New‐SMBSecurityDescriptor - microsoft/SMBSecurity GitHub Wiki
Creates an SMBSecurityDescriptor object.
New-SMBSecurityDescriptor [-SecurityDescriptorName] <SMBSecurityDescriptor> [[-SDDLString] <String>]
[[-Owner] <Object>] [[-Group] <Object>] [[-DACL] <Object>] [<CommonParameters>]
Creates an SMBSecurityDescriptor object. This cmdlet can be used in advanced scripting scenarios. The recommendation is to use Get-SMBSecurity and modify the esisting SMB SecurityDescriptor rather than building the SMBSecurityDescriptor manually.
PS C:\> $DACLs = @()
PS C:\> $DACLSplat = @{
SecurityDescriptor = 'SrvsvcDefaultShareInfo'
Access = 'Allow'
Right = 'FullControl'
Account = "Administrators"
}
PS C:\> $DACL = New-SMBSecurityDACL @DACLSplat
PS C:\> $DACLSplat2 = @{
SecurityDescriptor = 'SrvsvcDefaultShareInfo'
Access = 'Allow'
Right = 'Read'
Account = "Authenticated Users"
}
PS C:\> $DACL2 = New-SMBSecurityDACL @DACLSplat2
PS C:\> $DACLs += $DACL
PS C:\> $DACLs += $DACL2
PS C:\> $account = "NT AUTHORITY\SYSTEM"
PS C:\> $Owner = New-SMBSecurityOwner -Account $account
PS C:\> $Group = New-SMBSecurityGroup -Account $account
PS C:\> $SD = New-SMBSecurityDescriptor -SecurityDescriptor "SrvsvcDefaultShareInfo" -Owner $Owner -Group $GroupPS -DACL $DACLsCreates a complete, new SMBSecurityDescriptor from scratch. This can be used to replace the existing SMB SD.
WARNING! This method should be used with extreme caution! Microsoft does not recommend using this method without significant testing and the understanding that this could cause unexpected results.
An array of one or more DACLs to add to the SMBSecurityDescriptor. The DACL must originate from Copy-SMBSecurityDACL or New-SMBSecurityDACL and the DACL's SecurityDescriptor property must match the SecurityDescriptor's Name, because each SMB SecurityDescriptor has a unique set of rights. Attempting to add a DACL with a mismatched SMBSecurityDescriptor will result in an error.
Type: Object
Parameter Sets: (All)
Aliases:
Required: False
Position: 4
Default value: None
Accept pipeline input: False
Accept wildcard characters: FalseThe primary group for the Security Descriptor. This should be 'NT AUTHORITY\SYSTEM'.
Type: Object
Parameter Sets: (All)
Aliases:
Required: False
Position: 3
Default value: None
Accept pipeline input: False
Accept wildcard characters: FalseThe owner of the Security Descriptor. This should be 'NT AUTHORITY\SYSTEM'.
Type: Object
Parameter Sets: (All)
Aliases:
Required: False
Position: 2
Default value: None
Accept pipeline input: False
Accept wildcard characters: FalseCreates the SMBSecurityDescriptor based on a compatible SDDL string.
Type: String
Parameter Sets: (All)
Aliases:
Required: False
Position: 1
Default value: None
Accept pipeline input: False
Accept wildcard characters: FalseThe name of the SMB SecurityDescriptor. The valid set of names are: SrvsvcConfigInfo, SrvsvcConnection, SrvsvcFile, SrvsvcServerDiskEnum, SrvsvcSessionInfo, SrvsvcShareAdminConnect, SrvsvcShareAdminInfo, SrvsvcShareChange, SrvsvcShareConnect, SrvsvcShareFileInfo, SrvsvcSharePrintInfo, SrvsvcStatisticsInfo, SrvsvcTransportEnum, and SrvsvcDefaultShareInfo.
Type: SMBSecurityDescriptor
Parameter Sets: (All)
Aliases:
Accepted values: SrvsvcConfigInfo, SrvsvcConnection, SrvsvcFile, SrvsvcServerDiskEnum, SrvsvcSessionInfo, SrvsvcShareAdminConnect, SrvsvcShareAdminInfo, SrvsvcShareChange, SrvsvcShareConnect, SrvsvcShareFileInfo, SrvsvcSharePrintInfo, SrvsvcStatisticsInfo, SrvsvcTransportEnum, SrvsvcDefaultShareInfo
Required: True
Position: 0
Default value: None
Accept pipeline input: False
Accept wildcard characters: FalseThis cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.