{"id":20156177,"url":"https://github.com/dsccommunity/cntfsaccesscontrol","last_synced_at":"2025-12-11T21:32:12.033Z","repository":{"id":57670342,"uuid":"43386513","full_name":"dsccommunity/cNtfsAccessControl","owner":"dsccommunity","description":"The cNtfsAccessControl DSC resource module.","archived":false,"fork":false,"pushed_at":"2022-09-15T12:11:07.000Z","size":99,"stargazers_count":33,"open_issues_count":10,"forks_count":10,"subscribers_count":8,"default_branch":"master","last_synced_at":"2025-03-21T21:05:14.087Z","etag":null,"topics":["dsc","dsc-resources","ntfs","powershell","powershell-dsc","powershell-modules"],"latest_commit_sha":null,"homepage":"","language":"PowerShell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/dsccommunity.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2015-09-29T18:33:18.000Z","updated_at":"2024-09-01T23:06:21.000Z","dependencies_parsed_at":"2022-09-26T20:40:59.811Z","dependency_job_id":null,"html_url":"https://github.com/dsccommunity/cNtfsAccessControl","commit_stats":null,"previous_names":["snikalaichyk/cntfsaccesscontrol"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dsccommunity%2FcNtfsAccessControl","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dsccommunity%2FcNtfsAccessControl/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dsccommunity%2FcNtfsAccessControl/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dsccommunity%2FcNtfsAccessControl/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/dsccommunity","download_url":"https://codeload.github.com/dsccommunity/cNtfsAccessControl/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248120086,"owners_count":21050889,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["dsc","dsc-resources","ntfs","powershell","powershell-dsc","powershell-modules"],"created_at":"2024-11-13T23:37:53.587Z","updated_at":"2025-12-11T21:32:11.988Z","avatar_url":"https://github.com/dsccommunity.png","language":"PowerShell","funding_links":[],"categories":[],"sub_categories":[],"readme":"[![Build status](https://ci.appveyor.com/api/projects/status/n85apemxexxbcut5/branch/master?svg=true)](https://ci.appveyor.com/project/SNikalaichyk/cNtfsAccessControl/branch/master)\n\n# cNtfsAccessControl\n\nThe **cNtfsAccessControl** module contains DSC resources for NTFS access control management.\n\nYou can also download this module from the [PowerShell Gallery](https://www.powershellgallery.com/packages/cNtfsAccessControl/).\n\n_This project is no longer actively maintained._\n\n## Resources\n\n### cNtfsPermissionEntry\n\nThe **cNtfsPermissionEntry** DSC resource provides a mechanism to manage NTFS permissions.\n\n* **Ensure**: Indicates if the principal has explicitly assigned NTFS permissions on the target path.\n Set this property to `Present` (the default value) to ensure they exactly match what is provided through the **AccessControlInformation** property.\n If the **AccessControlInformation** property is not specified, the default permission entry is used as the reference permission entry.\n If this property is set to `Absent` and the **AccessControlInformation** property is not specified, all explicit permissions associated with the specified principal are removed.\n* **Path**: Indicates the path to the target item.