powershell:accessruleentfernen
Unterschiede
Hier werden die Unterschiede zwischen zwei Versionen angezeigt.
Letzte ÜberarbeitungBeide Seiten der Revision | |||
powershell:accessruleentfernen [2016/08/16 16:31] – angelegt ronny | powershell:accessruleentfernen [2016/08/18 12:06] – ronny | ||
---|---|---|---|
Zeile 1: | Zeile 1: | ||
====== ACL AccessRule entfernen ====== | ====== ACL AccessRule entfernen ====== | ||
+ | |||
+ | ===== 1. Entwurf - Die gewünschte Funktionalität ===== | ||
+ | |||
<code Powershell> | <code Powershell> | ||
Zeile 38: | Zeile 41: | ||
} | } | ||
</ | </ | ||
+ | |||
+ | ===== 2. Entwurf: Funktionalität ausgebaut + Verbose ===== | ||
+ | |||
+ | <code Powershell> | ||
+ | function Remove-ACLAccessRule | ||
+ | { | ||
+ | [CmdletBinding()] | ||
+ | param | ||
+ | ( | ||
+ | [Parameter(Mandatory=$true)][String]$ADGroup, | ||
+ | [Parameter(Mandatory=$true)][String]$AccessControlType, | ||
+ | [Parameter(Mandatory=$true)][String]$IdentityReference, | ||
+ | [Parameter(Mandatory=$true)][Int]$ActiveDirectoryRights, | ||
+ | [Parameter(Mandatory=$true)][String]$ObjectGuid, | ||
+ | [Parameter()][string]$DC = $null, | ||
+ | [Parameter()][string]$AdminAccount = $null, | ||
+ | [Parameter()][string]$Password = $null | ||
+ | ) | ||
+ | begin | ||
+ | { | ||
+ | Write-Verbose " | ||
+ | Import-Module ActiveDirectory -Verbose: | ||
+ | If ($DC -ne $null -and ` | ||
+ | $AdminAccount -ne $null -and ` | ||
+ | $Password -ne $null) | ||
+ | { | ||
+ | $PW = ConvertTo-Securestring $Password -AsPlainText -force | ||
+ | $Credential = New-Object System.Management.Automation.PSCredential($AdminAccount, | ||
+ | $Session = New-PSSession -ComputerName $DC -Credential $Credential | ||
+ | Write-Verbose " | ||
+ | $isRemote = $true | ||
+ | } else | ||
+ | { | ||
+ | $isRemote = $false | ||
+ | Write-Verbose " | ||
+ | } | ||
+ | } | ||
+ | process | ||
+ | { | ||
+ | Write-Verbose " | ||
+ | if ($isRemote) | ||
+ | { | ||
+ | $ADObject = Invoke-Command -Session $Session -Command {param ($a1) Get-ADGroup -Identity $a1} -ArgumentList $ADObject | ||
+ | } else | ||
+ | { | ||
+ | $ADObject = Get-ADGroup -Identity $ADGroup | ||
+ | } | ||
+ | $ADObjectName = $ADObject.SamAccountName | ||
+ | Write-Verbose "Zu prüfende Gruppe: $ADObjectName" | ||
+ | $LDAPPath = " | ||
+ | if ($isRemote) | ||
+ | { | ||
+ | $ACL = Invoke-Command -Session $Session -Commane {param ($a1) Get-Acl -Path $a1} -ArgumentList $LDAPPath | ||
+ | } else | ||
+ | { | ||
+ | $ACL = Get-Acl -Path $LDAPPath | ||
+ | } | ||
+ | Write-Verbose "ACL abgerufen" | ||
+ | $RuleToRemove = $null; | ||
+ | $RuleFound = $false; | ||
+ | foreach($Rule in $ACL.Access) | ||
+ | { | ||
+ | if ($Rule.AccessControlType.ToString() -eq $AccessControlType -and ` | ||
+ | $Rule.IdentityReference.ToString() -eq $IdentityReference -and ` | ||
+ | $Rule.ActiveDirectoryRights.value__ -eq $ActiveDirectoryRights -and ` | ||
+ | $Rule.ObjectType.ToString() -eq $ObjectGuid) ` | ||
+ | { | ||
+ | $RuleToRemove = $Rule | ||
+ | $RuleFound = $true; | ||
+ | Write-Verbose "Regel gefunden!" | ||
+ | } | ||
+ | } | ||
+ | if ($RuleFound) | ||
+ | { | ||
+ | $erg = $ACL.RemoveAccessRule($RuleToRemove) | ||
+ | if ($isRemote) | ||
+ | { | ||
+ | Invoke-Command -Session $Session -Command {param ($a1, $a2) Set-Acl -Path $a1 -AclObject $a2} -ArgumentList $LDAPPath, | ||
+ | } else | ||
+ | { | ||
+ | Set-Acl -Path $LDAPPath -AclObject $ACL | ||
+ | } | ||
+ | Write-Verbose "Regel entfernt: $erg" | ||
+ | } else | ||
+ | { | ||
+ | Write-Verbose "Regel nicht gefunden!" | ||
+ | } | ||
+ | } | ||
+ | end {} | ||
+ | } | ||
+ | </ | ||
+ | |||
{{tag> | {{tag> |
powershell/accessruleentfernen.txt · Zuletzt geändert: 2016/08/18 14:23 von ronny