param ( [Parameter(Position=0, Mandatory=$true)] [string] $user, [Parameter(ParameterSetName="Instance")] [string] $instance ) # If there's an error in a call such as $cfg.settings.Lock(), it is important that the script stops. # Continuing while another application is also potentially modifying settings may corrupt them. $ErrorActionPreference = "Stop" # The PowerShell instance executing this script needs to run elevated, as administrator, to access SSH Server settings. $cfg = new-object -com "Bitvise.BssCfg" if ($instance) { $cfg.SetInstance($instance) } # Settings must be locked while undergoing change to preserve their integrity. # If you lock settings and do not unlock them, no other process will be able to edit settings until the object is released. $cfg.settings.Lock() try { $cfg.settings.Load() # Find specified virtual account $acct = $cfg.settings.access.virtAccounts.FirstWhere1("virtAccount eq ?", $user) if (-not $acct) { Write-Error "A virtual account named $user could not be found in SSH Server settings." } else { $mountPoints = $acct.xfer.mountPoints # Clear any existing mount points. To add a mount point without removing previous mount points, remove this line: $mountPoints.Clear() # This example creates a new mount point. To modify an existing mount point, find it first. Example: # $mp = $mountPoints.FirstWhere1("sfsMountPath eq ?", "/") $mp = $mountPoints.new # New example mount point with non-default permissions. Permissions configured here are SSH Server permissions. # Windows filesystem permissions also apply independently, and in addition to, SSH Server permissions. # Windows filesystem permissions are configured outside of SSH Server settings, in the Windows filesystem. # For virtual accounts, effective Windows permissions are those which apply to the Windows account which provides # the security context for the virtual account logon session. By default, this is BvSsh_VirtualUsers. $mp.sfsMountPath = "/" $mp.realRootPath = "C:\SftpRoot\Subdir" $mp.listAccess = $true $mp.readExistAccess = $false $mp.writeExistAccess = $false $mp.deleteExistAccess = $false $mp.readWriteDeleteNewAccess = $true $mp.createDirAccess = $false $mp.createLinkAccess = $false # To create a new mount point, the new entry must be committed. To modify an existing mount point, remove this line: $mountPoints.NewCommit() # Save SSH Server settings. The 'finally' block unlocks them $cfg.settings.Save() Write-Host "Mount point '/' for SSH Server virtual account $user has been configured." } } finally { $cfg.settings.Unlock() }