Set‐SmbSecurityDescriptorDACL - microsoft/SMBSecurity GitHub Wiki
Replaces the existing DACL in an SecurityDescriptor with a modified version of that DACL.
Set-SmbSecurityDescriptorDACL [-SecurityDescriptor] <PSObject> [-DACL] <SMBSecDaclAce>
[-NewDACL] <SMBSecDaclAce> [<CommonParameters>]
Replaces the existing DACL in an SecurityDescriptor with a modified version of that DACL. The NewDACL should be created using Copy-SMBSecurityDACL.
PS C:\> $SD = Get-SMBSecurity -SecurityDescriptorName SrvsvcSharePrintInfo
PS C:\> $DACL = $SD.DACL | Where-Object {$_.Account.Username -eq "DomianGroup"}
PS C:\> $NewDACL = Copy-SMBSecurityDACL $DACL
PS C:\> Set-SMBSecurityDACL -DACL $NewDACL -Access Deny
PS C:\> Set-SmbSecurityDescriptorDACL -SecurityDescriptor $SD -DACL $DACL -NewDACl $NewDACLCreates the SrvsvcSharePrintInfo SMBSecurityDescriptor and then copies the DACL using the DomainGroup account. The DACL is modified to Deny this group access to SrvsvcSharePrintInfo SD. The changes are updated to the SMB SD.
The existing DACL that is being replaced.
Type: SMBSecDaclAce
Parameter Sets: (All)
Aliases:
Required: True
Position: 1
Default value: None
Accept pipeline input: False
Accept wildcard characters: FalseThe DACL replacing the existing one in the SecurityDescriptor.
Type: SMBSecDaclAce
Parameter Sets: (All)
Aliases:
Required: True
Position: 2
Default value: None
Accept pipeline input: False
Accept wildcard characters: FalseThe SMBSecurityDescriptor object where the DACL is being replaced. The SMBSecurityDescriptor object must originate from Get-SMBSecurity.
Type: PSObject
Parameter Sets: (All)
Aliases:
Required: True
Position: 0
Default value: None
Accept pipeline input: False
Accept wildcard characters: FalseThis cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.