< Back
Add-AccessRule
Post
NAME Add-AccessRule
SYNOPSIS
Adds a file access rule to a file security descriptor.
SYNTAX
Add-AccessRule [-SD] <FileSecurity> [-UserAccount] <String> [-FileSystemRights] {ListDirectory | ReadData |
WriteData | CreateFiles | CreateDirectories | AppendData | ReadExtendedAttributes | WriteExtendedAttributes |
Traverse | ExecuteFile | DeleteSubdirectoriesAndFiles | ReadAttributes | WriteAttributes | Write | Delete |
ReadPermissions | Read | ReadAndExecute | Modify | ChangePermissions | TakeOwnership | Synchronize | FullControl}
[-AccessControlType] {Allow | Deny} [<CommonParameters>]
Add-AccessRule [-SD] <FileSecurity> -Rule <FileSystemAccessRule> [<CommonParameters>]
DESCRIPTION
Accepts a file access rule or constructs a new access rule from the provided parameters and appends it to an
existing file security descriptor. Leaves the original security descriptor intact and returns an updated copy.
PARAMETERS
-SD <FileSecurity>
An existing file security descriptor. Can be retrieved from certificates by accessing the Acl property.
Required? true
Position? 4
Default value
Accept pipeline input? true (ByValue)
Accept wildcard characters? false
-UserAccount <String>
A string identifying a user or group principal that will be controled by this access rule.
Required? true
Position? 1
Default value
Accept pipeline input? false
Accept wildcard characters? false
-FileSystemRights
The rights to be granted to the UserAccount by this access rule.
Required? true
Position? 2
Default value
Accept pipeline input? false
Accept wildcard characters? false
-AccessControlType
Whether this is an allow or deny access rule.
Required? true
Position? 3
Default value
Accept pipeline input? false
Accept wildcard characters? false
-Rule <FileSystemAccessRule>
A pre-created file system access rule.
Required? true
Position? named
Default value
Accept pipeline input? false
Accept wildcard characters? false
<CommonParameters>
This cmdlet supports the common parameters: Verbose, Debug,
ErrorAction, ErrorVariable, WarningAction, WarningVariable,
OutBuffer, PipelineVariable, and OutVariable. For more information, see
about_CommonParameters (https:/go.microsoft.com/fwlink/?LinkID=113216).
INPUTS
OUTPUTS
-------------------------- EXAMPLE 1 --------------------------
PS C:\\>$certificate.Acl = $certificate.Acl | Add-AccessRule "Administrator" FullControl Allow
Adds a rule granting the local administrator full control of the $certificate's private key.
-------------------------- EXAMPLE 2 --------------------------
PS C:\\>$sd = Add-AccessRule -UserAccount "Everyone" -FileSystemRights Read -AccessControlType Deny -SD $sd
Appends a rule to an existing security descriptor ($sd) that denys all users read access.
RELATED LINKS
SYNOPSIS
Adds a file access rule to a file security descriptor.
SYNTAX
Add-AccessRule [-SD] <FileSecurity> [-UserAccount] <String> [-FileSystemRights] {ListDirectory | ReadData |
WriteData | CreateFiles | CreateDirectories | AppendData | ReadExtendedAttributes | WriteExtendedAttributes |
Traverse | ExecuteFile | DeleteSubdirectoriesAndFiles | ReadAttributes | WriteAttributes | Write | Delete |
ReadPermissions | Read | ReadAndExecute | Modify | ChangePermissions | TakeOwnership | Synchronize | FullControl}
[-AccessControlType] {Allow | Deny} [<CommonParameters>]
Add-AccessRule [-SD] <FileSecurity> -Rule <FileSystemAccessRule> [<CommonParameters>]
DESCRIPTION
Accepts a file access rule or constructs a new access rule from the provided parameters and appends it to an
existing file security descriptor. Leaves the original security descriptor intact and returns an updated copy.
PARAMETERS
-SD <FileSecurity>
An existing file security descriptor. Can be retrieved from certificates by accessing the Acl property.
Required? true
Position? 4
Default value
Accept pipeline input? true (ByValue)
Accept wildcard characters? false
-UserAccount <String>
A string identifying a user or group principal that will be controled by this access rule.
Required? true
Position? 1
Default value
Accept pipeline input? false
Accept wildcard characters? false
-FileSystemRights
The rights to be granted to the UserAccount by this access rule.
Required? true
Position? 2
Default value
Accept pipeline input? false
Accept wildcard characters? false
-AccessControlType
Whether this is an allow or deny access rule.
Required? true
Position? 3
Default value
Accept pipeline input? false
Accept wildcard characters? false
-Rule <FileSystemAccessRule>
A pre-created file system access rule.
Required? true
Position? named
Default value
Accept pipeline input? false
Accept wildcard characters? false
<CommonParameters>
This cmdlet supports the common parameters: Verbose, Debug,
ErrorAction, ErrorVariable, WarningAction, WarningVariable,
OutBuffer, PipelineVariable, and OutVariable. For more information, see
about_CommonParameters (https:/go.microsoft.com/fwlink/?LinkID=113216).
INPUTS
OUTPUTS
-------------------------- EXAMPLE 1 --------------------------
PS C:\\>$certificate.Acl = $certificate.Acl | Add-AccessRule "Administrator" FullControl Allow
Adds a rule granting the local administrator full control of the $certificate's private key.
-------------------------- EXAMPLE 2 --------------------------
PS C:\\>$sd = Add-AccessRule -UserAccount "Everyone" -FileSystemRights Read -AccessControlType Deny -SD $sd
Appends a rule to an existing security descriptor ($sd) that denys all users read access.
RELATED LINKS