DSC Resource to configure ACL for NTFS.
| Name | FriendlyName | ModuleName |
|---|---|---|
| Grani_ACL | cACL | GraniResource |
See Test Project for the detail.
| Method | Result |
|---|---|
| Pester | not yet |
| Configuration | pass |
| Get-DSCConfiguration | pass |
| Test-DSCConfiguration | pass |
- Download content from raw.github.com
configuration ACLChange
{
Import-DscResource -ModuleName GraniResource
node Localhost
{
File CreateTargetFile
{
Ensure = "Present"
DestinationPath = "C:\host.txt"
Type = "file"
Contents = "hoge"
}
cACL FullCONTROL
{
Ensure = "Present"
Path = "C:\host.txt"
Account = "Users"
Rights = "FullControl"
}
}
}Strict User targeting
As there are two way of user specification in Windows.
- Domain/UserName | Domain/GroupName
- UserName | GroupName
In Domain Environment you need to target Domain Name for strict targeting AD User or Group.
configuration ACLChange
{
Import-DscResource -ModuleName GraniResource
node Localhost
{
File CreateTargetFile
{
Ensure = "Present"
DestinationPath = "C:\host.txt"
Type = "file"
Contents = "hoge"
}
cACL DomainFullCONTROL
{
Ensure = "Present"
Path = "C:\host.txt"
Account = "DomainName\UserName"
Rights = "FullControl"
}
}
}In WorkGroup Environment, there are BuiltIn User Account and custom User Account. You will find Strict should disable because Domain will be Computer Name. But you cannot identify what the computer name which configuration apply?
configuration ACLChange
{
Import-DscResource -ModuleName GraniResource
node Localhost
{
File CreateTargetFile
{
Ensure = "Present"
DestinationPath = "C:\host.txt"
Type = "file"
Contents = "hoge"
}
cACL everyoneFullCONTROL
{
Ensure = "Present"
Path = "C:\host.txt"
Account = "everyone"
Rights = "FullControl"
}
}
}