salt.states.win_dacl

Windows Object Access Control Lists

Ensure an ACL is present

parameters:

name - the path of the object objectType - Registry/File/Directory user - user account or SID for the ace permission - permission for the ace (see module win_acl for available permissions for each objectType) acetype - Allow/Deny propagation - how the ACL should apply to child objects (see module win_acl for available propagation types)

addAcl:
  win_dacl.present:
    - name: HKEY_LOCAL_MACHINE\SOFTWARE\mykey
    - objectType: Registry
    - user: FakeUser
    - permission: FullControl
    - acetype: ALLOW
    - propagation: KEY&SUBKEYS

Ensure an ACL does not exist

parameters:

name - the path of the object objectType - Registry/File/Directory user - user account or SID for the ace permission - permission for the ace (see module win_acl for available permissions for each objectType) acetype - Allow/Deny propagation - how the ACL should apply to child objects (see module win_acl for available propagation types)

removeAcl:
  win_dacl.absent:
    - name: HKEY_LOCAL_MACHINE\SOFTWARE\mykey
    - objectType: Registry
    - user: FakeUser
    - permission: FulLControl
    - acetype: ALLOW
    - propagation: KEY&SUBKEYS

Ensure an object is inheriting permissions

parameters:

name - the path of the object objectType - Registry/File/Directory clear_existing_acl - True/False - when inheritance is enabled, should the existing ACL be kept or cleared out

eInherit:
  win_dacl.enableinheritance:
    - name: HKEY_LOCAL_MACHINE\SOFTWARE\mykey
    - objectType: Registry
    - clear_existing_acl: True

Ensure an object is not inheriting permissions

parameters:

name - the path of the object objectType - Registry/File/Directory copy_inherited_acl - True/False - if inheritance is enabled, should the inherited permissions be copied to the ACL when inheritance is disabled

dInherit:
  win_dacl.disableinheritance:
    - name: HKEY_LOCAL_MACHINE\SOFTWARE\mykey
    - objectType: Registry
    - copy_inherited_acl: False

salt.states.win_dacl.absent(name, objectType, user, permission, acetype, propagation)

Ensure an ACL does not exist

salt.states.win_dacl.disinherit(name, objectType, copy_inherited_acl=True)

Ensure an object is not inheriting ACLs from its parent

salt.states.win_dacl.inherit(name, objectType, clear_existing_acl=False)

Ensure an object is inheriting ACLs from its parent

salt.states.win_dacl.present(name, objectType, user, permission, acetype, propagation)

Ensure an ACE is present