diff --git a/AccessControlDsc.psd1 b/AccessControlDsc.psd1 index b2cf997..c167890 100644 --- a/AccessControlDsc.psd1 +++ b/AccessControlDsc.psd1 @@ -4,7 +4,8 @@ @{ # Version number of this module. - ModuleVersion = '1.4.2' + + ModuleVersion = '1.4.3' # ID used to uniquely identify this module GUID = 'a544c26f-3f96-4c1e-8351-1604867aafc5' diff --git a/DscResources/AccessControlResourceHelper/AccessControlResourceHelper.psm1 b/DscResources/AccessControlResourceHelper/AccessControlResourceHelper.psm1 index c1bdec0..11bb21c 100644 --- a/DscResources/AccessControlResourceHelper/AccessControlResourceHelper.psm1 +++ b/DscResources/AccessControlResourceHelper/AccessControlResourceHelper.psm1 @@ -52,6 +52,15 @@ function Resolve-Identity if ($Identity -match '^S-\d-(\d+-){1,14}\d+$') { [System.Security.Principal.SecurityIdentifier]$Identity = $Identity + + # Support for capability sids + if ($Identity.Value.StartsWith('S-1-15-3-')) + { + return [PSCustomObject]@{ + Name = $Identity.Value + SID = $Identity.Value + } + } } else { diff --git a/DscResources/ActiveDirectoryAccessEntry/ActiveDirectoryAccessEntry.psm1 b/DscResources/ActiveDirectoryAccessEntry/ActiveDirectoryAccessEntry.psm1 index fd2dfba..cd26525 100644 --- a/DscResources/ActiveDirectoryAccessEntry/ActiveDirectoryAccessEntry.psm1 +++ b/DscResources/ActiveDirectoryAccessEntry/ActiveDirectoryAccessEntry.psm1 @@ -400,7 +400,7 @@ Function Compare-ActiveDirectoryAccessRule $_.InheritanceType -eq $referenceObject.InheritanceType -and $_.InheritedObjectType -eq $referenceObject.InheritedObjectType -and $_.ObjectType -eq $referenceObject.ObjectType -and - $_.IdentityReference -eq $referenceObject.IdentityReference + $_.IdentityReference.Value -eq $referenceObject.IdentityReference.Value }) if($match.Count -ge 1) { @@ -426,7 +426,7 @@ Function Compare-ActiveDirectoryAccessRule $_.InheritanceType -eq $referenceObject.InheritanceType -and $_.InheritedObjectType -eq $referenceObject.InheritedObjectType -and $_.ObjectType -eq $referenceObject.ObjectType -and - $_.IdentityReference -eq $referenceObject.IdentityReference + $_.IdentityReference.Value -eq $referenceObject.IdentityReference.Value }) if($match.Count -gt 0) { @@ -444,7 +444,7 @@ Function Compare-ActiveDirectoryAccessRule $_.InheritanceType -eq $referenceObject.InheritanceType -and $_.InheritedObjectType -eq $referenceObject.InheritedObjectType -and $_.ObjectType -eq $referenceObject.ObjectType -and - $_.IdentityReference -eq $referenceObject.IdentityReference + $_.IdentityReference.Value -eq $referenceObject.IdentityReference.Value }) if($match.Count -eq 0) { diff --git a/DscResources/ActiveDirectoryAuditRuleEntry/ActiveDirectoryAuditRuleEntry.psm1 b/DscResources/ActiveDirectoryAuditRuleEntry/ActiveDirectoryAuditRuleEntry.psm1 index 482ff85..c1eb50f 100644 --- a/DscResources/ActiveDirectoryAuditRuleEntry/ActiveDirectoryAuditRuleEntry.psm1 +++ b/DscResources/ActiveDirectoryAuditRuleEntry/ActiveDirectoryAuditRuleEntry.psm1 @@ -498,7 +498,7 @@ function Test-ActiveDirectoryAuditRuleMatch $_.ObjectType -eq $ReferenceRule.ObjectType -and $_.InheritanceType -eq $ReferenceRule.InheritanceType -and $_.InheritedObjectType -eq $ReferenceRule.InheritedObjectType -and - $_.IdentityReference -eq $ReferenceRule.IdentityReference + $_.IdentityReference.Value -eq $ReferenceRule.IdentityReference.Value }) } else @@ -512,7 +512,7 @@ function Test-ActiveDirectoryAuditRuleMatch $_.ObjectType -eq $ReferenceRule.ObjectType -and $_.InheritanceType -eq $ReferenceRule.InheritanceType -and $_.InheritedObjectType -eq $ReferenceRule.InheritedObjectType -and - $_.IdentityReference -eq $ReferenceRule.IdentityReference + $_.IdentityReference.Value -eq $ReferenceRule.IdentityReference.Value }) } } diff --git a/DscResources/FileSystemAuditRuleEntry/FileSystemAuditRuleEntry.psm1 b/DscResources/FileSystemAuditRuleEntry/FileSystemAuditRuleEntry.psm1 index f545779..857bb69 100644 --- a/DscResources/FileSystemAuditRuleEntry/FileSystemAuditRuleEntry.psm1 +++ b/DscResources/FileSystemAuditRuleEntry/FileSystemAuditRuleEntry.psm1 @@ -518,7 +518,7 @@ function Test-FileSystemAuditRuleMatch $_.AuditFlags -eq $ReferenceRule.AuditFlags -and $_.InheritanceFlags -eq $ReferenceRule.InheritanceFlags -and $_.PropagationFlags -eq $ReferenceRule.PropagationFlags -and - $_.IdentityReference -eq $ReferenceRule.IdentityReference + $_.IdentityReference.Value -eq $ReferenceRule.IdentityReference.Value }) } else @@ -536,8 +536,7 @@ function Test-FileSystemAuditRuleMatch (($_.PropagationFlags.value__ -eq 3 -and $ReferenceRule.PropagationFlags.value__ -in 1..3) -or ($_.PropagationFlags.value__ -in 1..3 -and $ReferenceRule.PropagationFlags.value__ -eq 0) -or ($_.PropagationFlags.value__ -eq $ReferenceRule.PropagationFlags.value__)) -and - - $_.IdentityReference -eq $ReferenceRule.IdentityReference + $_.IdentityReference.Value -eq $ReferenceRule.IdentityReference.Value }) } } diff --git a/DscResources/NTFSAccessEntry/NTFSAccessEntry.psm1 b/DscResources/NTFSAccessEntry/NTFSAccessEntry.psm1 index 1ab9ff7..bf5ead0 100644 --- a/DscResources/NTFSAccessEntry/NTFSAccessEntry.psm1 +++ b/DscResources/NTFSAccessEntry/NTFSAccessEntry.psm1 @@ -631,7 +631,7 @@ function Test-FileSystemAccessRuleMatch $_.InheritanceFlags -eq $ReferenceRule.InheritanceFlags -and $_.PropagationFlags -eq $ReferenceRule.PropagationFlags -and $_.AccessControlType -eq $ReferenceRule.AccessControlType -and - $_.IdentityReference -eq $ReferenceRule.IdentityReference + $_.IdentityReference.Value -eq $ReferenceRule.IdentityReference.Value }) } else @@ -646,7 +646,7 @@ function Test-FileSystemAccessRuleMatch ($_.PropagationFlags.value__ -in 1..3 -and $ReferenceRule.PropagationFlags.value__ -eq 0) -or ($_.PropagationFlags.value__ -eq $ReferenceRule.PropagationFlags.value__)) -and $_.AccessControlType -eq $ReferenceRule.AccessControlType -and - $_.IdentityReference -eq $ReferenceRule.IdentityReference + $_.IdentityReference.Value -eq $ReferenceRule.IdentityReference.Value }) } } diff --git a/DscResources/RegistryAccessEntry/RegistryAccessEntry.psm1 b/DscResources/RegistryAccessEntry/RegistryAccessEntry.psm1 index 0bb340f..543e5d0 100644 --- a/DscResources/RegistryAccessEntry/RegistryAccessEntry.psm1 +++ b/DscResources/RegistryAccessEntry/RegistryAccessEntry.psm1 @@ -382,7 +382,7 @@ Function Compare-RegistryRule $_.InheritanceFlags -eq $refrenceObject.InheritanceFlags -and $_.PropagationFlags -eq $refrenceObject.PropagationFlags -and $_.AccessControlType -eq $refrenceObject.AccessControlType -and - $_.IdentityReference -eq $refrenceObject.IdentityReference + $_.IdentityReference.Value -eq $refrenceObject.IdentityReference.Value }) if ($match.Count -ge 1) { @@ -407,7 +407,7 @@ Function Compare-RegistryRule $_.InheritanceFlags -eq $refrenceObject.InheritanceFlags -and $_.PropagationFlags -eq $refrenceObject.PropagationFlags -and $_.AccessControlType -eq $refrenceObject.AccessControlType -and - $_.IdentityReference -eq $refrenceObject.IdentityReference + $_.IdentityReference.Value -eq $refrenceObject.IdentityReference.Value }) if($match.Count -eq 0) { @@ -424,7 +424,7 @@ Function Compare-RegistryRule $_.InheritanceFlags -eq $refrenceObject.InheritanceFlags -and $_.PropagationFlags -eq $refrenceObject.PropagationFlags -and $_.AccessControlType -eq $refrenceObject.AccessControlType -and - $_.IdentityReference -eq $refrenceObject.IdentityReference + $_.IdentityReference.Value -eq $refrenceObject.IdentityReference.Value }) if ($match.Count -gt 0) {