locked
Listing Folder and Sub-Folder Permissions RRS feed

  • Question

  • Hello,

    I have the following simple script:

    $path=Read-Host"D:\Program Files\Microsoft SQL Server\"

    Get-ChildItem$path-recurse|Get-Acl

    When I input the string and get the results, it does not necessary match the contents of the Permissions tab of the concerned folder. For instance. Here is the PS script result of a sql installation folder:

    If I right click on the \MSSQL folder and select Properties, select Security tab, I see the following users listed:

    CREATOR OWNER

    SYSTEM

    Administrators (machinename\Administrators)

    Users (machinename\Administrators)

    MSSQLSERVER

    Wondering why PS script result is not an EXACT match to the users/groups listed in the Properties of the concerned windows folder?

    Will appreciate your early response.

    Thanks.

    Victor


    Victor



    • Edited by vr123 Friday, March 16, 2018 11:16 PM
    Friday, March 16, 2018 11:10 PM

Answers

  • Time to stop guessing and bite the bullet.

    get-acl 'C:\Program Files\Microsoft SQL Server\' | #'
         select -expand access |
    select IdentityReference,FileSystemRights


    \_(ツ)_/


    • Edited by jrv Saturday, March 17, 2018 12:48 AM
    • Marked as answer by jrv Saturday, March 17, 2018 4:51 AM
    Saturday, March 17, 2018 12:48 AM

All replies

  • Try:

    Get-ChildItem $path | where-object {($_.PsIsContainer)} | Get-ACL | Format-List



    I offer advice as is, and you use that advice at your own risk.
    Dont forget to mark as Answered if you found this post helpful.

    Saturday, March 17, 2018 12:00 AM
  • Time to stop guessing and bite the bullet.

    get-acl 'C:\Program Files\Microsoft SQL Server\' | #'
         select -expand access |
    select IdentityReference,FileSystemRights


    \_(ツ)_/


    • Edited by jrv Saturday, March 17, 2018 12:48 AM
    • Marked as answer by jrv Saturday, March 17, 2018 4:51 AM
    Saturday, March 17, 2018 12:48 AM
  • actually the result is same. But the way PowerShell display the result is little different.

    It is showing all the users/group that have access to the folder in access parameter

    If you want to show the whole access list you have to expand the parameter "Access"  by using ExpandProperty. This is a way to display Multivalued Parameters in PowerShell.

    get-acl | select -ExpandProperty access


    • Edited by asharma5 Saturday, March 17, 2018 4:44 AM
    Saturday, March 17, 2018 4:43 AM
  • Iron Scripter Prequel 8 just talked about acl's (and setting them).  https://powershell.org/2018/03/11/iron-scripter-prequel-puzzle-8-a-commentary/

    Saturday, March 17, 2018 2:07 PM
  • Jrv,

    Perfect. Exactly what I wanted. Thanks!

    Victor


    Victor

    Saturday, March 17, 2018 9:37 PM
  • Jrv,

    One more question. On the below script, if I need to get acl listing of the sub-folders (only sub-folders and NOT files) as well how can I do that. I tried piping Get-ChildItem having some issues. Here is the original script below script:

    get-acl 'C:\Program Files\Microsoft SQL Server\' | #'
        
    select -expand access |
         select IdentityReference,FileSystemRights

    Will appreciate your quick help.

    Thanks.

    Victor


    Victor

    Friday, April 20, 2018 4:17 PM
  • You cannot use a comment "#" to block a line extender.  Remove it.

    Get-ChildItem 'C:\Program Files\Microsoft SQL Server\*' -Directory |
        Get-Acl |
        select -expand access |
        select IdentityReference,FileSystemRights


    \_(ツ)_/

    Friday, April 20, 2018 4:37 PM
  • Thanks. I came up with a different one (part of it taken from google search) which gives me the parsed list. Here is the code:

    Get-ChildItem-Directory-Recurse|%{Get-Acl$_.Fullname} |Select@{n="Path";e={$_.PSPath.Split(":",3)[2]}},Owner,@{n="Access";e={($_.Access |%{"$($_.IdentityReference)$($_.AccessControlType)$($_.FileSystemRights)"}) -join"`r`n"}} |Format-List|Out-Filed:\Logs\test.csv-Force

    Thanks for your help anyway!

    Victor


    Victor

    Saturday, April 21, 2018 11:03 PM
  • That does not create a CSV and will produce a very broken output.  You need to take the time to understand the methods posted here.  Start by learning how to use basic PowerShell.  As it is now you are just guessing about wha tto do and your guesses are wrong.


    \_(ツ)_/


    • Edited by jrv Saturday, April 21, 2018 11:44 PM
    Saturday, April 21, 2018 11:43 PM
  • Sorry, I should taken out .csv before I posted:-) Yes, I understand that there are no delimiters. Thanks.

    Victor


    Victor

    Sunday, April 22, 2018 2:38 AM