Solved

Get ACL for File or Folder

Posted on 2013-12-13
2
753 Views
Last Modified: 2013-12-13
I want to be able to dump to a string the ACL information for a file or folder, however when I run the script and it gets to the following line:-
$fileACLAccess = (Get-ACL $_.FullName).Access

Open in new window

, I just get
System.Security.AccessControl.FileSystemAccessRule System.Security.AccessControl.FileSystemAccessRule System.Security.AccessControl.FileSystemAccessRule System.Security.AccessControl.FileSystemAccessRule

My compete code is:-
Function scanDirectory($strDirectory) {
    write-host "Snap shotting " $strDirectory
	dir $strDirectory | % { if ($_.PsIsContainer) { 
			echo "Directory Found - $_\" 
            $fileACLOwner = (Get-ACL $_.FullName).Owner
            $fileACLAccess = (Get-ACL $_.FullName).Access
            $fileACLGroup = (Get-ACL $_.FullName).Group
            
            write-host $fileACLOwner
            write-host $fileACLAccess
            write-host $fileACLGroup
            
			scanDirectory($strDirectory + "\" + $_) 
			} 
		else { 
                     $fileACLOwner = (Get-ACL $_.FullName).Owner
                     $fileACLAccess = (Get-ACL $_.FullName).Access
                     $fileACLGroup = (Get-ACL $_.FullName).Owner
			} 
		}
	}
    
scanDirectory("d:\")

Open in new window


Is it possible to get the variable to a string?

Thank you
0
Comment
Question by:tonelm54
2 Comments
 
LVL 40

Accepted Solution

by:
Subsun earned 500 total points
ID: 39716468
Access is a multivalued property.. Try to convert it to string and see if it works for you..
$fileACLAccess = (Get-ACL $_.FullName).Access | Out-String

Open in new window

0
 
LVL 18

Expert Comment

by:Raheman M. Abdul
ID: 39716477
Function scanDirectory($strDirectory) {
    write-host "Snap shotting " $strDirectory
      dir $strDirectory | % { if ($_.PsIsContainer) {
                  echo "Directory Found - $_\"
            $fileACLOwner = (Get-ACL $_.FullName).Owner
            $fileACLAccess = (Get-ACL $_.FullName).Access
            $fileACLGroup = (Get-ACL $_.FullName).Group
           
            $fileACLOwner
            $fileACLAccess
            $fileACLGroup
           
                  scanDirectory($strDirectory + "\" + $_)
                  }
            else {
                     $fileACLOwner = (Get-ACL $_.FullName).Owner
                     $fileACLAccess = (Get-ACL $_.FullName).Access
                     $fileACLGroup = (Get-ACL $_.FullName).Owner
                  }
            }
      }
   
scanDirectory("c:\temp")
0

Featured Post

Is Your AD Toolbox Looking More Like a Toybox?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This script checks a path to see if a folder exists. If the folder does exist you will get output "The folder has previously been created. No action taken" If not it will create the folder. Then adds one user modify permission to the folder. It …
"Migrate" an SMTP relay receive connector to a new server using info from an old server.
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question