PowerShell Script Files – Get-Acl
From a strategic point of view Get-Acl (Access Control List) is a stepping-stone to changing permissions with Set-Acl. When learning about Get-Acl select a file rather than a folder, those SID numbers can be so meaningless.
- Example 1: Get-Acl Owner Check
- Example 2: Get-Acl -Replace
- Example 3: Get-Acl -ExpandProperty
- Research Get-Acl Properties
♣
Example 1: Get-Acl Owner Check
I have chosen the Windows log files as vehicle to test Get-Acl.
# PowerShell Get-Acl Windows Log files
Clear-Host
$Files = "C:\Windows\*.log"
Get-Acl $Files | Format-Table -property PSPath, Owner
Learning Points
Note 1: The reason that I used the variable $Files is that I want to remind you to change the value for the path before running this script on your machine.
Research Get-Acl Properties
Format-Table is of great help with Get-Acl. I recommend researching the precise spelling of the various properties by appending Get-Member thus:
# PowerShell Get-Acl Properties
Clear-Host
$Files = "C:\Windows\*.log"
Get-Acl $Files | Get-Member -MemberType *Property
Note 2: -MemberType *Property filters out methods, and shows just the various properties. One conclusion, PSChildName may be better than PSPath.
Note 3: Actually, any file will do to check the properties supported by Get-Acl.
Recommended: Solarwinds’ Permissions Analyzer – Free Active Directory Tool
I like the Permissions Monitor because it enables me to see WHO has permissions to do WHAT at a glance. When you launch this tool it analyzes a users effective NTFS permissions for a specific file or folder, and takes into account network share access, then displays the results in a nifty desktop dashboard!
Think of all the frustration that this free SolarWinds utility saves when you are troubleshooting authorization problems for user’s access to a resource. Give this permissions monitor a try – it’s free!
Download SolarWinds’ Free Permissions Analyser – Active Directory Tool
Example 2: Get-Acl to Find a Particular Owner
The reasons that I chose -Match ‘Administrator’ is that every Windows operating system has Administrators, and I don’t know the names of your users.
# PowerShell Get-Acl Find Owner = Administrator
Clear-Host
$Files = "C:\Windows\*.log"
Get-Acl $Files | Where {$_.Owner -Match 'Administrator'} |
Format-Table -property PSChildName, Owner -auto
Note 4: I recommend that you change ‘Administrator’ to the name of a user on your computer. Furthermore, if you take my advice then you may wish to change the value of $Files to "C:\Windows\Users\"
Note 5: PowerShell syntax includes the ` backtick for word-wrap; however I try not use the backtick symbol `, instead I ended line 4 with the | pipe symbol. As a result of this formatting PowerShell realizes that the command continues on the next line.
Background Research
In addition to pure research on PowerShell's Get-Acl, I strongly recommend that open Windows Explorer and look at not only the location of the files, but also at the permissions.
If you right-click any file or folder, select properties and check the permissions. For further detail click Edit, see screenshot to the right.
Another useful technique is to use CACLS
Example 3: Get-Acl -ExpandProperty
The problem: We need a list of all the permissions on a user's folder, especially any domain\username and group names. The basic command in Example 3a does not produce the desired results.
# Get-Acl Example 3a
Get-Acl 'C:\Users\Fred'
The solution: -ExpandProperty
# Get-Acl Example 3b
Clear-Host
(Get-Acl 'C:\Users\Fred').Access `
| Select-Object -ExpandProperty IdentityReference
Value
———————————-
NT AUTHORITY\SYSTEM
BUILTIN\Administrators
Win7\Guy
Win7\Fred
S-1-5-21-1087032321-2353608717-1626597369-1013
Win7\HomeUsers
Guy Recommends: A Free Trial of the Network Performance Monitor (NPM) v11.5
SolarWinds’ Network Performance Monitor will help you discover what’s happening on your network. This utility will also guide you through troubleshooting; the dashboard will indicate whether the root cause is a broken link, faulty equipment or resource overload.
What I like best is the way NPM suggests solutions to network problems. Its also has the ability to monitor the health of individual VMware virtual machines. If you are interested in troubleshooting, and creating network maps, then I recommend that you try NPM now.
Download a free trial of Solarwinds’ Network Performance Monitor
Research Get-Acl Parameters
One reason for research properties is if you want to modify the results, for example you wish to pipe the output into Format-Table, but are unsure which properties to specify.
# PowerShell Get-Acl Parameters
Clear-Host
Get-Help Get-Acl -full
Checking the help file will reveal useful parameters, for instance the -audit switch maybe useful for your task. In addition to the file system you can also direct Get-Acl to list permissions on registry keys.
See Also a Review of Solarwinds Free Permissions Analyzer »
Researching Similar PowerShell Content Cmdlets
# PowerShell Content Cmdlet Research
Clear-Host
Get-Command -Noun Acl
This reveals the sister command Set-Acl. Incidentally, many of PowerShell’s Get verbs also have a ‘Set’ companion cmdlet.
Summary of PowerShell’s Get-Acl Cmdlet
Get-Acl is rather different from the mainstream PowerShell cmdlets. You can apply what you learn about ‘Get’ access control lists, changing permissions with Set-Acl.
If you like this page then please share it with your friends
See more PowerShell share examples including WMI
• PowerShell WMI • Create Win32_Share • WMI Shares • Free Permissions Analyzer Tool
• Get-Acl • PowerShell Share Error Codes • Win32_ComputerSystem • PowerShell 3.0 CIM
• Windows PowerShell • Free WMI Monitor • Cacls • Query • PowerShell Printer Scripts
Please email me if you have a example scripts. Also please report any factual mistakes, grammatical errors or broken links, I will be happy to correct the fault.