Grant-SmbClientAccessToServer

Allow access to a computer or set of computers for SMB over QUIC's client access control feature on an SMB Server.

Syntax

Grant-SmbClientAccessToServer
     [-Name] <String[]>
     -IdentifierType <IdentifierType>
     -Identifier <String>
     [-Description <String>]
     [-Force]
     [-CimSession <CimSession[]>]
     [-ThrottleLimit <Int32>]
     [-AsJob]
     [-WhatIf]
     [-Confirm]
     [<CommonParameters>]
Grant-SmbClientAccessToServer
     -InputObject <CimInstance[]>
     -IdentifierType <IdentifierType>
     -Identifier <String>
     [-Description <String>]
     [-Force]
     [-CimSession <CimSession[]>]
     [-ThrottleLimit <Int32>]
     [-AsJob]
     [-WhatIf]
     [-Confirm]
     [<CommonParameters>]

Description

The Grant-SmbClientAccessToServer cmdlet is used to allow SMB clients to access a specified server. When you run this cmdlet, it'll add a new rule to the server's firewall to allow incoming SMB traffic from the specified client IP address. If you need to revoke access to the server in the future, you can use the Revoke-SmbClientAccessToServer cmdlet.

Examples

Example 1: Grant SMB client access to a server

$params = @{
    Name = "Server01"
    IdentifierType = "ISSUER"
    Identifier = "CN=MyCertificateIssuer"
    Description = "Allow access from client for LabSvr"
    Force = $true
}
Grant-SmbClientAccessToServer @params

This example grants SMB client access to a server named Server01 based on the client's certificate. The Description parameter is used to provide a description of the rule being added to the server's firewall. This command runs without prompting for confirmation.

Parameters

-AsJob

Runs the cmdlet as a background job. Use this parameter to run commands that take a long time to complete.

Type:SwitchParameter
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-CimSession

Runs the cmdlet in a remote session or on a remote computer. Enter a computer name or a session object, such as the output of a New-CimSession or Get-CimSession cmdlet. The default is the current session on the local computer.

Type:CimSession[]
Aliases:Session
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-Confirm

Prompts you for confirmation before running the cmdlet.

Type:SwitchParameter
Aliases:cf
Position:Named
Default value:False
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-Description

Used to provide a description of the rule being added to the server's firewall when you use the Grant-SmbClientAccessToServer cmdlet. This can be useful if you need to keep track of which clients have been granted access to a server, or if you need to provide additional information about the rule for documentation purposes.

Type:String
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-Force

Forces the command to run without asking for user confirmation.

Type:SwitchParameter
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-Identifier

Specifies the identity of the client that is being granted access to the SMB server. This parameter takes a string value that represents the identity of the client. The format of the string value will depend on the IdentifierType parameter that you're using.

Type:String
Position:Named
Default value:None
Required:True
Accept pipeline input:False
Accept wildcard characters:False

-IdentifierType

Specifies the type of identifier that you're using to identify a client. The valid values for the IdentifierType parameter are:

  • SHA256
  • ISSUER

If you're using the SHA256 identifier type, you're specifying a hash value that uniquely identifies the client. If you're using the ISSUER identifier type, you're specifying the issuer of the client's certificate.

Type:IdentifierType
Accepted values:SHA256, ISSUER
Position:Named
Default value:None
Required:True
Accept pipeline input:False
Accept wildcard characters:False

-InputObject

Specifies the input object that's used in a pipeline command.

Type:CimInstance[]
Position:Named
Default value:None
Required:True
Accept pipeline input:True
Accept wildcard characters:False

-Name

Specifies a fully-qualified DNS name or NetBIOS name that must match the certificate's subject name or an entry in the certificate's subject alternative names.

Type:String
Position:1
Default value:None
Required:True
Accept pipeline input:True
Accept wildcard characters:False

-ThrottleLimit

Specifies the maximum number of concurrent operations that can be established to run the cmdlet. If this parameter is omitted or a value of 0 is entered, then Windows PowerShell calculates an optimum throttle limit for the cmdlet based on the number of CIM cmdlets that are running on the computer.

The throttle limit applies only to the current cmdlet, not to the session or to the computer.

Type:Int32
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-WhatIf

Shows what would happen if the cmdlet runs. The cmdlet isn't run.

Type:SwitchParameter
Aliases:wi
Position:Named
Default value:False
Required:False
Accept pipeline input:False
Accept wildcard characters:False

Inputs

String[]

CimInstance[]

Outputs

CimInstance[]