\n* **Principal**: Indicates the identity of the principal. Valid formats are:\n * [Down-Level Logon Name](https://msdn.microsoft.com/en-us/library/windows/desktop/aa380525%28v=vs.85%29.aspx#down_level_logon_name)\n * [Security Accounts Manager (SAM) Account Name (sAMAccountName)](https://msdn.microsoft.com/en-us/library/windows/desktop/ms679635%28v=vs.85%29.aspx)\n * [Security Identifier (SID)](https://msdn.microsoft.com/en-us/library/cc246018.aspx)\n * [User Principal Name (UPN)](https://msdn.microsoft.com/en-us/library/windows/desktop/aa380525%28v=vs.85%29.aspx#user_principal_name)\n* **AccessControlInformation**: Indicates the access control information in the form of an array of instances of the **cNtfsAccessControlInformation** CIM class. Its properties are as follows:\n * **AccessControlType**: Indicates whether to `Allow` or `Deny` access to the target item. The default value is `Allow`.\n * **FileSystemRights**: Indicates the access rights to be granted to the principal.\n Specify one or more values from the [System.Security.AccessControl.FileSystemRights](https://msdn.microsoft.com/en-us/library/system.security.accesscontrol.filesystemrights%28v=vs.110%29.aspx) enumeration type.\n Multiple values can be specified by using an array of strings or a single comma-separated string. The default value is `ReadAndExecute`.\n * **Inheritance**: Indicates the inheritance type of the permission entry. This property is only applicable to directories. Valid values are:\n * `None`\n * `ThisFolderOnly`\n * `ThisFolderSubfoldersAndFiles` (the default value)\n * `ThisFolderAndSubfolders`\n * `ThisFolderAndFiles`\n * `SubfoldersAndFilesOnly`\n * `SubfoldersOnly`\n * `FilesOnly`\n * **NoPropagateInherit**: Indicates whether the permission entry is not propagated to child objects. This property is only applicable to directories.\n Set this property to `$true` to ensure inheritance is limited only to those sub-objects that are immediately subordinate to the target item. The default value is `$false`.\n\n### cNtfsPermissionsInheritance\n\nThe **cNtfsPermissionsInheritance** DSC resource provides a mechanism to manage NTFS permissions inheritance.\n\n* **Path**: Indicates the path to the target item.\n* **Enabled**: Indicates whether NTFS permissions inheritance is enabled. Set this property to `$false` to ensure it is disabled. The default value is `$true`.\n* **PreserveInherited**: Indicates whether to preserve inherited permissions. Set this property to `$true` to convert inherited permissions into explicit permissions.\n The default value is `$false`. **Note:** This property is only valid when the **Enabled** property is set to `$false`.\n\n## Versions\n\n### 1.4.1 (February 6, 2019)\n\n* **cNtfsAuditRuleInformation**: Fixed an error when **NoPropagateInherit** is set to `$true` ([#14](https://github.com/SNikalaichyk/cNtfsAccessControl/pull/14)).\n\n### 1.4.0 (October 1, 2018)\n\n* Added new resources:\n * **cNtfsAuditEntry**\n * **cNtfsAuditInheritance**\n\nSpecial thanks to Scott Matthews ([@mrhockeymonkey](https://github.com/mrhockeymonkey))!\n\n### 1.3.1 (January 16, 2018)\n\n* Bug fixes.\n\n### 1.3.0 (May 04, 2016)\n\n* Changed the behavior of the **cNtfsPermissionEntry** DSC resource with the **Ensure** property set to `Absent`. Added an ability to remove specific permission entries.\n* General improvements.\n\n### 1.2.0 (February 19, 2016)\n\n* The **ItemType** property of the **cNtfsPermissionEntry** DSC resource was deprecated.\n* The **cNtfsPermissionsInheritance** DSC resource was added.\n* Unit and integration tests were added.\n* Bug fixes and general improvements.\n\n### 1.1.1 (October 15, 2015)\n\n* Minor update.\n\n### 1.1.0 (September 30, 2015)\n\n* The **PermissionEntry** property was renamed to **AccessControlInformation**.\n\n### 1.0.0 (September 29, 2015)\n\n* Initial release with the following DSC resources:\n * **cNtfsPermissionEntry**\n\n## Examples\n\n### Assign NTFS permissions\n\nThis example shows how to use the **cNtfsPermissionEntry** DSC resource to assign NTFS permissions.