Functions/Helper/ACL/Get-ValentiaACL.ps1
#Requires -Version 3.0 <# .SYNOPSIS Get ACL from selected source path. .DESCRIPTION You can get ACL information from selected source path. This is same logic as gACLResource. .NOTES Author: guitarrapc Created: 3/Sep/2014 .EXAMPLE Get-ValentiaACL -Path c:\Deployment -Account Users -------------------------------------------- Get ACL Information from c:\Deployment for user "Users", means no Computer/Domain user name checking. .EXAMPLE Get-ValentiaACL -Path c:\Deployment -Account contoso\John -------------------------------------------- Get ACL Information from c:\Deployment for user "contoso\John", means strict user name checking. .ExternalHelp "https://github.com/guitarrapc/DSCResources/tree/master/Custom/gACLResource" #> function Get-ValentiaACL { [CmdletBinding()] [OutputType([Hashtable])] param ( [Parameter(mandatory = $true, position = 0)] [ValidateNotNullOrEmpty()] [String]$Path, [Parameter(mandatory = $true, position = 1)] [ValidateNotNullOrEmpty()] [String]$Account, [Parameter(mandatory = $false, position = 2)] [ValidateNotNullOrEmpty()] [System.Security.AccessControl.FileSystemRights]$Rights = "ReadAndExecute", [Parameter(mandatory = $false, position = 3)] [ValidateSet("Present", "Absent")] [ValidateNotNullOrEmpty()] [String]$Ensure = "Present", [Parameter(mandatory = $false, position = 4)] [ValidateNotNullOrEmpty()] [ValidateSet("Allow", "Deny")] [System.Security.AccessControl.AccessControlType]$Access = "Allow", [Parameter(mandatory = $false, position = 5)] [Bool]$Inherit = $false, [Parameter(mandatory = $false, position = 6)] [Bool]$Recurse = $false, [Parameter(mandatory = $false, position = 7)] [Bool]$Strict = $false ) $desiredRule = GetDesiredRule -Path $Path -Account $Account -Rights $Rights -Access $Access -Inherit $Inherit -Recurse $Recurse $currentACL = (Get-Item $Path).GetAccessControl("Access") $currentRules = $currentACL.GetAccessRules($true, $true, [System.Security.Principal.NTAccount]) $match = IsDesiredRuleAndCurrentRuleSame -DesiredRule $desiredRule -CurrentRules $currentRules -Strict $Strict $presence = if ($true -eq $match) { "Present" } else { "Absent" } return @{ Ensure = $presence Path = $Path Account = $Account Rights = $Rights Access = $Access Inherit = $Inherit Recurse = $Recurse } } |