June 3, 2016 at 2:33 am #41587
I am stuck with what I thought was going to be an easy task, I am trying to get a list of all NTFS permissions for shares. It started out pretty easy, I use $ACL = (Get-Acl -Path $Share).Access where $Share is a valid share on the computer. I can write-output $ACL and all looks great, no problem, however if I try to manipulate $ACL all I get back is
System.Security.AccessControl.FileSystemAccessRule over and over again.
I have tried all string manipulation tricks that I can think of, however the results are the same.
Question is, is there anyway to prevent this from happening and just get the proper data or is this not possible with PowerShell?
Thanks in advance
June 3, 2016 at 4:21 am #41594
$share = '\\myserver\share' $acl = (Get-acl -path $share).access $acl | select-object -property IdentityReference, FileSystemRights
Will give you a table like
NT AUTHORITY\System FullControl
Is this the sort of thing you're looking for, or something else? Obviously you can enumerate the list of shares and run them through a foreach to go through them all.
June 3, 2016 at 6:08 am #41609
Thanks for the help I appreciate it.
With your code I still get the same error, it seems that $acl is valid, but if you try and manipulate it in any way you get System.Security.AccessControl.FileSystemAccessRule returned
$Total="These are the ACLs " +$acl
$Total="These are the ACLs +$acl"
Both return the System.Security.AccessControl.FileSystemAccessRule
Also it seems that if I write it to a file, I get the same results.
I am using Windows 10 with PowerShell 5, is this perhaps a bug in PowerShell?
I found a module NTFSSecurity that has no issues doing this, however I would prefer to do this manually
June 3, 2016 at 9:31 am #41619
$acl is an object but not a fine formatted string!
and you try to 'manipulate' with object concatenating it with string to get a string object representation.
the first use some technique to get object properties and the second just doing
$acl.ToString()just like you 🙂
Try for example
'total ' + $acl.FileSystemRightsand you get what you expect – the string that contains concatenation of all FileSystemRights.
that happen because FileSystemAccessRule class doesn't have it own
.ToString()conversion method. it just inherited from object class
if you want to get total count of $acl records – use
if you want to get all involved security objects – use
if you want to get that representation which you seen on screen in string try
'total'+ ($acl | out-string)
and so on...
- This reply was modified 10 months, 4 weeks ago by Max Kozlov.
June 3, 2016 at 3:36 pm #41659
Thanks for help, you nailed it with that one. I don't know exactly why it I was having the issues, I will delve more into this weekend for sure. The main thing is that I am over this hurdle and continue on with this script
Many thanks to all
You must be logged in to reply to this topic.