DSCResources/MSFT_UserRightsAssignment/en-US/about_UserRightsAssignment.help.txt
|
.NAME
UserRightsAssignment .DESCRIPTION This resource can be used to manage user rights assignment in local security policies. .PARAMETER Policy Key - String Allowed values: Create_a_token_object, Access_this_computer_from_the_network, Change_the_system_time, Deny_log_on_as_a_batch_job, Deny_log_on_through_Remote_Desktop_Services, Create_global_objects, Remove_computer_from_docking_station, Deny_access_to_this_computer_from_the_network, Act_as_part_of_the_operating_system, Modify_firmware_environment_values, Deny_log_on_locally, Access_Credential_Manager_as_a_trusted_caller, Restore_files_and_directories, Change_the_time_zone, Replace_a_process_level_token, Manage_auditing_and_security_log, Create_symbolic_links, Modify_an_object_label, Enable_computer_and_user_accounts_to_be_trusted_for_delegation, Generate_security_audits, Increase_a_process_working_set, Take_ownership_of_files_or_other_objects, Bypass_traverse_checking, Log_on_as_a_service, Shut_down_the_system, Lock_pages_in_memory, Impersonate_a_client_after_authentication, Profile_system_performance, Debug_programs, Profile_single_process, Allow_log_on_through_Remote_Desktop_Services, Allow_log_on_locally, Increase_scheduling_priority, Synchronize_directory_service_data, Add_workstations_to_domain, Adjust_memory_quotas_for_a_process, Obtain_an_impersonation_token_for_another_user_in_the_same_session, Perform_volume_maintenance_tasks, Load_and_unload_device_drivers, Force_shutdown_from_a_remote_system, Back_up_files_and_directories, Create_a_pagefile, Deny_log_on_as_a_service, Log_on_as_a_batch_job, Create_permanent_shared_objects The policy name of the user rights assignment to be configured. .PARAMETER Identity Required - String The identity of the user or group to be added or removed from the user rights assignment. .PARAMETER Force Write - Boolean Specifies whether to Force the change .PARAMETER Ensure Write - String Allowed values: Present, Absent Desired state of resource. .EXAMPLE 1 This configuration will manage a User Rights Assignment policy. The 'AssignShutdownPrivilegesToAdmins' resource will enforce the assignment to contain only the specified identity as the Force attribute is set to $true. The 'AccessComputerFromNetwork' resource will add the specified identities to the assignment without overwriting any pre-existing values, as the 'Force' parameter is not specified, and therefore defaults to $false. Configuration UserRightsAssignment_Basic_Config { Import-DscResource -ModuleName SecurityPolicyDsc Node localhost { # Assign shutdown privileges to only Builtin\Administrators UserRightsAssignment AssignShutdownPrivilegesToAdmins { Policy = "Shut_down_the_system" Identity = "Builtin\Administrators" Force = $true } UserRightsAssignment AccessComputerFromNetwork { Policy = "Access_this_computer_from_the_network" Identity = "contoso\TestUser1", "contoso\TestUser2" } } } .EXAMPLE 2 This configuration will manage a User Rights Assignment policy. When Identity is an empty string all identities will be removed from the policy. Configuration UserRightsAssignment_Remove_All_Identities_From_Policy_Config { Import-DscResource -ModuleName SecurityPolicyDsc Node localhost { UserRightsAssignment RemoveIdsFromSeTrustedCredManAccessPrivilege { Policy = "Access_Credential_Manager_as_a_trusted_caller" Identity = "" } } } |