Powershell limits

I'm trying to run a file system security audit on a W2k3 file server with a Powershell2.0 script, I've ran into a few problems:
1) I can't seem to log Folder permissions if my Domain Admin account doesn't have permission to the folder/file.
2) There appears to be a path limit of 260.
I'm using a script found here: http://jfrmilner.wordpress.com/2011/05/01/audit-ntfs-permissions-powershell-script/#comment-43

Is there a way to run a powershell script with "System" level or "Backup" level permissions to get by any directory access problem.
Is there a directory path limit in Powershell?
Thanks

Errors:
Get-ChildItem : The specified path, file name, or both are too long. The fully qualified file name must be less than 260 characters,
and the directory name must be less than 248 characters.
At C:\cmd\Get-PathPermissions.ps1:10 char:29
+ $containers = Get-ChildItem <<<< -path $Path -Recurse -Force | ? {$_.psIscontainer -eq $true}
+ CategoryInfo : ReadError: (F:\GroupData…ation work data:String) [Get-ChildItem], PathTooLongException
+ FullyQualifiedErrorId : DirIOError,Microsoft.PowerShell.Commands.GetChildItemCommand

Get-ChildItem : Access to the path 'F:\GroupData\Accounting\Cost Accounting Archives' is denied.
At C:\cmd\Get-PathPermissions.ps1:10 char:29
+ $containers = Get-ChildItem <<<< -path $Path -Recurse -Force | ? {$_.psIscontainer -eq $true}
+ CategoryInfo : PermissionDenied: (F:\GroupData…unting Archives:String) [Get-ChildItem], UnauthorizedAccessExcept
ion
+ FullyQualifiedErrorId : DirUnauthorizedAccessError,Microsoft.PowerShell.Commands.GetChildItemCommand
Starrett2005Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

David Johnson, CD, MVPOwnerCommented:
Maximum path 260
This is a known problem, not all windows api's support more than the system MAXPATH of 260
Work Arounds

Is there a way to run a powershell script with "System" level or "Backup" level permissions to get by any directory access problem.
Is there a directory path limit in Powershell?


you could try starting powershell with a runas with a user that is a member of the backup operators group
0
Starrett2005Author Commented:
MAXPATH:
I will try the \\?\ prefix and see if that works as described in: http://msdn.microsoft.com/en-us/library/windows/desktop/aa365247(v=vs.85).aspx

Script access to ACL on Directories/Files:
I already run the script as a Domain Admin (which has the Backup Privilege) and get the posted access errors. I remember that the utility RoboCopy has a switch to run with backup privilege when access is denied.  I'm trying to see if Powershell includes something similar.
0
David Johnson, CD, MVPOwnerCommented:
robocopy will then use VSS to copy the files
0
Newly released Acronis True Image 2019

In announcing the release of the 15th Anniversary Edition of Acronis True Image 2019, the company revealed that its artificial intelligence-based anti-ransomware technology – stopped more than 200,000 ransomware attacks on 150,000 customers last year.

Starrett2005Author Commented:
OK, that makes sense for Robocopy, but all backup software is somehow allowed to backup files even if the account scheduled to run the backup doesn't have access to the files interactively. Example: WindowsNT4.0 "ntbackup" app.  There must be some way for the Powershell script to gain this access to pull ACL's off of Folder/File objects.
0
Starrett2005Author Commented:
So far I haven't had any luck with the MAXPATH. Is there any other method to pull acl's from directories that have not been granted access to?
0
David Johnson, CD, MVPOwnerCommented:
no the security model won't allow this
0
Starrett2005Author Commented:
ve3ofa,

Is there a Microsoft post available that would state this.  I need this to present to management before they aprove changing permissions on everything to allow an Admin account access so we can query ACL's appropriately.
0
David Johnson, CD, MVPOwnerCommented:
If you can't access it via explorer then you can't access it via powershell, it is that simple NTFS file permissions. http://technet.microsoft.com/en-us/library/cc785144%28v=ws.10%29.aspx
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Starrett2005Author Commented:
Thanks
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Microsoft Legacy OS

From novice to tech pro — start learning today.