Skip to content

EXAMPLES.md

Latest commit

 

History

History
290 lines (225 loc) · 5.84 KB

EXAMPLES.md

File metadata and controls

290 lines (225 loc) · 5.84 KB

Examples and Usage Scenarios

Basic Operations

Lock a single file

acllock lock "C:\Documents\secret.docx"

Unlock with note

acllock unlock "C:\Documents\secret.docx" -Force

Check status

acllock status "C:\Documents"

Advanced Use Cases

Scenario 1: Project Freeze

Lock project folder during code freeze:

acllock lock "C:\Projects\WebApp" -Note "Code freeze for v2.0 release"

Scenario 2: Temporary Protection

Lock, do work, unlock:

# Lock
acllock lock "C:\Data\Processing"

# Do maintenance work
# ...

# Unlock when done
acllock unlock "C:\Data\Processing" -Force

Scenario 3: Batch Operations

Lock multiple directories:

$directories = Get-ChildItem "C:\Projects" -Directory

foreach ($dir in $directories) {
    if ($dir.Name -like "*Confidential*") {
        acllock lock $dir.FullName -Note "Confidential project" -Force
    }
}

Scenario 4: Dry Run Testing

Preview changes before applying:

acllock lock "C:\Important\Data" -DryRun

Scenario 5: JSON Integration

Integrate with other tools:

$status = acllock status "C:\Data" -Json | ConvertFrom-Json

if ($status.isLocked) {
    Write-Host "Data is secured"
} else {
    Write-Host "Warning: Data is accessible"
}

Scenario 6: Automated Security

Schedule periodic checks:

# check-locks.ps1
$criticalPaths = @(
    "C:\Credentials",
    "C:\Keys",
    "C:\Secrets"
)

foreach ($path in $criticalPaths) {
    $status = acllock status $path -Json | ConvertFrom-Json
    
    if (-not $status.isLocked) {
        # Alert or re-lock
        acllock lock $path -Force -Note "Auto-relock: $(Get-Date)"
        Send-MailMessage -To "admin@company.com" -Subject "Path unlocked" -Body "Path $path was found unlocked"
    }
}

Scenario 7: Pre-deployment Lock

Lock configuration before deployment:

# Before deployment
acllock backup "C:\AppConfig\production.json"
acllock lock "C:\AppConfig\production.json" -Note "Locked during deployment"

# Deploy application
.\deploy.ps1

# After deployment
acllock unlock "C:\AppConfig\production.json" -Force

Scenario 8: Incident Response

Quick lockdown during security incident:

# Lock all user data
Get-ChildItem "C:\Users" -Directory | ForEach-Object {
    acllock lock $_.FullName -Force -Note "Security incident lockdown"
}

Script Integration

Function wrapper

function Lock-SensitiveData {
    param(
        [string]$Path,
        [string]$Reason
    )
    
    Write-Host "Securing: $Path"
    acllock lock $Path -Note $Reason -Force
    
    # Log to your system
    Add-Content "C:\Logs\security.log" "$(Get-Date): Locked $Path - $Reason"
}

# Usage
Lock-SensitiveData -Path "C:\CustomerData" -Reason "End of business day"

Monitoring script

# monitor-locks.ps1
$watchPaths = @("C:\Critical1", "C:\Critical2")

while ($true) {
    foreach ($path in $watchPaths) {
        $status = acllock status $path -Json | ConvertFrom-Json
        
        if (-not $status.isLocked) {
            Write-Warning "ALERT: $path is not locked!"
            # Trigger alert
        }
    }
    
    Start-Sleep -Seconds 60
}

TUI Mode Examples

Interactive session

# Launch TUI
acllock tui

# Navigate with keyboard:
# 1 - Lock file
# 2 - Unlock file
# 3 - Lock folder
# 4 - Unlock folder
# 5 - Check status
# H - Help
# Q - Quit

Error Handling

Robust script

function Safe-Lock {
    param([string]$Path)
    
    try {
        # Check if exists
        if (-not (Test-Path $Path)) {
            throw "Path does not exist"
        }
        
        # Check current status
        $status = acllock status $Path -Json | ConvertFrom-Json
        
        if ($status.isLocked) {
            Write-Warning "Already locked: $Path"
            return $false
        }
        
        # Lock with backup
        acllock backup $Path
        acllock lock $Path -Force
        
        # Verify
        $newStatus = acllock status $Path -Json | ConvertFrom-Json
        
        if ($newStatus.isLocked) {
            Write-Host "✓ Locked successfully: $Path"
            return $true
        } else {
            Write-Error "Lock verification failed"
            return $false
        }
        
    } catch {
        Write-Error "Failed to lock: $($_.Exception.Message)"
        return $false
    }
}

Recovery Examples

Emergency unlock

# If normal unlock fails
takeown /f "C:\LockedPath" /r /d y
icacls "C:\LockedPath" /reset /t

# Or use acllock restore
acllock restore "C:\LockedPath" -Force

Bulk recovery

# Restore multiple paths
$paths = Get-ChildItem "C:\Projects" -Directory

foreach ($path in $paths) {
    $backupExists = Test-Path (Join-Path $path.Parent.FullName ".acllock\$($path.Name).acl.backup")
    
    if ($backupExists) {
        Write-Host "Restoring: $($path.FullName)"
        acllock restore $path.FullName -Force
    }
}

Best Practices Examples

Safe locking pattern

# 1. Test access
if (-not (Test-Path "C:\Data" -PathType Container)) {
    Write-Error "Path not found"
    exit 1
}

# 2. Dry run
acllock lock "C:\Data" -DryRun

# 3. Create manual backup
acllock backup "C:\Data"

# 4. Lock with note
acllock lock "C:\Data" -Note "Maintenance window: $(Get-Date)"

# 5. Verify
$status = acllock status "C:\Data" -Json | ConvertFrom-Json
if (-not $status.isLocked) {
    Write-Error "Lock verification failed"
}

Scheduled task integration

# Task: Lock at 6 PM, unlock at 8 AM
# lock-schedule.ps1

$hour = (Get-Date).Hour

if ($hour -eq 18) {
    # Evening lock
    acllock lock "C:\SharedData" -Force -Note "After hours lockdown"
} elseif ($hour -eq 8) {
    # Morning unlock
    acllock unlock "C:\SharedData" -Force
}