Help with Get-ACL

Welcome Forums General PowerShell Q&A Help with Get-ACL

This topic contains 4 replies, has 3 voices, and was last updated by

2 years, 10 months ago.

  • Author
  • #41587

    Points: -16
    Rank: Member

    Hi All

    I am stuck with what I thought was going to be an easy task, I am trying to get a list of all NTFS permissions for shares. It started out pretty easy, I use $ACL = (Get-Acl -Path $Share).Access where $Share is a valid share on the computer. I can write-output $ACL and all looks great, no problem, however if I try to manipulate $ACL all I get back is

    System.Security.AccessControl.FileSystemAccessRule over and over again.

    I have tried all string manipulation tricks that I can think of, however the results are the same.

    Question is, is there anyway to prevent this from happening and just get the proper data or is this not possible with PowerShell?

    Thanks in advance

  • #41594

    Points: 0
    Rank: Member

    Hi Tim,
    Something like

    $share = '\\myserver\share'
    $acl = (Get-acl -path $share).access
    $acl | select-object -property IdentityReference, FileSystemRights

    Will give you a table like
    IdentityReference FileSystemRights
    ————————– ————————-
    mydom\Administrator FullControl
    NT AUTHORITY\System FullControl

    Is this the sort of thing you're looking for, or something else? Obviously you can enumerate the list of shares and run them through a foreach to go through them all.


  • #41609

    Points: -16
    Rank: Member

    Hi Liam

    Thanks for the help I appreciate it.

    With your code I still get the same error, it seems that $acl is valid, but if you try and manipulate it in any way you get System.Security.AccessControl.FileSystemAccessRule returned

    $Total="These are the ACLs " +$acl
    $Total="These are the ACLs +$acl"

    Both return the System.Security.AccessControl.FileSystemAccessRule

    Also it seems that if I write it to a file, I get the same results.

    I am using Windows 10 with PowerShell 5, is this perhaps a bug in PowerShell?

    I found a module NTFSSecurity that has no issues doing this, however I would prefer to do this manually

    Thanks again

  • #41619

    Points: 0
    Rank: Member

    $acl is an object but not a fine formatted string!
    and you try to 'manipulate' with object concatenating it with string to get a string object representation.

    compare: write-output $acl and write-host $acl
    the first use some technique to get object properties and the second just doing $acl.ToString() just like you 🙂

    Try for example 'total ' + $acl.FileSystemRights and you get what you expect – the string that contains concatenation of all FileSystemRights.

    that happen because FileSystemAccessRule class doesn't have it own .ToString() conversion method. it just inherited from object class

    if you want to get total count of $acl records – use $acl.Count
    if you want to get all involved security objects – use $acl.IdentityReference.Value
    if you want to get that representation which you seen on screen in string try 'total'+ ($acl | out-string)

    and so on...

  • #41659

    Points: -16
    Rank: Member

    Hi Max

    Thanks for help, you nailed it with that one. I don't know exactly why it I was having the issues, I will delve more into this weekend for sure. The main thing is that I am over this hurdle and continue on with this script

    Many thanks to all


The topic ‘Help with Get-ACL’ is closed to new replies.

denizli escort samsun escort muğla escort ataşehir escort kuşadası escort