how to list out ntfs permissions
Frank
I would like to write a script to list out ntfs permissions. I tried with:
(get-acl -path \\testserver\d$\testdir).accesstostring
I get:
BUILTIN\Administrators Allow FullControl
REDMOND\testuser Allow Write, ReadAndExecute, Synchronize
S-1-5-21-2146773085-903363285-719344707-241418 Allow ReadAndExecute,
Synchronize
BUILTIN\Administrators Allow FullControl
NT AUTHORITY\SYSTEM Allow FullControl
When I do this from the gui, the
"S-1-5-21-2146773085-903363285-719344707-241418 Allow ReadAndExecute"
resolves correctly but now from PS. Doe anyone know how I can get around
this?
Thanks in advance,
Marco Shaw [MVP]
http://www.comptechdoc.org/os/windows/win2k/win2kpermissions.html
A bit of an assumption here... Since Read and Write each come with the
synchronize permission, it would seem 'Read and Execute' would also have
synchronize (since Read is there).
Synchronize seems to be a hidden permission so PowerShell is actually
more accurate.
You could likely drop the Synchronize when applying the permissions
elsewhere.
Marco
--
Microsoft MVP - Windows PowerShell
http://www.microsoft.com/mvp
PowerGadgets MVP
http://www.powergadgets.com/mvp
Oisin Grehan
Hi Frank,
I presume you're talking about the SID not resolving to a domain
\username pair. Just for kicks, try explicitly resolving it in
Powershell:
PS> $sid = new-object security.principal.securityidentifier `
"S-1-5-21-2146773085-903363285-719344707-241418"
PS> $securityidentifier.translate( [security.principal.ntaccount] )
For more on this kind of thing, check out:
http://www.nivot.org/2007/08/20/ConvertingBetweenSIDsAndNTAccountsInPowerShell.aspx
Hope this helps,
- Oisin / x0n
p.s. security tip: try to keep your actual SIDs secret in future ;-)
Marco Shaw [MVP]
>> When I do this from the gui, the
>> "S-1-5-21-2146773085-903363285-719344707-241418 Allow ReadAndExecute"
>> resolves correctly but now from PS. Doe anyone know how I can get
>> around this?
>> Thanks in advance,
Oops! I read this too quickly. Oisin has the answer...
Marco