Bewerken

Delen via


Block-SmbClientAccessToServer

Blocks SMB client access to a specified server.

Syntax

Block-SmbClientAccessToServer
     [-Name] <String[]>
     -IdentifierType <IdentifierType>
     -Identifier <String>
     [-Description <String>]
     [-Force]
     [-CimSession <CimSession[]>]
     [-ThrottleLimit <Int32>]
     [-AsJob]
     [-WhatIf]
     [-Confirm]
     [<CommonParameters>]
Block-SmbClientAccessToServer
     -InputObject <CimInstance[]>
     -IdentifierType <IdentifierType>
     -Identifier <String>
     [-Description <String>]
     [-Force]
     [-CimSession <CimSession[]>]
     [-ThrottleLimit <Int32>]
     [-AsJob]
     [-WhatIf]
     [-Confirm]
     [<CommonParameters>]

Description

The Block-SmbClientAccessToServer cmdlet is used to prevent SMB clients from accessing a specified server when using SMB over QUIC client access control. When you run this cmdlet, all SMB client connections to the specified server will be terminated, and no new connections will be allowed until the block is lifted. To unblock access to the server, use the Unblock-SmbClientAccessToServer cmdlet.

Examples

Example 1: Block SMB client access to a server

$params = @{
    Name = "Server01"
    IdentifierType = "ISSUER"
    Identifier = "CN=MyCertificateIssuer"
    Force = $true
}
Block-SmbClientAccessToServer @params

This command blocks SMB client access to a server named Server01 for the based on the client's certificate. This command runs without prompting for confirmation as the Force parameter is set to $true.

Parameters

-AsJob

Runs the cmdlet as a background job. Use this parameter to run commands that take a long time to complete.

Type:SwitchParameter
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-CimSession

Runs the cmdlet in a remote session or on a remote computer. Enter a computer name or a session object, such as the output of a New-CimSession or Get-CimSession cmdlet. The default is the current session on the local computer.

Type:CimSession[]
Aliases:Session
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-Confirm

Prompts you for confirmation before running the cmdlet.

Type:SwitchParameter
Aliases:cf
Position:Named
Default value:False
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-Description

Used to provide a description of the rule being added to the server's firewall when you use the Block-SmbClientAccessToServer cmdlet. This can be useful if you need to keep track of why SMB client access to a server has been blocked, or if you need to provide additional information about the block for documentation purposes.

Type:String
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-Force

Forces the command to run without asking for user confirmation.

Type:SwitchParameter
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-Identifier

Specifies the identity of the client that is being granted access to the SMB server. This parameter takes a string value that represents the identity of the client. The format of the string value will depend on the IdentifierType parameter that you're using.

Type:String
Position:Named
Default value:None
Required:True
Accept pipeline input:False
Accept wildcard characters:False

-IdentifierType

Specifies the type of identifier that you're using to identify a client. The valid values for the IdentifierType parameter are:

  • SHA256
  • ISSUER

If you're using the SHA256 identifier type, you're specifying a hash value that uniquely identifies the client. If you're using the ISSUER identifier type, you're specifying the issuer of the client's certificate.

Type:IdentifierType
Accepted values:SHA256, ISSUER
Position:Named
Default value:None
Required:True
Accept pipeline input:False
Accept wildcard characters:False

-InputObject

Specifies the input object that's used in a pipeline command.

Type:CimInstance[]
Position:Named
Default value:None
Required:True
Accept pipeline input:True
Accept wildcard characters:False

-Name

Specifies a fully-qualified DNS name or NetBIOS name that must match the certificate's subject name or an entry in the certificate's subject alternative names.

Type:String[]
Position:1
Default value:None
Required:True
Accept pipeline input:True
Accept wildcard characters:False

-ThrottleLimit

Specifies the maximum number of concurrent operations that can be established to run the cmdlet. If this parameter is omitted or a value of 0 is entered, then Windows PowerShell calculates an optimum throttle limit for the cmdlet based on the number of CIM cmdlets that are running on the computer.

The throttle limit applies only to the current cmdlet, not to the session or to the computer.

Type:Int32
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-WhatIf

Shows what would happen if the cmdlet runs. The cmdlet isn't run.

Type:SwitchParameter
Aliases:wi
Position:Named
Default value:False
Required:False
Accept pipeline input:False
Accept wildcard characters:False

Inputs

String[]

CimInstance[]

Outputs

CimInstance[]