win_acl no longer needs SeSecurityPrivilege (#57804)

* win_acl no longer needs SeSecurityPrivilege
Set-ACL raises missing SeSecurityPrivilege error when the inheritance
from the parent directory is disabled.

* fixes test sanity

* registry rights can only be modified with Set-ACL

* add changelog
This commit is contained in:
P-Hessler 2019-11-13 00:54:57 +01:00 committed by Jordan Borean
parent e77426dad3
commit 95d613f3ab
2 changed files with 12 additions and 2 deletions

View file

@ -0,0 +1,2 @@
bugfixes:
- win_acl - Fixed error when setting rights on directory for which inheritance from parent directory has been disabled.

View file

@ -176,7 +176,11 @@ Try {
If ($state -eq "present" -And $match -eq $false) {
Try {
$objACL.AddAccessRule($objACE)
If ($path_item.PSProvider.Name -eq "Registry") {
Set-ACL -LiteralPath $path -AclObject $objACL
} else {
(Get-Item -LiteralPath $path).SetAccessControl($objACL)
}
$result.changed = $true
}
Catch {
@ -186,7 +190,11 @@ Try {
ElseIf ($state -eq "absent" -And $match -eq $true) {
Try {
$objACL.RemoveAccessRule($objACE)
If ($path_item.PSProvider.Name -eq "Registry") {
Set-ACL -LiteralPath $path -AclObject $objACL
} else {
(Get-Item -LiteralPath $path).SetAccessControl($objACL)
}
$result.changed = $true
}
Catch {