Block-SmbShareAccess

Adds a deny ACE for a trustee to the security descriptor of the SMB share.

Syntax

Block-SmbShareAccess
     [-Name] <String[]>
     [[-ScopeName] <String[]>]
     [-SmbInstance <SmbInstance>]
     [-AccountName <String[]>]
     [-Force]
     [-CimSession <CimSession[]>]
     [-ThrottleLimit <Int32>]
     [-AsJob]
     [-WhatIf]
     [-Confirm]
     [<CommonParameters>]
Block-SmbShareAccess
     -InputObject <CimInstance[]>
     [-AccountName <String[]>]
     [-Force]
     [-CimSession <CimSession[]>]
     [-ThrottleLimit <Int32>]
     [-AsJob]
     [-WhatIf]
     [-Confirm]
     [<CommonParameters>]

Description

The Block-SmbShareAccess cmdlet adds a deny access control entry (ACE) to the security descriptor of the Server Message Block (SMB) share.

Examples

Example 1: Add a deny ACS

PS C:\>Block-SmbShareAccess -Name VMFiles -AccountName Contoso\Guest
Confirm
Are you sure you want to perform this action? 
Performing operation 'Modify' on Target 'Contoso-SO,VMFiles'. 
[Y] Yes  [A] Yes to All  [N] No  [L] No to All  [S] Suspend  [?] Help (default is "Y"): Y

Name                    ScopeName               AccountName             AccessControlType       AccessRight 
----                    ---------               -----------             -----------------       ----------- 
VMFiles                 Contoso-SO              Contoso\Guest           Deny                    Full 
VMFiles                 Contoso-SO              Contoso\Administrator   Allow                   Full 
VMFiles                 Contoso-SO              Contoso\Contoso-HV1$    Allow                   Full 
VMFiles                 Contoso-SO              Contoso\Contoso-HV2$    Allow                   Full 
VMFiles                 Contoso-SO              Contoso\Domain Admins   Allow                   Change

This command adds a deny ACE for a trustee to the security descriptor of an SMB share named VMFiles.

Example 2: Add a deny ACS without confirmation

PS C:\>Block-SmbShareAccess -Name VMFiles -AccountName "Guest Users" -Force
Name                    ScopeName               AccountName             AccessControlType       AccessRight 
----                    ---------               -----------             -----------------       ----------- 
VMFiles                 Contoso-SO              Contoso\Guest           Deny                    Full 
VMFiles                 Contoso-SO              Contoso\Administrator   Allow                   Full 
VMFiles                 Contoso-SO              Contoso\Contoso-HV1$    Allow                   Full 
VMFiles                 Contoso-SO              Contoso\Contoso-HV2$    Allow                   Full 
VMFiles                 Contoso-SO              Contoso\Domain Admins   Allow                   Change

This command adds a deny ACE for a trustee to the security descriptor of an SMB share named VMFiles without confirmation from the user.

Parameters

-AccountName

Specifies the name of the account for the user who is being denied access to the share. Use a comma-separated list to deny share access to multiple accounts.

Type:String[]
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-AsJob

Runs the cmdlet as a background job. Use this parameter to run commands that take a long time to complete.

Type:SwitchParameter
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-CimSession

Runs the cmdlet in a remote session or on a remote computer. Enter a computer name or a session object, such as the output of a New-CimSession or Get-CimSession cmdlet. The default is the current session on the local computer.

Type:CimSession[]
Aliases:Session
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-Confirm

Prompts you for confirmation before running the cmdlet.

Type:SwitchParameter
Aliases:cf
Position:Named
Default value:False
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-Force

Forces the command to run without asking for user confirmation.

Type:SwitchParameter
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-InputObject

Specifies the input object that is used in a pipeline command.

Type:CimInstance[]
Position:Named
Default value:None
Required:True
Accept pipeline input:True
Accept wildcard characters:False

-Name

Specifies the name of the SMB share.

Type:String[]
Position:1
Default value:None
Required:True
Accept pipeline input:True
Accept wildcard characters:False

-ScopeName

Specifies the scope of the share specified by name.

Type:String[]
Position:2
Default value:None
Required:False
Accept pipeline input:True
Accept wildcard characters:False

-SmbInstance

Specifies the input to this cmdlet. You can use this parameter, or you can pipe the input to this cmdlet.

Type:SmbInstance
Accepted values:Default, CSV, SBL, SR
Position:Named
Default value:None
Required:False
Accept pipeline input:True
Accept wildcard characters:False

-ThrottleLimit

Specifies the maximum number of concurrent operations that can be established to run the cmdlet. If this parameter is omitted or a value of 0 is entered, then Windows PowerShell® calculates an optimum throttle limit for the cmdlet based on the number of CIM cmdlets that are running on the computer. The throttle limit applies only to the current cmdlet, not to the session or to the computer.

Type:Int32
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-WhatIf

Shows what would happen if the cmdlet runs. The cmdlet is not run.

Type:SwitchParameter
Aliases:wi
Position:Named
Default value:False
Required:False
Accept pipeline input:False
Accept wildcard characters:False

Inputs

None

Outputs

CimInstance

The Microsoft.Management.Infrastructure.CimInstance object is a wrapper class that displays Windows Management Instrumentation (WMI) objects. The path after the pound sign (#) provides the namespace and class name for the underlying WMI object. The MSFT_SmbShareAccessControlEntry object represents the new SMB share ACE.