Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

cACL cannot be applied to hidden files/folders #89

Open
mkht opened this issue Sep 22, 2021 · 0 comments
Open

cACL cannot be applied to hidden files/folders #89

mkht opened this issue Sep 22, 2021 · 0 comments

Comments

@mkht
Copy link

mkht commented Sep 22, 2021

Description

Attempt to configure ACLs for hidden files/folders using the cACL resource. The resource will fail to configure with an error that the target item is not found.

The DSC configuration that is used to reproduce

Configuration ACLChange
{
    Import-DscResource -ModuleName GraniResource

    node Localhost
    {
        File CreateHiddenFile
        {
            Ensure            = "Present"
            DestinationPath   = "C:\host.txt"
            Type              = "file"
            Contents          = "hoge"
            Attributes        = "Hidden"
        }

        cACL FullCONTROL2HiddenFile
        {
            Ensure    = "Present"
            Path      = "C:\host.txt"
            Account   = "Users"
            Rights    = "FullControl"
            DependsOn = "[File]CreateHiddenFile"
        }
    }
}

ACLChange -Outputpath C:\dsc
Start-DscConfiguration -Path C:\dsc -Wait -Force -Verbose

Verbose logs

詳細: パラメーター ''methodName' = SendConfigurationApply,'className' = MSFT_DSCLocalConfigurationManager,'namespa
ceName' = root/Microsoft/Windows/DesiredStateConfiguration' を使用して操作 'CimMethod の呼び出し' を実行します。
詳細: コンピューター DESKTOP-VGGPFV5、ユーザー SID S-1-5-21-3120317167-2218312622-2814593748-500 から LCM メソッドが呼び出されました。
詳細: [DESKTOP-VGGPFV5]: LCM:  [ 開始     設定       ]
詳細: [DESKTOP-VGGPFV5]: LCM:  [ 開始     リソース     ]  [[File]CreateHiddenFile]
詳細: [DESKTOP-VGGPFV5]: LCM:  [ 開始     テスト      ]  [[File]CreateHiddenFile]
詳細: [DESKTOP-VGGPFV5]:                            [[File]CreateHiddenFile] 指定されたファイルが見つかりません。
詳細: [DESKTOP-VGGPFV5]:                            [[File]CreateHiddenFile] 関連するファイル/ディレクトリは C:\host.txt です
。
詳細: [DESKTOP-VGGPFV5]: LCM:  [ 終了     テスト      ]  [[File]CreateHiddenFile]  (0.0000 秒)。
詳細: [DESKTOP-VGGPFV5]: LCM:  [ 開始     設定       ]  [[File]CreateHiddenFile]
詳細: [DESKTOP-VGGPFV5]:                            [[File]CreateHiddenFile] 指定されたファイルが見つかりません。
詳細: [DESKTOP-VGGPFV5]:                            [[File]CreateHiddenFile] 関連するファイル/ディレクトリは C:\host.txt です
。
詳細: [DESKTOP-VGGPFV5]: LCM:  [ 終了     設定       ]  [[File]CreateHiddenFile]  (0.0000 秒)。
詳細: [DESKTOP-VGGPFV5]: LCM:  [ 終了     リソース     ]  [[File]CreateHiddenFile]
詳細: [DESKTOP-VGGPFV5]: LCM:  [ 開始     リソース     ]  [[cACL]FullCONTROL2HiddenFile]
詳細: [DESKTOP-VGGPFV5]: LCM:  [ 開始     テスト      ]  [[cACL]FullCONTROL2HiddenFile]
項目 C:\host.txt が見つかりませんでした。
    + CategoryInfo          : ObjectNotFound: (C:\host.txt:) [], CimException
    + FullyQualifiedErrorId : ItemNotFound,Microsoft.PowerShell.Commands.GetItemCommand
    + PSComputerName        : Localhost
 
null 値の式ではメソッドを呼び出せません。
    + CategoryInfo          : InvalidOperation: (:) []、CimException
    + FullyQualifiedErrorId : InvokeMethodOnNull
    + PSComputerName        : Localhost
 
null 値の式ではメソッドを呼び出せません。
    + CategoryInfo          : InvalidOperation: (:) []、CimException
    + FullyQualifiedErrorId : InvokeMethodOnNull
    + PSComputerName        : Localhost
 
詳細: [DESKTOP-VGGPFV5]:                            [[cACL]FullCONTROL2HiddenFile] Using non-strict name che
cking. It split AccountName with \''.
null 値の式ではメソッドを呼び出せません。
    + CategoryInfo          : InvalidOperation: (:) []、CimException
    + FullyQualifiedErrorId : InvokeMethodOnNull
    + PSComputerName        : Localhost
 
詳細: [DESKTOP-VGGPFV5]:                            [[cACL]FullCONTROL2HiddenFile] Current ACL result.
詳細: [DESKTOP-VGGPFV5]:                            [[cACL]FullCONTROL2HiddenFile] Desired ACL result.
詳細: [DESKTOP-VGGPFV5]:                            [[cACL]FullCONTROL2HiddenFile] 

