I am trying to audit the permissions on a file server as a domain administrator and am getting an error for 'unauthorized operation' on some uses. When I use D:\Share\IT, I am able to get the command to run; when I use \Prod I cannot.
I am using the following in PowerShell:
Get-ChildItem D:\Share\Prod -Directory -Recurse | Get-Acl | Select-Object path,accesstostring,owner| Export-Csv C:\Temp\file.csv
I am receiving the following error:
Get-Acl : Attempted to perform an unauthorized operation.
At line:1 char:51
+ Get-ChildItem D:\Share\Prod -Directory -Recurse | Get-Acl |Select-Object ...
+ CategoryInfo : NotSpecified: (:) [Get-Acl], UnauthorizedAccessException
+ FullyQualifiedErrorId : System.UnauthorizedAccessException,Microsoft.PowerShell.Commands.GetAclCommand
I am logged in as a domain administrator, with PowerShell using Run As Administrator.
This is the case where permissions are given to only Installer or other account, not administrators.
Please find following code which works fine. Please note that I'm wrapping Get-ChildItem in it's own try catch. That's because System.DirUnauthorizedAcce
Open in new window
Edit: I've adjusted your idea to get Access data. Since string returned by native method is impossible to be easily cut I read this information from Access method. Because you're getting all data into CSV I'm putting row for each permission for each directory, so you can work on results as a working set :)
Please note that Path property has type in its name and you implicitly defined childintems as directories, therefore I found it unusable and decided to take FullName property of the outer object which is a directory, not an ACL.