Recently someone ask me how to get folder permissions using PowerShell on a specified (remote) computer and path. I figure out that this can be done using the GUI, but I realize that this can be a lot of work. Windows stores the information related to File permissions for an object in Access Control Lists (ACLs). So I jumped into PowerShell to get this job done.
We will be using Get-ACL to retrieve the required information. If we want to find the permissions for the sub folders in C:\Windows, we using Get-ChildItem, so run the following command:
|
1 |
Get-ChildItem C:\Windows | Where-Object {($_.PsIsContainer)} | Get-ACL | Format-List |
If you want more Get-ACL properties, just run the following PowerShell command:
|
1 |
Get-Acl C:\Windows | Get-Member -MemberType *Property |
To get folder permissions for a remote computer or server we using the Get-Acl cmdlet. The Get-Acl cmdlet retrieves the security descriptor (Access Control List) for a file, folder, or registry key.
PowerShell function
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 |
Function Get-FolderPermissions { <# .SYNOPSIS Get Folder Permissions from a local or remote Computer. .DESCRIPTION Get Folder Permissions from a local or remote Computer. .PARAMETER Computer Identity of the local or remote Computer. .PARAMETER Path Path to the local or remote Computer. .EXAMPLE Get-FolderPermissions -Computer <Computername> -Path <Path> .NOTES Author: Lex van der Horst Version: 1.0 Date: 9-01-2019 #> [CmdletBinding()] param ( [Parameter(Position=0, Mandatory=$True, HelpMessage="Please provide a computer or server name.",ValueFromPipeline=$True)] $Computer, [Parameter(Position=1, Mandatory=$True, HelpMessage="Please provide a path.",ValueFromPipeline=$True)] $Path ) If (-NOT ([Security.Principal.WindowsPrincipal] [Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole(` [Security.Principal.WindowsBuiltInRole] "Administrator")) { Write-Warning "You do not have the required permission to execute this script. Start PowerShell with administrator privileges and run the script again." Break } $Array=@() If(!$Path) { Write-Warning "Aborting script." Write-Warning "Reason: You don't provide a (remote) path." } else { ForEach($PC in $Computer) { try { $ACL = Invoke-Command $PC -ErrorAction Stop -ScriptBlock { Param($Path)Get-ACL $Path | Select -ExpandProperty Access } -ArgumentList $Path } catch { $_.Exception.Message Continue } if($ACL) { $ACL | ForEach-Object { $Item = $_ Switch ($Item.FileSystemRights) { "2032127" { $Val = "FullControl" } "1179785" { $Val = "Read" } "1180063" { $Val = "Read, Write" } "1179817" { $Val = "ReadAndExecute" } "-1610612736" { $Val = "ReadAndExecuteExtended" } "1245631" { $Val = "ReadAndExecute, Modify, Write" } "1180095" { $Val = "ReadAndExecute, Write" } "268435456" { $Val = "FullControl (Sub Only)" } } $Object = New-Object PSObject -Property @{ Computername = $PC Path = $Path FileSystemRights = $Val Access = $Item.AccessControlType Identity = $Item.IdentityReference IsInherited = $Item.IsInherited PropagationFlags = $item.PropagationFlags } $Array += $Object } } } } if($Array) { Write-Host "`nFolder permissions for $Path" -ForegroundColor Yellow $Array | Select-Object Computername, Path, FileSystemRights, Identity, IsInherited, PropagationFlags | Format-Table -AutoSize } } |
Save the PowerShell function above to Get-FolderPermissions.psm1 and save it to: C:\Program Files\WindowsPowerShell\Modules\Get-FolderPermissions.
To get the folder permissions locally or remotely open PowerShell and just run the following command:
|
1 |
Get-FolderPermissions -Computer <computername> -Path <path> |
To output the results to a text file, just run the following command:
|
1 |
Get-FolderPermissions -Computer <computername> -Path <path> | Out-File C:\FolderPermissions.txt |
Output:
I really like to hear what you have to say about this article:
- Was this article helpful for you or do you have any questions?
- Do you have additions, suggestions or any other ideas?
- Just let me know by leaving a comment below.
Thank you for spending some time at my site and in my blog. I hope you come to visit again soon 😉
Be the first to comment