garetjax67
commented
3 years ago I am seeing the same issue. I can present/Absent specific issues, but if I want to enforce my permissions to be exactly what I specify it does not appear to work.
Example: cNtfsPermissionEntry 'FileShare1User1' { Ensure = 'absent' DependsOn = "[File]Share1Folder" Principal = 'domain\user1' Path = 'D:\FileShare1' }
cNtfsPermissionEntry 'FileShare1read' { Ensure = 'Present' DependsOn = "[File]Share1Folder" Principal = 'domain\user3' Path = 'D:\FileShare1' AccessControlInformation = @( cNtfsAccessControlInformation { AccessControlType = 'Allow' FileSystemRights = 'Read' Inheritance = 'ThisFolderSubfoldersAndFiles' NoPropagateInherit = $false } ) }
Will remove user1 but if user2 exist . . . ignores and does not remove user2. Will remove user1 and leave or add user3.
Hi I was wondering is there is a way in this module to achieve this:
I want to set ACL's on specific folders for end-users programatically. Sometimes users are added, sometimes users are removed. Adding users works perfectly, but whenever I run my dsc script, I want to purge the acl's that are not managed by DSC. Is there a way to do that?
I know I can set acls to absent, but I don't want to ensure 1000 users are absent when I only want to ensure 3 are present.
It currently works fine with AD groups (ensuring specific people are in a group, and the setting a single acl for that group. However, this requires users to log out and back in again, which is a real pain. I want to switch to ACL's for end-users directly.