• Sign in to Neowin Faster!

    Create an account on Neowin to contribute and support the site.

  • 0
Sign in to follow this  
Followers 0

[Powershell] NTFS Permissions

Asked by Got3n

Question

Got3n    39
Posted

So im looking to do a recursive search from the C: root and drill down and get all the NTFS permissions of said folders. get-childitem allows me to do this along with get-acl but the output isn't exactly what i want. I'm pretty new to Powershell so I know I dont know alot, can i get some help, here is what I have.

If I do this I get the data I want

get-childitem 'c:\Program Files' -recurse -exclude *.* | get-acl | fl

output 

Path   : Microsoft.PowerShell.Core\FileSystem::C:\Program Files\WinRAR
Owner  : BUILTIN\Administrators
Group  : ECHRISTUS\Domain Users
Access : NT SERVICE\TrustedInstaller Allow  FullControl
         NT SERVICE\TrustedInstaller Allow  268435456
         NT AUTHORITY\SYSTEM Allow  FullControl
         NT AUTHORITY\SYSTEM Allow  268435456
         BUILTIN\Administrators Allow  FullControl
         BUILTIN\Administrators Allow  268435456
         BUILTIN\Users Allow  ReadAndExecute, Synchronize
         BUILTIN\Users Allow  -1610612736
         CREATOR OWNER Allow  268435456

I want to only show Path, Owner, and Access. I show only certain data i get a different output.

Here is hte command i used to show only the data I want.

get-childitem 'c:\Program Files' -recurse -exclude *.* | get-acl | fl -property Path,Owner,Access

output

Path   : Microsoft.PowerShell.Core\FileSystem::C:\Program Files\Windows XP Mode\Tutorial\Images
Owner  : NT AUTHORITY\SYSTEM
Access : {System.Security.AccessControl.FileSystemAccessRule, System.Security.AccessControl.FileSystemAccessRule, System.Security.AccessControl.FileSystemAccessRule, System.Security.AccessControl.FileSystemAccessRule...}

As you can see the access no longer looks like it did in the one before.

Here is another one, this one i remove get-childitem and use just get acl to get the data I want.

INput

$acl = get-acl 'c:\Program Files'
$acl.access | select IdentityReference,FileSystemRights

Output

IdentityReference                                                                                                                                                                                                 FileSystemRights
-----------------                                                                                                                                                                                                 ----------------
CREATOR OWNER                                                                                                                                                                                                            268435456
NT AUTHORITY\SYSTEM                                                                                                                                                                                                      268435456
NT AUTHORITY\SYSTEM                                                                                                                                                                                            Modify, Synchronize
BUILTIN\Administrators                                                                                                                                                                                                   268435456
BUILTIN\Administrators                                                                                                                                                                                         Modify, Synchronize
BUILTIN\Users                                                                                                                                                                                                          -1610612736
BUILTIN\Users                                                                                                                                                                                          ReadAndExecute, Synchronize
NT SERVICE\TrustedInstaller                                                                                                                                                                                              268435456
NT SERVICE\TrustedInstaller                                                                                                                                                                                            FullControl

What I'm looking for is the output from $acl.access but with the ability to do a recursive search from a top folder, any of you powershell people out there care to give me a hand? Your help would be appreciated.

Share this post

Link to post
Share on other sites

1 answer to this question

Recommended Posts

  • 0
Got3n    39
Posted

NVM I seem to have figured it out on my own.

get-childitem c:\dirl -recurse -exclude *.* | get-acl | select-object path,IdentityReference,accesstostring | fl >c:\test.txt

Share this post

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  
Followers 0
Go To Question Listing

  • Recently Browsing   0 members

    No registered users viewing this page.