FileSystemRights  : FullControl
AccessControlType : Allow
IdentityReference : Users
IsInherited       : False
InheritanceFlags  : None
PropagationFlags  : None
詳細: [DESKTOP-VGGPFV5]:                            [[cACL]FullCONTROL2HiddenFile] Result does not match as 
desired. Showing Desired v.s. Current Status.
null 値の式ではメソッドを呼び出せません。
    + CategoryInfo          : InvalidOperation: (:) []、CimException
    + FullyQualifiedErrorId : InvokeMethodOnNull
    + PSComputerName        : Localhost
 
null 値の式ではメソッドを呼び出せません。
    + CategoryInfo          : InvalidOperation: (:) []、CimException
    + FullyQualifiedErrorId : InvokeMethodOnNull
    + PSComputerName        : Localhost
 
詳細: [DESKTOP-VGGPFV5]:                            [[cACL]FullCONTROL2HiddenFile] DesiredFileSystemRights :
 FullControl
詳細: [DESKTOP-VGGPFV5]:                            [[cACL]FullCONTROL2HiddenFile] CurrentFileSystemRights :
詳細: [DESKTOP-VGGPFV5]:                            [[cACL]FullCONTROL2HiddenFile] StrictResult            :
 False
詳細: [DESKTOP-VGGPFV5]:                            [[cACL]FullCONTROL2HiddenFile] NoneStrictResult        :
 False
null 値の式ではメソッドを呼び出せません。
    + CategoryInfo          : InvalidOperation: (:) []、CimException
    + FullyQualifiedErrorId : InvokeMethodOnNull
    + PSComputerName        : Localhost
 
詳細: [DESKTOP-VGGPFV5]:                            [[cACL]FullCONTROL2HiddenFile] DesiredAccessControlType 
: Allow
詳細: [DESKTOP-VGGPFV5]:                            [[cACL]FullCONTROL2HiddenFile] CurrentAccessControlType 
:
詳細: [DESKTOP-VGGPFV5]:                            [[cACL]FullCONTROL2HiddenFile] StrictResult             
: False
詳細: [DESKTOP-VGGPFV5]:                            [[cACL]FullCONTROL2HiddenFile] NoneStrictResult         
: False
null 値の式ではメソッドを呼び出せません。
    + CategoryInfo          : InvalidOperation: (:) []、CimException
    + FullyQualifiedErrorId : InvokeMethodOnNull
    + PSComputerName        : Localhost
 
詳細: [DESKTOP-VGGPFV5]:                            [[cACL]FullCONTROL2HiddenFile] DesiredInherit   :
詳細: [DESKTOP-VGGPFV5]:                            [[cACL]FullCONTROL2HiddenFile] CurrentInherit   :
詳細: [DESKTOP-VGGPFV5]:                            [[cACL]FullCONTROL2HiddenFile] StrictResult     : False
詳細: [DESKTOP-VGGPFV5]:                            [[cACL]FullCONTROL2HiddenFile] NoneStrictResult : False
詳細: [DESKTOP-VGGPFV5]: LCM:  [ 終了     テスト      ]  [[cACL]FullCONTROL2HiddenFile]  (0.8280 秒)。
Test-TargetResource 機能の実行中に PowerShell DSC リソース [cACL]FullCONTROL2HiddenFile (SourceInfo '::16::9::cACL')
 が 1 つ以上の終了しないエラーをスローしました。これらのエラーは、Microsoft-Windows-DSC/Operational という名前の ETW チャネルに記録されます。詳細については、このチャネ
ルを参照してください。
    + CategoryInfo          : InvalidOperation: (:) []、CimException
    + FullyQualifiedErrorId : NonTerminatingErrorFromProvider
    + PSComputerName        : Localhost
 
詳細: [DESKTOP-VGGPFV5]: LCM:  [ 終了     設定       ]
SendConfigurationApply 関数が失敗しました。
    + CategoryInfo          : NotSpecified: (root/Microsoft/...gurationManager:String) [], CimException
    + FullyQualifiedErrorId : MI RESULT 1
    + PSComputerName        : Localhost
 
詳細: 操作 'CimMethod の呼び出し' が完了しました。
詳細: 構成ジョブが完了するまでにかかった時間は 2.406 秒です

Environments

PS C:\> Get-ComputerInfo
OsName               : Microsoft Windows 10 Education
OsOperatingSystemSKU : 121
OsArchitecture       : 64 ビット
WindowsVersion       : 2009
WindowsBuildLabEx    : 19041.1.amd64fre.vb_release.191206-1406
OsLanguage           : ja-JP
OsMuiLanguages       : {ja-JP}

PS C:\> $PSVersionTable
Name                           Value                                                                     
----                           -----                                                                     
PSVersion                      5.1.19041.1023                                                            
PSEdition                      Desktop                                                                   
PSCompatibleVersions           {1.0, 2.0, 3.0, 4.0...}                                                   
BuildVersion                   10.0.19041.1023                                                           
CLRVersion                     4.0.30319.42000                                                           
WSManStackVersion              3.0                                                                       
PSRemotingProtocolVersion      2.3                                                                       
SerializationVersion           1.1.0.1

Suggested solution

If you execute the Get-Item cmdlet without the -Force switch, that is not get the hidden files/folders. You can fix this issue by changing it to add the -Force parameter.

GraniResource/DSCResources/Grani_ACL/Grani_ACL.psm1

Lines 92 to 94 in 3ea0c8c

$desiredRule = GetDesiredRule -Path $Path -Account $Account -Rights $Rights -Access $Access -Inherit $Inherit -Recurse $Recurse
$currentACL = (Get-Item $Path).GetAccessControl("Access")
$currentRules = $currentACL.GetAccessRules($true, $true, [System.Security.Principal.NTAccount])

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@mkht