\n\n```powershell\n\nConfiguration Sample_cNtfsPermissionEntry\n{\n param\n (\n [Parameter(Mandatory = $false)]\n [ValidateNotNullOrEmpty()]\n [String]\n $Path = (Join-Path -Path ([System.IO.Path]::GetTempPath()) -ChildPath ([Guid]::NewGuid().Guid))\n )\n\n Import-DscResource -ModuleName cNtfsAccessControl\n Import-DscResource -ModuleName PSDesiredStateConfiguration\n\n File TestDirectory\n {\n Ensure = 'Present'\n DestinationPath = $Path\n Type = 'Directory'\n }\n\n # Ensure that a single permission entry is assigned to the local 'Users' group.\n cNtfsPermissionEntry PermissionSet1\n {\n Ensure = 'Present'\n Path = $Path\n Principal = 'BUILTIN\\Users'\n AccessControlInformation = @(\n cNtfsAccessControlInformation\n {\n AccessControlType = 'Allow'\n FileSystemRights = 'ReadAndExecute'\n Inheritance = 'ThisFolderSubfoldersAndFiles'\n NoPropagateInherit = $false\n }\n )\n DependsOn = '[File]TestDirectory'\n }\n\n # Ensure that multiple permission entries are assigned to the local 'Administrators' group.\n cNtfsPermissionEntry PermissionSet2\n {\n Ensure = 'Present'\n Path = $Path\n Principal = 'BUILTIN\\Administrators'\n AccessControlInformation = @(\n cNtfsAccessControlInformation\n {\n AccessControlType = 'Allow'\n FileSystemRights = 'Modify'\n Inheritance = 'ThisFolderOnly'\n NoPropagateInherit = $false\n }\n cNtfsAccessControlInformation\n {\n AccessControlType = 'Allow'\n FileSystemRights = 'ReadAndExecute'\n Inheritance = 'ThisFolderSubfoldersAndFiles'\n NoPropagateInherit = $false\n }\n cNtfsAccessControlInformation\n {\n AccessControlType = 'Allow'\n FileSystemRights = 'AppendData', 'CreateFiles'\n Inheritance = 'SubfoldersAndFilesOnly'\n NoPropagateInherit = $false\n }\n )\n DependsOn = '[File]TestDirectory'\n }\n\n # Ensure that all explicit permissions associated with the 'Authenticated Users' group are removed.\n cNtfsPermissionEntry PermissionSet3\n {\n Ensure = 'Absent'\n Path = $Path\n Principal = 'NT AUTHORITY\\Authenticated Users'\n DependsOn = '[File]TestDirectory'\n }\n}\n\n$OutputPath = Join-Path -Path ([System.IO.Path]::GetTempPath()) -ChildPath 'Sample_cNtfsPermissionEntry'\nSample_cNtfsPermissionEntry -OutputPath $OutputPath\nStart-DscConfiguration -Path $OutputPath -Force -Verbose -Wait\n\n```\n\n### Disable NTFS permissions inheritance\n\nThis example shows how to use the **cNtfsPermissionsInheritance** DSC resource to disable NTFS permissions inheritance.\n\n```powershell\n\nConfiguration Sample_cNtfsPermissionsInheritance\n{\n param\n (\n [Parameter(Mandatory = $false)]\n [ValidateNotNullOrEmpty()]\n [String]\n $Path = (Join-Path -Path ([System.IO.Path]::GetTempPath()) -ChildPath ([Guid]::NewGuid().Guid))\n )\n\n Import-DscResource -ModuleName cNtfsAccessControl\n Import-DscResource -ModuleName PSDesiredStateConfiguration\n\n File TestDirectory\n {\n Ensure = 'Present'\n DestinationPath = $Path\n Type = 'Directory'\n }\n\n # Disable NTFS permissions inheritance.\n cNtfsPermissionsInheritance DisableInheritance\n {\n Path = $Path\n Enabled = $false\n PreserveInherited = $true\n DependsOn = '[File]TestDirectory'\n }\n}\n\n$OutputPath = Join-Path -Path ([System.IO.Path]::GetTempPath()) -ChildPath 'Sample_cNtfsPermissionsInheritance'\nSample_cNtfsPermissionsInheritance -OutputPath $OutputPath\nStart-DscConfiguration -Path $OutputPath -Force -Verbose -Wait\n\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdsccommunity%2Fcntfsaccesscontrol","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fdsccommunity%2Fcntfsaccesscontrol","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdsccommunity%2Fcntfsaccesscontrol/lists"}