New-CMFileSystemAccessControlEntry
Create a file system access control entry.
Syntax
Default (Default)
New-CMFileSystemAccessControlEntry
[-AccessOption <AccessType>]
-GroupOrUserName <String>
[-Permission <FileSystemPermissions[]>]
[-DisableWildcardHandling]
[-ForceWildcardHandling]
[<CommonParameters>]
Description
Use this cmdlet to create an access control entry (ACE) for the file system. An access control entry defines specific permissions for a specific user or group. You can use this object with the New-CMRequirementRuleFilePermissionValue cmdlet to create a requirement rule on an application deployment type that verifies file permissions.
Note
Run Configuration Manager cmdlets from the Configuration Manager site drive, for example PS XYZ:\>. For more information, see getting started.
Examples
Example 1
This example first uses the Get-CMGlobalCondition cmdlet to get a custom global condition. Then it creates two access control entries for specific users. Next it uses the New-CMRequirementRuleFilePermissionValue to create the requirement rule object. Finally it passes that rule object to the Set-CMScriptDeploymentType cmdlet to add the requirement.
$myGC = Get-CMGlobalCondition -Name "LOB app data file"
$userName = "contoso\jqpublic"
$ce = New-CMFileSystemAccessControlEntry -GroupOrUserName $userName -AccessOption Allow -Permission Read,Write
$userName2 = "contoso\jdoe"
$ce2 = New-CMFileSystemAccessControlEntry -GroupOrUserName $userName2 -AccessOption Allow -Permission Read
$myRule = New-CMRequirementRuleFilePermissionValue -GlobalCondition $myGC -ControlEntry $ce,$ce2
Set-CMScriptDeploymentType -ApplicationName "Central app" -DeploymentTypeName "Install" -AddRequirement $myRule
Parameters
-AccessOption
Specify whether this ACE is to Allow or Deny access.
Parameter properties
| Type: | AccessType |
| Default value: | None |
| Accepted values: | Allow, Deny |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
(All)
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
-DisableWildcardHandling
This parameter treats wildcard characters as literal character values. You can't combine it with ForceWildcardHandling.
Parameter properties
| Type: | SwitchParameter |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
(All)
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
-ForceWildcardHandling
This parameter processes wildcard characters and may lead to unexpected behavior (not recommended). You can't combine it with DisableWildcardHandling.
Parameter properties
| Type: | SwitchParameter |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
(All)
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
-GroupOrUserName
Specify the group or user name for this ACE. Use standard "___domain\name" format. For example, contoso\jqpublic or "nwtraders\All IT Users".
Parameter properties
| Type: | String |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
(All)
| Position: | Named |
| Mandatory: | True |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
-Permission
Specify an array of one or more permissions for this ACE. Use the AccessOption parameter to specify whether these permissions Allow or Deny access.
Parameter properties
| Type: | FileSystemPermissions[] |
| Default value: | None |
| Accepted values: | ListFolderContentsOrReadData, CreateFilesOrWriteData, CreateFoldersOrAppendData, ReadExtendedAttributes, WriteExtendedAttributes, TraverseFolderOrExecuteFile, DeleteSubfoldersAndFiles, ReadAttributes, WriteAttributes, Write, Delete, ReadPermissions, Read, Execute, ChangePermissions, TakeOwnership, FullControl |
| Supports wildcards: | False |
| DontShow: | False |
| Aliases: | Permissions |
Parameter sets
(All)
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
CommonParameters
This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutBuffer, -OutVariable, -PipelineVariable, -ProgressAction, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.