of all settings for a given class are used when determining the effective Mode applied to that class. The most restrictive Mode applies.
Type: System.String
DefaultValue: ''
SupportsWildcards: false
Aliases: []
ParameterSets:
- Name: (All)
Position: 7
IsRequired: false
ValueFromPipeline: false
ValueFromPipelineByPropertyName: true
ValueFromRemainingArguments: false
DontShow: false
AcceptedValues: []
HelpMessage: ''
-ObjectType
What object types does this permission apply to?
Type: System.String
DefaultValue: <All>
SupportsWildcards: false
Aliases: []
ParameterSets:
- Name: (All)
Position: 5
IsRequired: false
ValueFromPipeline: false
ValueFromPipelineByPropertyName: true
ValueFromRemainingArguments: false
DontShow: false
AcceptedValues: []
HelpMessage: ''
CommonParameters
This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutBuffer, -OutVariable, -PipelineVariable, -ProgressAction, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.