When Force and ForcePrincipal parameters are set to false and Inheritance/Propagation Flags are not equal to the currently defined ACE, the Test-TargetResource function will return $false for "InDesiredState". Because of this issue, the Set-TargetResource Function is run unnecessarily, as well as the configuration is never compliant/in desired state.
To Reproduce
On the target machine, modify an NTFS permission rule outside of the default setting and/or outside what the current configuration specifies. Furthermore, a principal can be defined via a configuration to have 1 set as the InheritanceFlags, but the actual ACE for the specific principal is 3, when this scenario occurs, the Test-TargetResource will return false and the Set runs. When the Set-TargetResource function runs, it sets the ACE to 1, however, since the principal already has 3, it has more than what is needed so nothing technically happens.
Create a Member Server configuration and apply it to a target machine.
When you run the configuration over and over again, note that it's never in the desired state, even though the Set-TargetResource function is executed.
Expected behavior
The Set-TargetResource should not run in this scenario since the specified rule is already applied via an ACE granting common Inheritance/Propagation Flags.
Describe the bug
When Force and ForcePrincipal parameters are set to false and Inheritance/Propagation Flags are not equal to the currently defined ACE, the Test-TargetResource function will return $false for "InDesiredState". Because of this issue, the Set-TargetResource Function is run unnecessarily, as well as the configuration is never compliant/in desired state.
To Reproduce
Expected behavior
The Set-TargetResource should not run in this scenario since the specified rule is already applied via an ACE granting common Inheritance/Propagation Flags.